Got an email from a bank saying my account has been put in a restricted state because they have been unable to reach me. Their emails reach me fine. They rarely send paper mail but when they do I can see that they have the correct address on file.

Then I looked closer at their email, examined the HTML, and found that they insert a tracker pixel in their messages. So if I were to use a graphical mail client with default configs, they would surreptitiously get a signal telling them my IP (thus whereabouts) and time of day every time I open my email from them. I use a text client so the tracker pixels get ignored.

Would a bank conclude from lack of tracker pixels signals that they are not reaching a customer, and then lock down their account?

I’m not going to call them and ask… fuck them for interrupting my day and making me dance. I don’t lick boots like that. I just wonder if anyone else who does not trigger tracker pixels has encountered this situation.

  • greyfox@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    4 hours ago

    It is very unlikely this has anything to do with tracking pixels. Even most graphical email clients don’t load pictures by default these days, and they probably have plenty of customers that just never check their email anyways so I doubt that would be enough to shutdown an account.

    This is more likely about them trying to confirm contact information to make sure your phone/physical/email address hasn’t changed, and since you haven’t confirmed that they are restricting your usage to prevent someone from stealing your account until they can confirm it is still you.

    I would say this isn’t them trying to make you dance, this is much more likely to be them trying to keep your account safe.

  • neatchee@lemmy.world
    link
    fedilink
    arrow-up
    28
    arrow-down
    1
    ·
    2 days ago

    There are so many ways these trackers can break and they are almost always anonymised as aggregate metadata anyway by the tracking service

    It is far more likely that they have been trying to call you or have expected some kind of response to the mail they are sending but have not received any contact from you in a long time

    • evenwicht@lemmy.sdf.orgOPM
      link
      fedilink
      arrow-up
      3
      arrow-down
      3
      ·
      2 days ago

      Can you explain why they would want to anonymise the tracker pixels? Doesn’t that defeat the purpose?

        • evenwicht@lemmy.sdf.orgOPM
          link
          fedilink
          arrow-up
          3
          arrow-down
          2
          ·
          edit-2
          2 days ago

          I did not think of the marketing angle – although even then, knowing the times that each individual opens their mail and their location has value for personalized marketing.

          We are talking about banks in the case at hand. It’s unclear how many people have not come to the realization that bankers are now doing the job of cops. KYC/AML. In this particular sector, anonymization is unlikely. Banks have no limits on their snooping. They have a blank check and no consequences for overcollection. No restraint. When they get breached, they just sign people up for credit monitoring and any overcollection has the immunity of KYC law.

          At best, perhaps a marketing division would choose some canned bulk mailing service which happens to give them low resolution on engagement. But even that’s a stretch because anyone in the marketing business also wants to market their own service as making the most of data collection.

          • neatchee@lemmy.world
            link
            fedilink
            arrow-up
            4
            ·
            edit-2
            1 day ago

            I work in the digital security sector and I’m not this paranoid.

            Banks are about making money, full stop. It does not serve their interests or the interests of their investors to proactively spy on customers for the state unless they are a state-controlled organization like you’d find in places like Russia and China. Will they respond to requests from law enforcement? For sure. They want to maintain good relationships for help with things like fraud and other financial crimes. But they are not in the business of doing the cops’ work for them for free.

            There are so many reasons why organizations conduct various forms of user research unrelated to marketing too.

            As another user mentioned, A/B testing a mail format is one example. Measuring click-through rates on various types of messages to track what works and what doesn’t is always valuable. There’s also value in getting browser/device statistics - how many people open emails on their mobile device vs web browser vs desktop email client, etc. And so on, and so on, and so on.

            Banks are about making money. User research helps companies make money by making data-informed decisions that drive profitability. It’s really that simple.

            And again, tracking pixels are extremely fragile. They really only work in aggregate over a large population for statistical analysis. They’re way too unreliable for much else. There are lots of better ways to achieve the same and better results if your goal is monitoring individuals

            I’m not trying to discourage you from protecting your privacy by blocking trackers. I do it myself in various ways because it is a good practice to protect your privacy, identity, etc.

