Does HTTP really matter in this particular case though?

HTTPS still typically exchanges the Server Name Identification. So you know somebody is talking to HSBC. And the rest of the URL is just an anonymized tracking ID. So I'm having a hard time seeing what the threat is this particular instance.

They might have competent people but most tech people working at a bank like are out of fucks to give.

At these massive, unable to go bankrupt companies, you quickly lose all fucks to give. No one cares about opinion of ICs or even direct managers, Senior Management makes the calls and you either execute quietly or replaced with someone who is. When I worked for $MegaUSBank, there was two types of people. Those who realized their "spark" was draining out of them and got a new job after a few years and those who were just "Whatever, I push buttons and get paycheck." and had been there for 15 years.

I ran a team at FAANG where I supported people creating content, including emails, and no matter how many times I explained open tracking was only useful as a trend and not an individual evaluation it just went over people's heads.

Senior leadership wouldn't believe me, kept harassing my team to explain why so and so who said they opened the email didn't have an open event, and why so and so who said they didn't open the email did have an open event.

Authors wouldn't believe me because email open was the highest scoring metric they had. Less than 3% of recipients would land on the page for the publication, but >50% would "open" the email that has a teaser and a call to action to open the webpage. If they had to go off of the click through metrics which are accurate it'd make it sound like they were bad at their job.

So everyone used open rates because it made them feel good. Either that they were writing engaging content, or made them feel like they actually had a handle on who was/was not reading their mail.

No metric would have been better than this metric.

I think of the term "state of the practice"

Same thing happens with renting apartments. Slowly but surely, conveniences like apartment-phone-app (to open doors, to access mailboxes) get accepted by people and then they "throw the switch" and make the remaining 3% do it. Or maybe new renters must accept it to move in. And then they can deny access to apartments imeediately, track their residents, match with online activity and more...

At least they email him and don't send the stupid "you have an important message, login to see it" email. No idea what those important messages are, I'm sure sometimes they were important

I'd guess one of two things. One is a conversation that goes like:

"I want to send letters to everyone who doesn't open our emails."

"We can't really detect that. We could add a tracking pixel, but–"

"Yeah, do that, the tracking pickle thing."

The other is that the "did they open this?" feature was rolled out purely for metrics knowing that it's imprecise, and later on got repurposed for something unsuitable without looking at how the "did this email get opened?" facility actually worked.

I think people are overthinking this, though the discussion about reliability is merited

For every HN technically inclined people you have dozens of other customers who will give any email (thinking it's just writing "John.smith@bt.co.uk" or something) - or worse- and they have to find a way of identifying those customers

> Is it that HSBC has 0 competent people who could have ...

In the chain of command for a feature like this, that's quite possible.

> Or is it that everybody who mentioned this was overruled by middle/upper management because they know better?

Or just learned helplessness, they don't bother because they know it's not worth trying.

I had a demo for some high-school students for an ethics and tech class that successfully demonstrated these with a GMail account, so when this started happening I got very upset lol.

Cancelling costs them no money — banks these days don't make money on customer accounts.

They (and many other industries) won't, you are delusional.

Capital One is the same. I eventually stopped caring; I know these paper mailings are costing them money. Maybe they'll get the point someday.

Ditto, I get them all the time and just ignore them. I actually have a gmail rule that if it sees that phrase it marks it read and deletes it. Them not knowing if I read an email is not a problem I need to solve.

> I don't see anything wrong with attempting this.

I do, when the result of that attempt is to tell people to change their email addresses unnecessarily. Most people will fall for that.

> But this post is entirely speculation. The author has no evidence they're basing it on tracking pixels. They're literally just guessing.

They literally admit to this and go on to provide the evidence for their guess:

> I think I can place a solid guess about what went wrong here.

Counterpoint: gov.uk is widely regarded as one of the best government websites in the world

Tracking pixels have become so endemic that HSBC have clearly come to the opinion that if they can’t track when I open their emails, I must not be receiving their emails. So they wrote me a letter to tell me that my emails have been “returned undelivered”

Tracking pixels are the key of thing that my computer filters out. So I wonder if this explains why I get paper statements for my Apple Card.

Each time one comes in the mail, it has a letter with it stating that Goldman Sachs was unable to contact me at the email address on file, which they show as my Apple ID email address. Which works fine for everyone else in the world, including Apple.

It doesn't even link to an ad, it links to a weird parody attempt of the ad on the same site as the article.

My first instinct was to close the article as I didn't want to read a Republican virtue signaling to his audience. I wonder if they were trying to sound Republican?

The article itself is a nice, well interesting, dive into the topic; kinda unfortunate.

I took the use of "virtue signalling" to be an intentional jab at HSBC given everything

https://en.wikipedia.org/wiki/HSBC#Controversies

People used to bank with Barclays to register their support for Apartheid in South Africa.

Not only a distraction, but also fails to distinguish HSBC from pretty much any other bank, so the "the" comes off as crankish and aggrieved.

> just to a different audience

And apparently not targeted all that well, since half the comments here think it is a right-wing (anti-multiculturalism) sentiment, and the other half a left-wing (anti-corporate-reputation-laundering) sentiment.

precisely this. it sort of put me off an otherwise excellent article

True, but HSBC thinks you read the email, because somebody fetched the tracking pixel, right? The irony is that HSBC and others who use this kind of thing probably aren't in the least interested in when or how many times you open the email. Whoever came up with this idea (probably) really did think it was (just) a pretty good way of figuring out if they have your correct email.

> Gmail because Google fetches them out of band. It doesn’t reveal open rates.

"Our open rates have skyrocketed! send more emails!"

They do work for the inferred purpose here though, assuming Gmail only downloads them when the email is successfully delivered to the mailbox (and thus the address is valid).

Same with Apple Mail

I mean, they still work in some way. If you use tracking pixels to see if an email was read, I agree with you that this break the functionality. But if you just want to see if the email exists, then the fact that google fetches them (and triggers the parametric URL) still tells you something

What do you mean by 'fetches them out of band'?

Adults.

I would have asked, "or what?"

The rot goes deeper because for every story like this there were hundreds of people involved in making it happen. Some by choice, some less so but rot nontheless.

Email is not a core competency of banks. They are actually pretty good at snail mail though.