Re make an email program that can download the images, but not send any personal data back? the answer is "No" given that the download process itself is the tracking mechanism. Let me explain with a simple example:

• Company xyz embeds tracking GIFs into their messages which are to be downloaded from their server xyz.example.com (hence remote)
• your e-mail has such an image embedded which contains an image from http://xyz.example.com/2616fcb8-64fb-48e9-a69a-9ec4a481905b.gif
• the next recipient of an e-mail of that campaign gets an identical image from http://xyz.example.com/75418e33-dd23-4e8e-bdb0-5ba973956505.gif
• when you open your e-mail with remote content allowed, it will download http://xyz.example.com/2616fcb8-64fb-48e9-a69a-9ec4a481905b.gif
• this tells the sender that you have opened that message and not the other recipient, despite the content being visually indistinguishable.

A recent example of mail tracking presumably based on this scheme and combined with resolving the IP-address to the location of the opener is the Streak extension for Gmail. This doesn't correlate opening the mail with browsing activity, but that's only the next step once the internet address is known.

Now, you can argue that the user "consented" to this tracking mechanism by allowing remote content, but given that most will likely hit that button without being aware of its potential consequences, it's an invasion of privacy anyway.

"I may be naïve, but why doesn’t anyone make an email program that can download the images, but not send any personal data back?"

It is not about sending, the data is in the request. When sending a mail to bill@bills.com I embed a link to an image. which lives here Blinky.com\images\dot.png but I request Blinky.com\images\smalldot.jsm x=dot g=bill@bills.com. You are the user will not see the request, but I have executed a java script on my server and using the HTTP request information I have your IP address, (general physical location which may be down a a two block radius or 300Km off depending on where I am. US locations are much closer that other countries.), your preferred mail client, if you use web mail and most importantly that email sent to bill@bills.com was read and based on how many times that script runs with that email address, how many times you refered back to it. Open the mail in web mail, your mobile and your desktop and I now know you as an individual have a phone and what kind it is, you use web mail and you have viewed the email three times. If you click a link, the link in the email will be crafted to identify you and the marketing mail it was embedded in. Now I know if you bought anything from that mail, what your IP address is and that your have a phone. Next you go to say facebook and my add is displayed. Now from your IP address I can infer it is still you from 2 minutes ago. I have no idea exactly what your looking at, but from a marketing point of view I know your a face book user, and so the data collection and database building goes. Most internet firms know far more about all of us that we would like.

I do appreciate being more fully briefed on the whole picture. My knowledge of exactly what was happening was a little vague, but I did know enough to warn my users to not open unknown emails, (don't even click on them), don't endorse any product on Facebook, and (the hardest part) teach them how to write their own email filters. Still what you describe, to some extent applied to just Internet browsing. Having your IP, where your browse, tracking you home location within a few blocks, etc. However, What I'm starting to find from the intense personalized marketing campaigning is that they are laughable so off the mark. I went to a Sporting good site, and BOUGHT a camp stove.... then every ad I saw in any page I browsed had camp stoves!!! If anything, the very last ad I needed to see was for something I already bought!! In other words, these sites wasted advertising space and opportunity on me since I'm not in the market for another! And I noticed the 'recommended buy' lists NEVER EVER seem to have anything I'm interested in. Whomever writes these algorithms may know statistics and how to lump products together by category, but the don’t know anything about humans. I’ve gone as far as predicting that the ‘Holy Grail’ of Marketing; have a complete profile on an individual, and tailoring ads to them; may crumble in their hands. And as I have stated, some of us know how to filter our mail, and Thunderbird’s current method of ‘protection’ can be more of a hindrance than a help. I received hundreds of email in in relation to my eBay business, with each email address SLIGHTLY different, and every single one of them I have to manually click “Show remote content.” With all that I have been informed by you gentlemen as of now, I still think a simple on/off option, with ample warning of course, should be included. I tent to bristle when us users are ‘presumed stupid.’

I received hundreds of email in in relation to my eBay business, with each email address SLIGHTLY different, and every single one of them I have to manually click “Show remote content.”

This is where whitelisting sites rather than just specific senders would be useful. In this way, you could say "trust every image coming from *.ebay.com" rather than having to list each sender individually. That should be part of the bug report listed on the previous page where a patch is pending already.

Good to know, thanks

yesrsx11m, it is an it is possible now. see http://kb.mozillazine.org/Privacy_basics_%28Thunderbird%29 under advanced.

Ah, I see. Not quite though, given that the patch uses the content policy settings of the core code. There is no reference to mail.trusteddomains in the patch, so this may be an alternative approach or possibly replace the old mechanism.

https://bugzilla.mozilla.org/show_bug.cgi?id=953426 is fixed and the solution available in Thunderbird 31.