The Real Problem With Gmail’s New Default Setting For Pictures

This week Google rolled out a new feature to Gmail. Traditionally email clients, including Gmail, have always set “show images from sender automatically” off by default to protect the user from being tracked by spammers. The new Gmail client has changed this setting to on by default. Since Google now runs the largest email system in the world and their informal corporate motto is “Don’t be evil,” they can expect some scrutiny when they change how things have normally been done industry-wide. Some say that Google has found a way to protect us from being tracked and the new setting is good. But others disagree.  I have read conflicting articles about it in Wired and elsewhere on the ‘Net. Is Gmail’s new show images by default a good thing or not? Is Google “Blowing up email marketers by caching images now” or not? In fact, this new Gmail roll-out contains a little good and a little bad. Let me explain.

First, take a look at what Google has actually done under the hood of Gmail. To see what I am talking about go to your Gmail settings and look at the general options tab here:

google-mail-settings

If you click “Learn More” you will be presented with the official description of the new functionality in Gmail. Notice this part of the text

Gmail serves all images through Google’s image proxy servers and transcodes them before delivery to protect you in the following ways:

  • Senders can’t use image loading to get information like your IP address or location.
  • Senders can’t set or read cookies in your browser.
  • Gmail checks your images for known viruses or malware.

In some cases, senders may be able to know whether an individual has opened a message with unique image links. As always, Gmail scans every message for suspicious content and if Gmail considers a sender or message potentially suspicious, images won’t be displayed and you’ll be asked whether you want to see the images.

In the first section above we read that Google is protecting us from marketers having certain identifying information about our computer or our browsing habits (through IP address or cookies) and as always Gmail is great at protecting us from malware and viruses. I applaud Google for these things and I seriously love Gmail.  It is the best tool I have ever used to battle the rivers of spam that flow daily and safely communicate with the world.

Unfortunately there is another section below that. Notice these words, “In some cases, senders may be able to know whether an individual has opened a message with unique image links.”  Look, I will be honest. I don’t want people to know when I listen to messages on on my telephone answering machine. After all, I might want to use it to screen calls. For basically the same reason, I don’t think it is “a good thing” if those who send me an email know – without my consent – the exact moment when I read that mail.

After reading their official explanation it dawned on me what their real motivation could be. Google wants to be the one who decides who can track me and who cannot because they can then charge for that privilege! Just think of how much Mailchimp and others will be willing to pay so that Google doesn’t consider them “potentially suspiscious.” Yes, think about it – one of the biggest Email clients has gone to showing images by default and now Google has the power to filter which services can track mail with those images and which services cannot – through their own proxies. Whethe their motives are good or bad, the fact remains – the folks at Google have just quietly set themselves up as the gateway for email marketing for a very  large percentage of the entire market.

So for those who, like me, want to make that decision for themselves I recommend turning off “show pictures by default” and using Gmail as a useful tool under your control rather than the other way around.

 

 

 

6 thoughts on “The Real Problem With Gmail’s New Default Setting For Pictures

  1. @Jannifer, Oh but they can! If they insert a beacon image (invisible one pixel GIF for example) they can see when you open the mail and where you are when you do. That’s exactly why email clients always have “show images” turned off by default. UNTIL NOW.

    Maybe this will help you if you don’t believe me —>

    https://nakedsecurity.sophos.com/2014/02/27/how-emails-can-be-used-to-track-your-location-and-how-to-stop-it/

    The question is not whether it can be done, but who do you trust with the info. It is just one more way that Google is collecting info from countless users now who don’t know enough to turn off this option. My post was just to call attention to that.

  2. I have read your post and there Senders can’t use image loading to get information like your IP address or location.Senders can’t set or read cookies in your browser. Gmail checks your images for known viruses or malware and i think Gmai working more feature nowday for user. thanks for sharing this post.

  3. I wasn’t aware that Google was using Return Path Inc.’s Domain Assurance until you brought it to my attention. Thanks. http://news.techworld.com/security/3262786/google-to-use-return-path-anti-phishing-system/

    As I mentioned, I love Google’s anti-spam technology. They are the best I have ever used. But the reason why I wrote this article is because they have change the default setting of “show images” so that millions of Gmail client users will now be showing images by default. If I read their fine print right, they also reserve the right to decide which email (obstensibly by using Return Path technology and other services like RBLs http://en.wikipedia.org/wiki/DNSBL), but *possibly* by who they want to 🙂 Maybe I am just cynical, but doesn’t that setting change also mean that now Gmail client user now sending back marketing info *by default*. That is a big change. And don’t forget, Google is now in total charge of which marketing companies can receive that data.

    Of course, as someone on Reddit pointed out to me, they will have a hard time getting away with overtly charging for that privilege. But then again I am cynical and I think it is no coincidence that Google has positioned themselves as the gateway of marketing info and then turned on the data stream by default. That’s why I have turned off the “show images by default” option – exercising what little control I have as a user.

    Thanks for commenting on this. I appreciate you letting me know about one of the companies Google uses for fighting spammers. Do you disagree with what I am saying about the new setting and policy?

  4. They already had this arrangement with mail providers – look into Return Path (the service, not the mail header). If anything, this gives Google *less* ability to monetise this information, since they are giving it out freely rather than reserving it only for paid Return Path users.

Leave a Comment