[toyg]

> A tracking pixel doesn't have the physical intrusion bit

It does trigger a request on the user's computer, which is a personal effect, after effectively smuggling code onto it. Definitely a grey area.

[aosmith]

Just playing devils advocate... Isn't the (poorly configured) mail client making the request?

[mirimir]

Indeed. Nobody who cares about privacy allows email clients to load remote images. Or any remote content, for that matter.

[swixmix]

The real problem is that it is acceptable for lawyers to use email for sensitive communications. Many lawyers just don't understand-- and don't want to. The rules that allow them to practice forbid being nefarious.

(What I'd do is a different topic.)

[pferde]

My take on it is that the real problem is email software not making it clear-as-day to the user that the message they are about to open is in fact a webpage, and that they will be actively connecting to the World Wide Web to load it, and potentially allowing third parties know that they have opened the message.

Regular people won't make the mail <-> WWW connection in their head without being told, nor should they be expected to.

[LocalH]

Triggering an existing code path with a piece of data in its “normal” use case doesn’t really qualify as “smuggling code” tbh