Marketers Can Still Track You Through Gmail's Cached Images

[Guest]

Google believes it has discovered a safe way to display images in Gmail by default, but security experts disagree.

Marketers Can Still Track You Through Gmail's Cached Images : Read more

 

[outlw6669]

Good information to know!

 

[virtualban]

Gmail could use the excuse of protecting users and open/cache images as soon as they are received, all of them, flooding the spammers with useless information. They could maybe keep the images for a week, offering them to the user from their own cache, and after a week the user will be asked to re-download, old-style.

 

[jRaskell1]

"By including a user-specific URL in every image it sends out, a marketer can detect when Google accesses the image and correlate that image with the user the marketer had intended to reach."

1. Images don't get sent out. Emails contain text links that tell email recipient to download the image from a specific location. Making these links user specific accomplishes nothing. Google will be caching every image on their servers, whether the end user views them or not, so the marketers still have no idea who's viewing what.

2. If they try embedding some sort of server notification into the images themselves that gets called when the image is actually viewed, that sort of stuff is easily caught by anti-virus and anti-malware software. Google will likely be looking for exactly this sort of tactic.

3. Viewing images in gmail takes a single click. Not 2-3 clicks.

 

[jimmysmitty]

"By including a user-specific URL in every image it sends out, a marketer can detect when Google accesses the image and correlate that image with the user the marketer had intended to reach."

1. Images don't get sent out. Emails contain text links that tell email recipient to download the image from a specific location. Making these links user specific accomplishes nothing. Google will be caching every image on their servers, whether the end user views them or not, so the marketers still have no idea who's viewing what.

2. If they try embedding some sort of server notification into the images themselves that gets called when the image is actually viewed, that sort of stuff is easily caught by anti-virus and anti-malware software. Google will likely be looking for exactly this sort of tactic.

3. Viewing images in gmail takes a single click. Not 2-3 clicks.

This is a web based email, not exchange which means thing that happen on GMails back end does not get seen by you, your system or your AV.

Considering what Google said before, about your data not being private on their servers, what makes anyone think they would suddenly change and not use this to their advantage to make money?

 

[Anakha00]

Not sure if Gmail changed their settings help page after learning of this, but the help makes specific mention of this issue.

"In some cases, senders may be able to know whether an individual has opened a message with unique image links. As always, Gmail scans every message for suspicious content and if Gmail considers a sender or message potentially suspicious, images won’t be displayed and you’ll be asked whether you want to see the images."

 

[TeraMedia]

@jimmysmitty:
"thing that happen on GMails back end does not get seen by you, your system or your AV."
First, Gmail can be used either with a browser-based client or with an email client such as Outlook. I currently do both. In either case, what gets delivered to the client's computer is an HTML page. One (the browser-as-client version) is contained inside a larger HTML page. The other (the fat-client version) is embedded within the message contents as text/html within a multi-part MIME block. Go to w3c.org to learn more about these. In either case, compiled code running inside an internet browser processes the HTML or HTML segment, including the IMG tags that point back to the images that the marketers are transmitting. With fat clients, you can usually configure the software not to retrieve the image unless it comes from a trusted location. With thin (browser) clients, this is controlled by the application software running on the web server at Google. In order for this feature to do what Google says it does, they need to parse through your email message, locate any and all IMG (and similar) tags, retrieve the indicated images, store those on their servers, and *** modify the IMG tags in your email messages to now point at the images stored on their servers *** . Then, your client - be it a browser or a fat client - retrieves the image according to the URL in the message content, which now happens to point to Google's servers.

The one thing this does that you probably DONT want is that it validates your email address. Do not underestimate the significance of that. If no one ever downloads a target-identifying image in a marketer's email message (e.g. "IMG src="http/blah.com/image.gif?email=you@email-address.com"), then they don't know whether that message ever went anywhere. It could be invalid. But if the message DOES get downloaded, then they know it went somewhere. Hopefully, Google - realizing this - is downloading the images for ALL messages that they receive, and is simply not storing the ones that go to invalid addresses. That would truly flummox the marketers because they would have absolutely no way to determine whether an address was valid or not, and every attempt to do so would simply put more load on their servers.

 

[TeraMedia]

One additional note:

If you are using Gmail with a browser, and are using HTTPS (which I believe may be the default now), then your browser may already be blocking or warning against downloading images from marketers irrespective of whether Google does anything with them or not.

 

[ovly500]

Edward`s report is really great.. Google is paying 75$/hour! Just work for few hours & have more time with friends and family. Last Wednesday I got a top of the range McLaren F1 from bringing in $5012 this month. I never thought I'd be able to do it but my best friend earns over 10k a month doing this and she convinced me to try this Buzz95.ℂom