            I’m just telling you that they didn’t freeze your bank account because of the tracking in emails.

          • coolkicks@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            2 days ago

            I’ve done quite a bit of work implementing abandoned property analytics and escheatment processes at multiple large finance firms, and marketing engagement isn’t part of the criteria.

            Banks want to keep your money at all costs, so even seeing that an email didn’t bounce back is enough of a sign of life to try to justify not escheating your assets to the state, which is part of the reason why marketing data isn’t part of the criteria.

      • conciselyverbose@sh.itjust.works
        link
        fedilink
        arrow-up
        4
        ·
        2 days ago

        I don’t think most do and for sure don’t trust them and block them.

        But they’re also used to judge campaigns. You take a random, small subset of your mailing list, and a/b test by sending half one email and half a different email. The tracking pixels give you a good approximation of which gets more people to read it, and you use that headline for the rest of the list. You can also do the same thing just to generally keep an eye on what types of messages work best, etc.

        But fuck them, I’m not giving up privacy I can protect.

  • BearOfaTime@lemm.ee
    link
    fedilink
    arrow-up
    9
    ·
    2 days ago

    I never even open emails from my credit union, the few I get.

    Change banks. Move to a credit union.

    I save $500/year in fees because I have multiple accounts and banks change for that.

    My credit union doesn’t care. Everything works the same, still have an app if I want, can do balance checks and transfers via text (and if I’m Sim-jacked, that’s disabled, I’ve tested it).

    If they see unusual transactions I’ll get a text and a phone call. I then call the number I have (not the one they give me) or login via the website (which uses 2 verification mechanisms).

  • panicnow@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    1 day ago

    Apple’s mail client messes with tracking pixels and has for a few years now, but I have never seen had an issue from that. But I only use a handful of financial institutions so it might not be representative.

    In Apple’s implementation, the tracking pixels are all fetched at the server level so every tracking pixels fires as soon as the email hits the server regardless of whether I ever open the email. This is a different take on breaking the tracking than what you are doing, so it might result in a different outcome.

  • protist@mander.xyz
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    7
    ·
    edit-2
    2 days ago

    If there’s actually a problem with your account, and you ignore it, the only thing you’re accomplishing is putting any money you have in that account at risk. Why are you so bothered by your bank sending you an email using extremely common informatics technology, especially after you already planned for this and literally aren’t sending them any of the data you’re concerned about? Try calling them

    • evenwicht@lemmy.sdf.orgOPM
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      edit-2
      1 day ago

      Yeah I’ll have to deal with it at some point one way or another. I’m sure I will close the account at the first opportunity but it’s impossible to find a non-shitty bank or CU. It’s not something I can do at the drop of a hat. It seems not a single bank or CU targets the market of consumers who have some self-respect and a bit of street wisdom.

      Why are you so bothered by your bank sending you an email using extremely common informatics technology,

      I don’t give a shit how popular tracker pixels are. It doesn’t justify them being in my comms, so I have a duty to not trigger them and I’m happy to treat pushers of these trackers as adversaries and threat actors. They are being dishonest and sneaky. The honest thing to do is to follow the RFC on return receipts, which is transparent and gives the customer appropriate control over their own disclosures.

      especially after you already planned for this and literally aren’t sending them any of the data you’re concerned about?

      I use a text mail client for other reasons but incidentally it’s good for avoiding tracker pixels. Actually I have to check on something… I not 100% that spamassassin does not trigger tracker pixels. SA has some vulns, like the DNS leak vuln. But if SA does not trigger the tracker pixels, then indeed I’m secure enough.

    • evenwicht@lemmy.sdf.orgOPM
      link
      fedilink
      arrow-up
      3
      ·
      2 days ago

      No that’s not it. My address is unique to the bank, full headers & path match up with other mail from them, and the means to reach them back correct (yes I examine every character for imposters using od -c).