Apple Starts Gathering Your Personal Data in the Name of “Privacy”
By Tom Kulzer June 15, 2021
I fear that many users will check the Apple “privacy” box and think that no one can see what they are doing online. They couldn’t be more wrong.
Last week, Apple unveiled new Mail app privacy features for the upcoming iOS 15 and MacOS Monterey releases expected in September.
Having been in the email world for 23 years, I see these changes as both good and bad. Apple’s public discussion around web privacy is good, and I applaud their efforts as an extensive user of Apple products both personally and professionally.
On the surface, the privacy angle looks great to most people. However, this move further erodes privacy on the web and puts your data squarely in the hands of a very small number of large companies like Apple, Google, and Facebook.
I’m not saying this as CEO of an email company, but as an end user of the web who is also very privacy conscious (More on this below).
Apple’s release indicates they are making these changes:
In the Mail app, Mail Privacy Protection stops senders from using invisible pixels to collect information about the user. The new feature helps users prevent senders from knowing when they open an email, and masks their IP address so it can’t be linked to other online activity or used to determine their location.
These changes will impact email senders in multiple ways:
- Blocking a recipient’s IP address from being seen.
- Making open rate tracking even more unreliable.
Blocking IP addresses
Your IP address is a computer address that points back to you and your activities when you browse the internet. That address might be used by just you, your family, or perhaps an entire school or business location. Apple will soon start loading images contained in emails via a proxy that hides your real IP address from the people that send you emails.
As an email sender, when someone blocks their IP address from view, it becomes more difficult to identify where someone might live in the world. This makes segmenting subscribers by geography for specific sales or sending in their local time zones less accurate.
So, the only way to determine someone’s location then becomes either the IP address they used to sign up for your list or when they might click a link contained in one of your emails.
For context, Gmail has done this same image proxying since 2013, Yahoo since 2018, and Microsoft Outlook since ~2018. This change by Apple impacts more email recipients, but it’s really just about Apple catching up to what Gmail, Yahoo and Microsoft have been doing for years already.
Unreliable open rate tracking
Many email experts are writing about how this change destroys open rate tracking as an audience measurement metric.
Testing thus far has been unclear on whether Apple will be entirely blocking the loading of open rate tracking images. In fact, some media is reporting that Apple is just loading all images via their proxy. I believe that they will mostly just be loading images via proxy and are unlikely to reliably block open tracking pixels. Some tests have shown Apple is preloading email images before a recipient opens the message on their email client.
But time and further tests will tell what Apple is actually doing as they release the feature into the wild.
But let’s take a step back and talk about open rates.
Open rate tracking as a metric has never actually measured how many people open your emails. It simply measures how many people have downloaded the images in your emails.
Many recipients turn images off in their email programs which prevent senders from measuring an email open. If I turn off image loading in my email client, you’ll never detect me “opening” one of your emails, regardless of how many times I actually open it.
The length of your message can also cause Gmail clipping that impacts whether some of your images are displayed at the end of a long email.
As a professional email marketer, I view open rate metrics as a useful tool for:
- Subject line testing.
- Did “subject A” generally get more people to open than “subject B”?
- Engagement tracking.
- Not as an indicator of total audience engagement, but as an indicator of how engaged my audience is for this email vs. one I sent last week or a month or so ago. Comparing an open rate from today against one from several years ago is pretty useless as changes to how images are rendered in different email clients can have significant impacts on audience measurement.
- Reputation measurement.
- Taken as a signal in a larger look at other email metrics, low open rates could be an indicator of spam folder issues, audience/content match issues or permission issues.
Does this hurt the email ecosystem?
Simple answer… No, it just changes it.
The benchmarks you use today today will need to be recalibrated, but it’s not the end of the world. Some senders may see an increase in opens due to Apple’s image prefetching algorithms, other senders might see open rates decline.
Absolutely none of this means that actual people receiving your emails are interacting with those emails any differently than before. These changes affect the technical measure of how opens are detected, not the real human behavior of whether or not someone opened your email. That’s an incredibly important distinction and one that every business that sends email should remember.
At the end of the day, you need to send email that people want, find valuable, and engage with. If you don’t, they will ignore, delete or mark it as spam — and over time, that will impact your ability to deliver email to others who do actually want your emails.
Using confirmed opt-in continues to be one of the best ways to ensure a high quality subscriber base.
What you need to know about user privacy
Apple is marketing these changes as an enhancement of user privacy. I’d argue it erodes user privacy.
Currently, when I use Apple Mail on desktop or iOS mobile, Apple has zero knowledge of who I’m receiving email from, when I read it or what that content is. Today, in order to protect my privacy from external senders, I disable images by default. That gives me 100% privacy. Senders don’t see me opening the email and loading images, and Apple isn’t scanning my emails and running my email content thru their proxy servers.
If I enable Apple’s new “Protect Mail Activity,” setting Apple goes from having zero knowledge of my email activity to having a view of everything that has images in it. Apple will see your email activity…
- They’ll know you received and opened an email from your pharmacy.
- They’ll know you received and opened an email from your doctor.
- They’ll see your work email images.
- They’ll see your personal email images, even if you use Gmail, Yahoo!, Outlook, or a personal email server but read those emails using Apples Mail app.
All of that data will be seen and controlled by Apple.
So what does that mean for you?
It becomes trivial for law enforcement to subpoena a single organization like Apple and get a ton of information about you. This sort of law enforcement action has been misused many times in the past worldwide and has topped news headlines in the last week with the DOJ subpoenas for all email communications from members of Congress. This exposes significantly more private information with less effort than ever before.
This isn’t just law enforcement that could expose this data, it becomes trivial to subpoena it for civil lawsuits as well such as messy divorces, business disagreements, and so on.
Real privacy comes from user education and knowledge about what options are available to end users. I fear that many users will check the Apple “privacy” box and think that no one can see what they are doing online.
They couldn’t be more wrong.
Apple might be working from a place of good intentions now, but by using “Protect Mail Activity,” what we’re doing is trusting them to continue being responsible with your data when economic and governmental pressure arises.
Learn more about Apple’s privacy changes
There are many perspectives on this new release, and I’d encourage you to read what others have to say on the subject. I’ve gathered a few I found interesting.
- Apple.com – Apple advances its privacy leadership with iOS 15, iPadOS 15, macOS Monterey, and watchOS 8
- 9to5Mac.com – Mail Privacy Protection could hurt small newsletter publishers
- WordtoTheWise.com – About the Apple thing
- TheVerge.com – Will Apple end the newsletter boom?
- Andrew Donovan – What Apple’s Mail Privacy Protection Means for Email Marketing
- FastCompany.com – iCloud Private Relay and other Apple WWDC privacy features