Tommy Mysk and Talal Haj Bakry describe themselves as “two iOS developers and occasional security researchers on two continents.”

In other words, although cybersecurity isn’t their core business, they’re doing what we wish all programmers would do: not taking application or operating system security features for granted, but keeping their own eyes on how those features work in real life, in order to avoid tripping over other people’s mistakes and assumptions.

We’ve written about their findings before, such as when they presented a well-made argument that persuaded TikTok to embrace HTTPS for everything, and now we’re writing about what you might call a nano-article…

…a security finding that Tommy Mysk compressed elegantly into a single tweet:

This is an interesting reminder of how difficult it can be to ensure that general-purpose security features really do work as intended across the board, or at least that they work as any reasonable user might infer.

Tracking your email usage

To explain.

Apple’s iOS 15 introduced a neat anti-tracking feature for your email, dubbed Mail Privacy Protection:

The idea is quite neat and simple: to shield you from annoying marketing tricks such as tracking pixels, you can ask Apple to fetch your remote email content first, and then relay it to to you indirectly, thus using Apple as a proxy for images and links in your messages.

This acts as a sort of pseudo-VPN (virtual private network) that shows up at the other end of the connection as “some server at Apple came calling”, rather than “a specific user on home network X paid us a visit”, thus providing you with a modest privacy boost.

In an ideal world

In an ideal world, this wouldn’t be necessary, because everyone who sent you emails would package images such as logos into the message itself, or just send messages in plain text, without any images at all.

But many marketing departments like to link to uniquely-named images in each individual email in a campaign, often using images that don’t actually serve any visual purpose (e.g. that are 1×1 pixel in size), as well as using uniquely identifiable clickable links in messages.

This means that when your email client fetches the image, or if you visit any links in it, the web server at the other end can create a log entry that records your IP number against the unique URL used, thus tracking you, possibly quite accurately, by the time and the place that you read the email.

Of course, marketing deparments generally don’t host those images and tracking links themselves – they typically rely on a third-party tracking and analytics company, and that’s where the tracking database ends up.

As minor and as inoffensive as this sort of tracking data might sound, considered one email at a time, it all adds up over time, especially if several different online services happen to use the same analytics company, which then gets a chance to track you across multiple services and websites if it wants to.

As a result, modern browsers and email clients generally offer built-in anti-tracking features to help limit the precision of online tracking and therefore to improve your privacy somewhat.

These features reduce the casual but considerable collection of this sort of information as you browse or read your emails.