Slashdot Mirror
Google Makes It Harder For Marketers To Collect User Data
cagraham writes "In a seemingly minor update, Google announced that all Gmail images will now be cached on their own servers, before being displayed to users. This means that users won't have to click to download images in every email now — they'll just automatically be shown. For marketers, however, the change has serious implications. Because each user won't download the images from a third-party server, marketers won't be able to see open-rates, log IP addresses, or gather information on user location and browser type. Google says the changes are intended to enhance user privacy and security."
Yep. And the security angle is overrated for two reasons:
1. NSA
2.Most mailing software generates unique images to track opens, so you're still being tracked. It's actually decreases privacy for Google to auto-download the images.
is a monopoly tightening its grip on the market it monopolizes.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
No, because Google will scan the images for viruses and common inconsistencies, then convert them to raw pixel data, using there decoding libraries that don't have these exploits, and then re-encode them into consistent and buffer-overflow-free images, that will work on any old and/or bug-riddled operating system or browser used by the recipient.
I hope google will also re-sacale images when people embed 3000 DPI company logo's in HTML-emails.
Now all the spammers will get their servers overloaded. If they send out millions of e-mails and they all immediately get "opened" by google trying to pull in the picture data.
I suspect Google will load the image even if the gmail address is invalid, or else it would be an easy way to build a list of all valid gmail addresses. So your example does not indicate that it ended up in someones in-box (or spam box!), let along that someone actually opened the email.
Multiple tests by multiple individuals have shown that they do NOT honor any of the various no-cache headers.
Tracking unique users is still easy (using a unique URL) - but tracking how many times they opened the email, or where they opened it from (IP address) or on what platform is now lost.
Do those even work anymore on anything other than XP? Because I fix PCs 6 days a week and I haven't seen one in years. The way most folks get infected nowadays is 1.- "Hey its your (insert friend's name) on (insert IM) and I found this great new thing that made my PC faster, just (click this link,push this button)". 2.- "You want to see teh lesbians? To watch this hot video just run 'IzNotViruzIzCodec.exe'". 3.- (insert friend name) just sent you an e-card for (insert holiday), just go here and receive your e-card!" 4.- "Oh noes, you have teh viruz OMG! Run 'IzNotViruzIzCleaner.exe' to get rid of it". That last one works well on old folks BTW
As for TFA yet again another change that fucks the user or takes a valuable tool away from the user while giving Google more power....are we even surprised anymore? the only nice thing about Google in the last year is only the hardcore Googleaid drinkers buy the "Do no evil" "don't be evil" horseshit, the rest of the world can see its as much bullshit as "think different" and "where do you want to go today", Google has become just as nasty as the other two and in some ways worse.
ACs don't waste your time replying, your posts are never seen by me.
I'm surprised that everyone is focused only on how this affects advertisers. That might be just a decoy excuse for the modifications.
A far more fundamental change is that Google will now be transcoding all images, which inherently blocks the sender's ability to transmit steganographically hidden information with plausible deniability. I bet the NSA has been requesting Google to do that for ages, as it must have been an extreme headache to have to scan all images just to find the few with a hidden payload. No such payloads now.
Spooks aside, the effect of this on photography will probably be far more dramatic for the general population, since photographers often transmit precisely controlled images. Google's new transcoding means that Gmail is no longer suitable for sending bit-perfect images of known properties or quality, so we're going to have to put our images in archives from now on, which will be a pain to view.
It seems that Gmail is becoming strictly a conduit for advertising. Google is at least consistent in their evil.
While I applaud the move, it is about competitive advantage for Google.
If you applaud this you haven't thought it out very far.
Almost ever SPAM has small uniquely named images embedded. Often single pixel images.
These are encoded to your email address. If you fetch this image, your email address is VERIFIED. You just did the spammer a favor.
If you were reading the email with a mail client, you would NEVER fetch these, because 1) spam is spam, and 2) most
email clients don't download images by default and most email recipients are just fine with that.
With Google pre-fetching all of these, every GMAIL address id Verified for the Spammers.
Its not a well thought out scheme at all. No sensible person would read Gmail with a web browser from now on.
The wise choice is to use a traditional Email Client, (something like Thunderbird, Kmail, k-9 mail, Evolution, etc), and set them not to load images at all.
Sig Battery depleted. Reverting to safe mode.
Not necessarily. A lot of email virus scanners will pre-fetch images and follow links in emails, for example. They'll do it even if they're just forwarding the mail to another server, and sometimes before the mail even gets to the delivery agent.
I am TheRaven on Soylent News
If I were google, I would download images in all incoming messages regardless if they are intended for real email boxes or not. This would let them know which websites are being used for spam. The spam detector could use this information by pattern matching every image (regardless of relabling or website copying), and mark spam accordingly.
This.
I work for an email marketing company. Since our customers are very keen on not being mixed in with spam, we (and I think I speak for most of our competitors in this respect) take care to ensure only legit (confirmed double opt-in) email accounts are listed, to keep our servers' reputation perfect. Understand that it is in the best interest of legit senders to make customers WANT to recieve their emails. Open images and the statistics they create are primarily used to fine-tune the emails sent.
These open pixel images have practically no value to spammers (hence very few spammers actually use them); sending out spam over botnets, they don't care if an email address exists. They might care if a batch of several thousand email addresses no longer exists, but tracking and logging individual recipients... that's damn expensive if you're sending to millions of email addresses.
This cache won't hurt spammers.
It hurts companies you have subscribed to receive email messages (I sure hope you trust the average Hotmail user's taste, since emails will change to suit their needs).
And I dare bet that pretty soon, Google will start selling this information, and then everybody will be hurt.
The solution is simple:
if(connection.ip_address in google_ip_addresses)
write(connection, "Sorry Google, only the user may open this image!");
If Pandora's box is destined to be opened, *I* want to be the one to open it.
Actually, it does. Because it tells the spammers that the recipient opened the email
Google doesn't fetch the image until you open the email. And the moment you do, Google just confirmed that the email was read. And that information is very valuable.
There are two ways Google can fix it:
1) Set "Don't load images" back as default again, as it is now and in every email client.
2) Simply load every image, so valuable information like that isn't revealed - the marketer just pays for bandwidth and gets zero information - they don't even know if the image is read. No storage requirements as Google can re-write the email to self-contain all the images.
Of course, Google is probably going into email marketing - given how Gmail has sprouted that "Promotions" tab (yes, you can turn it off, but don't you think it immediately foreshadows something? It's not Spam, but "Promotions" - what, spam that someone paid to bypass Google's filters?). And they don't need competition - best way to squash it is to starve out the existing marketers.
And of course, since Google's in the information business, selling that information is very valuable - Google knows what you like, so they can sell targeted ads into your inbox.