Tracking protection / tracking pixels
Many marketing emails include tiny images or invisible pixels that, when loaded, inform the sender that you opened the email (and possibly your IP, location, etc.). Also, a bad actor could use techniques like these to spy on you.
Private.Ki takes measures to protect against these:
Remote Image Blocking
By default, Private.Ki likely does not automatically load images or other external content in emails from unknown senders.
Instead, it shows a bar at top of the email saying “This message contains external images. [Load images] [Always load for this sender]”. If you do nothing, the images (including tracking pixels which are just small images) will remain unloaded, thus preventing tracking.
If you click “Load images”, we will fetch them via a proxy, to not give away your IP and location.
We also try to strip identifying query parameters - but this is not completely in our hands, it does not work every time.
Dynamic content and scripts
Emails sometimes have things like embedded scripts or forms. We do not execute any script in an email, that’s standard. If an email had a link that triggers something on hover (rare in email), we treat it as regular link.
Link tracking
Another kind of tracking is via unique URLs. We can’t really auto-protect that because if you click a unique URL, the sender knows. But as said earlier, we show you the link so you could decide not to click or use alternate approach.
No auto read receipts
Some emails also request a read receipt (the email client to send a receipt back). We either ignore those or ask you. We never send read receipts without your knowledge.
Your IP in outgoing
We ensure that when you send emails, we do not include your IP address or any other identifying information (besides your @private.ki email address and your display name) in the email headers.
In summary, tracking pixels and similar sneaky techniques are defeated by Private.Ki’s policy of not auto-loading external resources in emails. We put you in control: you decide if and when to load images, thereby deciding if you want to send that “open” signal. Most users will keep default (not load) which preserves privacy. If you do load, our proxies likely minimize data leak (maybe they still see it was loaded by a Private.Ki server, but not your IP or device).
Thus, you can read your emails without inadvertently “reporting” back to the sender. We’re trying to ensure that “what happens in your inbox stays in your inbox” until you choose otherwise.