Google Makes It Harder For Marketers To Collect User Data 195
cagraham writes "In a seemingly minor update, Google announced that all Gmail images will now be cached on their own servers, before being displayed to users. This means that users won't have to click to download images in every email now — they'll just automatically be shown. For marketers, however, the change has serious implications. Because each user won't download the images from a third-party server, marketers won't be able to see open-rates, log IP addresses, or gather information on user location and browser type. Google says the changes are intended to enhance user privacy and security."
Re:And google will retain that info exclusively. (Score:2, Interesting)
Yep. And the security angle is overrated for two reasons:
1. NSA
2.Most mailing software generates unique images to track opens, so you're still being tracked. It's actually decreases privacy for Google to auto-download the images.
What this is really (Score:3, Interesting)
is a monopoly tightening its grip on the market it monopolizes.
Re:And when the next JPEG or PNG exploit comes alo (Score:3, Interesting)
No, because Google will scan the images for viruses and common inconsistencies, then convert them to raw pixel data, using there decoding libraries that don't have these exploits, and then re-encode them into consistent and buffer-overflow-free images, that will work on any old and/or bug-riddled operating system or browser used by the recipient.
I hope google will also re-sacale images when people embed 3000 DPI company logo's in HTML-emails.
Re:Awesome for spam/tracking (Score:3, Interesting)
Re:Down to a single info (Score:2, Interesting)
I suspect Google will load the image even if the gmail address is invalid, or else it would be an easy way to build a list of all valid gmail addresses. So your example does not indicate that it ended up in someones in-box (or spam box!), let along that someone actually opened the email.
Re:They do see open rates (Score:5, Interesting)
Multiple tests by multiple individuals have shown that they do NOT honor any of the various no-cache headers.
Tracking unique users is still easy (using a unique URL) - but tracking how many times they opened the email, or where they opened it from (IP address) or on what platform is now lost.
Comment removed (Score:4, Interesting)
Worse, Google now blocks steganography too (Score:3, Interesting)
I'm surprised that everyone is focused only on how this affects advertisers. That might be just a decoy excuse for the modifications.
A far more fundamental change is that Google will now be transcoding all images, which inherently blocks the sender's ability to transmit steganographically hidden information with plausible deniability. I bet the NSA has been requesting Google to do that for ages, as it must have been an extreme headache to have to scan all images just to find the few with a hidden payload. No such payloads now.
Spooks aside, the effect of this on photography will probably be far more dramatic for the general population, since photographers often transmit precisely controlled images. Google's new transcoding means that Gmail is no longer suitable for sending bit-perfect images of known properties or quality, so we're going to have to put our images in archives from now on, which will be a pain to view.
It seems that Gmail is becoming strictly a conduit for advertising. Google is at least consistent in their evil.
Re:And google will retain that info exclusively. (Score:4, Interesting)
While I applaud the move, it is about competitive advantage for Google.
If you applaud this you haven't thought it out very far.
Almost ever SPAM has small uniquely named images embedded. Often single pixel images.
These are encoded to your email address. If you fetch this image, your email address is VERIFIED. You just did the spammer a favor.
If you were reading the email with a mail client, you would NEVER fetch these, because 1) spam is spam, and 2) most
email clients don't download images by default and most email recipients are just fine with that.
With Google pre-fetching all of these, every GMAIL address id Verified for the Spammers.
Its not a well thought out scheme at all. No sensible person would read Gmail with a web browser from now on.
The wise choice is to use a traditional Email Client, (something like Thunderbird, Kmail, k-9 mail, Evolution, etc), and set them not to load images at all.
Re:Hah (Score:4, Interesting)
Re:The fix that breaks things (Score:5, Interesting)
If I were google, I would download images in all incoming messages regardless if they are intended for real email boxes or not. This would let them know which websites are being used for spam. The spam detector could use this information by pattern matching every image (regardless of relabling or website copying), and mark spam accordingly.
Re:And google will retain that info exclusively. (Score:4, Interesting)
This.
I work for an email marketing company. Since our customers are very keen on not being mixed in with spam, we (and I think I speak for most of our competitors in this respect) take care to ensure only legit (confirmed double opt-in) email accounts are listed, to keep our servers' reputation perfect. Understand that it is in the best interest of legit senders to make customers WANT to recieve their emails. Open images and the statistics they create are primarily used to fine-tune the emails sent.
These open pixel images have practically no value to spammers (hence very few spammers actually use them); sending out spam over botnets, they don't care if an email address exists. They might care if a batch of several thousand email addresses no longer exists, but tracking and logging individual recipients... that's damn expensive if you're sending to millions of email addresses.
This cache won't hurt spammers.
It hurts companies you have subscribed to receive email messages (I sure hope you trust the average Hotmail user's taste, since emails will change to suit their needs).
And I dare bet that pretty soon, Google will start selling this information, and then everybody will be hurt.
Re:And google will retain that info exclusively. (Score:4, Interesting)
The solution is simple:
if(connection.ip_address in google_ip_addresses)
write(connection, "Sorry Google, only the user may open this image!");
Re:And google will retain that info exclusively. (Score:4, Interesting)
Actually, it does. Because it tells the spammers that the recipient opened the email
Google doesn't fetch the image until you open the email. And the moment you do, Google just confirmed that the email was read. And that information is very valuable.
There are two ways Google can fix it:
1) Set "Don't load images" back as default again, as it is now and in every email client.
2) Simply load every image, so valuable information like that isn't revealed - the marketer just pays for bandwidth and gets zero information - they don't even know if the image is read. No storage requirements as Google can re-write the email to self-contain all the images.
Of course, Google is probably going into email marketing - given how Gmail has sprouted that "Promotions" tab (yes, you can turn it off, but don't you think it immediately foreshadows something? It's not Spam, but "Promotions" - what, spam that someone paid to bypass Google's filters?). And they don't need competition - best way to squash it is to starve out the existing marketers.
And of course, since Google's in the information business, selling that information is very valuable - Google knows what you like, so they can sell targeted ads into your inbox.