They don't show you a "preview" or "thumbnail" anymore because of the web-tracking you already mentioned. The image/content is often stored on a server controlled by the message sender, so fetching that stuff to display it on your device already informs them that somebody's received their message. Who, what, when, where is all logged in the unique link they sent you and the unique network path it travelled to their server.
The practical privacy-protecting (yet not privacy-invading) defense for the carrier is to just pass along the link. Or to contain it within a "click here to see the the thing" option.
The practical privacy-protecting defense for the end-user is run a messaging app which doesn't volunteer any information, acknowledgement, or response upstream until the user specifically allows it.