They know that you likely read some email from HSBC and if you happen to read the same one again they will know it was the same one.

▲

crazygringo 2 hours ago | parent [-]

Right. But even over HTTPS it's not rocket science to figure out that connecting to www.email1.hsbc.co.uk pretty strongly suggests you've opened an e-mail with an image. And the number of times you request the same URL tells someone... what exactly? Because HTTPS still tells people the number of times you access any URL on a domain.

	▲	awesome_dude 2 hours ago \| parent [-]
		Worst case scenario is the HTTP pixel request tells attackers that there is a verification chat happening. HTTPS the attackers know a conversation is happening, but no idea what But, I personally think the threat is being overblown (I am happy to be corrected though)