January 28, 2026

Big bank, tiny pixel, huge drama

Article URL →HN comments →

That's Not How Email Works, HSBC

HSBC says your emails bounced — users blame creepy trackers and ‘paper spam’

TLDR: HSBC sent letters claiming emails weren’t delivered, but users say the bank misread blocked tracking pixels as “unread.” Commenters roasted the privacy move, urged switching banks, noted other banks do it too, and bickered over the post’s tone—spotlighting why hidden trackers and sloppy alerts matter for customers.

HSBC mailed customers saying their emails were “undelivered,” but the community’s verdict? It’s not broken email — it’s blocked spy pixels. The original post shows HSBC stuffing emails with tiny hidden images (tracking pixels) — and even using old-school, unlocked links (http, not https) — to see if you opened them. When those pixels don’t load, the bank allegedly thinks you never read the email, then fires off scary letters. Cue outrage, memes, and a whole lot of side-eye.

One camp is furious at the privacy creep: users compared the pixels to “peeping toms,” with some saying Google’s Gmail fetches images in a way that hides real open rates, so the bank’s data is junk anyway. Others went nuclear with “close your account” energy, arguing only a bank switch gets attention. And the plot thickens: commenters chimed in that Capital One and Australia’s NAB do the same, flipping people back to paper statements if images aren’t loaded. “Paper mail to say email didn’t arrive” became the thread’s running joke.

Then came the side-drama: one commenter blasted the post’s opening jab at HSBC ads as off-topic “virtue-signalling.” The result: a spicy split between privacy hawks, switch-banks-now hardliners, and tone-police debating what belongs in a tech gripe. But everyone agreed on one thing: HTTP tracking pixels from a bank in 2026? Yikes.

Key Points

  • An HSBC customer received a letter stating emails were undeliverable, but their account already had the correct email address.
  • Live chat support insisted on updating the email; phone support later said the letter could be ignored if the address was correct.
  • Inspection of an HSBC “statement available” email revealed two embedded 1×1 tracking pixel images.
  • The tracking pixels were served over HTTP (not HTTPS) and included identifiers linking the email to the recipient.
  • The author blocks tracking pixels, preventing the bank’s email-open tracking from functioning on their devices.

Hottest takes

"Tracking pixels don’t even work with Gmail" — renewiltord
"Cancel your accounts - move to another bank" — loloquwowndueo
"Ironically, it is itself virtue-signalling" — Analemma_

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.