Tracking Pixel

Public

Tracking pixels have been around for a long time and I've tended to avoid them. It is a common alternative to attaching javascript to a page for analytics.

One has to remember that, no matter what, when you visit any website the server keeps a log of visitors by IP address and the server panel allows to see the visits. Some options are to have an app within the website to easily view the server stats, but it is more common to use other analytics software. Not surprisingly, Google Analytics is the biggest player and with their 'notorious' gathering of information they can give you more information about your visitors than you really ought to have access to, such as their age and gender, clearly gathered by Google through other exposures - possibly even Gmail accounts and Facebook.

An open source alternative is Matomo Analytics where you gather the stats and keep them on your own server. Even it offers both javascript and pixels (as an option, if you choose to implement it) for analytics where visitors might not have javascript enabled. As an aside, you might remember when Netscape and the WWW appeared on the scene the first rule of safety was to never enable javascript. Look at us now, javascript is almost ubiquitous and many front ends are written exclusively in javascript, off loading the processing to the visitors browser and allowing for rogue behaviour since the door is open.

Regardless, the bottom line is any server can see you are visiting and it is a question of trust as to what they will do with the data. Obviously the more data they have the more they can connect dots, like Google.

Users can use VPN's to switch up their IP addresses to help obscure their visits. Also stats often show more, such as: device info, OS including version, resolution (that's why some recommendations are to not use browsers in full screen mode if you want to enhance anonymity). But, there is no possibility of no trace. Obfuscation is your only choice and that's where the Tor browser comes in.

Also, you may be aware that Austria has decided to make it illegal for websites in that country to use Google Analytics, see https://matomo.org/blog/2022/01/google-analytics-gdpr-violation/

As for email, I'm not reading email through a browser (using IMAP) and prefer to download and read offline with an email client (using POP) and it is configured to not display remote content which helps to give some protection.

Having Apple, Windows & Android devices in the family, I looked for some more Apple specific information.

I found this (link below) which is quite readable; but Apple has since introduced Mail Privacy Protection which I copied & pasted below & seems to obfuscate the IP address. NB Apple's Hide Mail in the recent OPTIONAL iOS update also allows creating subsidiary email addresses(using random characters to avoid recognition) for website sign ups that can then be diverted to junk folder if you get spammed OR simply delete that subsidiary email

https://www.theverge.com/22288190/email-pixel-trackers-how-to-stop-images-automatic-download 

Copy & paste of the help on a MAC:-

Mail Privacy Protection

Emails you receive may include remote content that allows the email’s sender to learn information about you. When you open an email, information about your Mail activity can be collected by the sender without transparency and an ability to control what information is shared. Email senders may learn when and how many times you opened their email, whether you forwarded the email, your Internet Protocol (IP) address, and other data that can be used to build a profile of your behavior and learn your location.

Protect Mail Activity helps protect your privacy by preventing email senders, including Apple, from learning information about your Mail activity. When you receive an email in the Mail app, rather than downloading remote content when you open an email, Protect Mail Activity downloads remote content in the background by default — regardless of whether you engage with the email. Apple does not learn any information about the content.

In addition, Protect Mail Activity routes all remote content downloaded by Mail through two separate relays operated by different entities. The first knows your IP address, but not the remote Mail content you receive. The second knows the remote Mail content you receive, but not your IP address, instead providing a generalized identity to the destination. This way, no single entity has the information to identify both you and the remote Mail content you receive. Senders can’t use your IP address as a unique identifier to connect your activity across websites or apps to build a profile about you.

You can disable Protect Mail Activity at any time in iOS and iPadOS by going to Settings > Mail > Privacy Protection, then tapping to turn off Protect Mail Activity. On Mac, go to Mail > Preferences > Privacy, then deselect Protect Mail Activity.

If you choose to disable Protect Mail Activity, the Hide IP Address feature will still mask your IP address using the same two-separate-internet-relays design. You can disable Hide IP Address at any time in iOS and iPadOS by going to Settings > Mail > Privacy Protection, then tapping to turn off Hide IP Address. On Mac, go to Mail > Preferences > Privacy, then deselect Hide IP Address.

By using these features, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information as described above.

At all times, information collected by Apple will be treated in accordance with Apple’s Privacy Policy, which can be found at www.apple.com/privacy.