Google Makes It Harder For Marketers To Collect User Data 195
cagraham writes "In a seemingly minor update, Google announced that all Gmail images will now be cached on their own servers, before being displayed to users. This means that users won't have to click to download images in every email now — they'll just automatically be shown. For marketers, however, the change has serious implications. Because each user won't download the images from a third-party server, marketers won't be able to see open-rates, log IP addresses, or gather information on user location and browser type. Google says the changes are intended to enhance user privacy and security."
And google will retain that info exclusively. (Score:5, Insightful)
Re:And google will retain that info exclusively. (Score:4, Informative)
While I applaud the move, it is about competitive advantage for Google.
Google already knew which emails you have or haven't read. So does every other email client, web-based or IMAP / POP3.
Re:And google will retain that info exclusively. (Score:5, Insightful)
Yes and the point the summary misses, is that the images are used to verify that you have received and viewed the e-mail. This is far more important than browser types / locations etc.
It also prevents some evil things, such as first time you hit the page you get a drive by, the second time (with cookie set) you get the actual image and all seems fine.
Jason.
Re:And google will retain that info exclusively. (Score:5, Insightful)
The article does not state of all images would be cached automatically even if you have not read your mail. It only says that images would be served through a Google proxy server, which caches the images.
So if Google proxies and caches the images when you open the mail, there is no protection added from marketers, except for the fact that Google can scan the images for exploits.
And if Google proxies and caches the images as soon as the service receives the mail, marketers can verify if the address is a valid gmail address or not by just sending mails and waiting for Google to cache the image. Expect more spam if this is the case.
There will be true protection from email tracking only if Google caches the images in all emails it receives, even if the email address is invalid - and that would increase the load on Google servers quite a bit.
Re: (Score:3)
But if they're doing reasonable de-duping, then only the first person to click on the image will register. Everyone else will hit the cache. To avoid this every email would need a separate link to the picture.
Re: (Score:3)
Isn't this what everyone does today? I thought the whole point of tracker images was personal urls like 'img158294.png'.
It won't help the users privacy a bit, or actually make it worse since users can't ignore image attachments anymore - google automatically hit the tracker url for them...
Re: And google will retain that info exclusively. (Score:2)
But Google sees that imgabc123.png is 32x32 pixles and in the same DIV tag on every email. So Google replaces all the "identified" images for every recipiant with the first one they pulled and cached. Your browser is only going to pull the image from Google while the Advertizers don't get any tracking at all.
Then Google goes to customers with a "deal" for how many of your email subscribers opened emails about your product... The emails you paid SOMEBODY ELSE to send out....
Re:And google will retain that info exclusively. (Score:4, Interesting)
This.
I work for an email marketing company. Since our customers are very keen on not being mixed in with spam, we (and I think I speak for most of our competitors in this respect) take care to ensure only legit (confirmed double opt-in) email accounts are listed, to keep our servers' reputation perfect. Understand that it is in the best interest of legit senders to make customers WANT to recieve their emails. Open images and the statistics they create are primarily used to fine-tune the emails sent.
These open pixel images have practically no value to spammers (hence very few spammers actually use them); sending out spam over botnets, they don't care if an email address exists. They might care if a batch of several thousand email addresses no longer exists, but tracking and logging individual recipients... that's damn expensive if you're sending to millions of email addresses.
This cache won't hurt spammers.
It hurts companies you have subscribed to receive email messages (I sure hope you trust the average Hotmail user's taste, since emails will change to suit their needs).
And I dare bet that pretty soon, Google will start selling this information, and then everybody will be hurt.
Re: (Score:2)
If those mails are only sent to double-verified addresses, why do you care about such statistics? And even if I would want to read the information, that does not mean I want to be tracked that way. That's one reason I have a ad-blocking hosts file besides adblock plus and ghostery: to prevent other applications than a browser from such behaviour too.
Re:And google will retain that info exclusively. (Score:5, Insightful)
If you want to know if I've read an email:
request a return receipt
If I want to give you that information, I will.
Goodness, there's an existing, non-scummy way of working all this out which preserves user expectations of privacy and provides you with the information you actually want, not a poor proxy of it.
Re:And google will retain that info exclusively. (Score:5, Insightful)
How would you feel about your customers sending tracking images to you with orders/complaints/queries? Just to "fine-tune" whether they deal with you again? I imagine it could be statistically enlightening to see how quickly you open emails, how often, and how long the response takes. Not so keen?
I appreciate your efforts to ensure that your emails lists are on target and not spammy, many companies are not so diligent. (Particularly with confirmed opt-ins.) But you have no automatic right to collate any further information about your customers unless they intentionally provide it. Tracking images are sneaky and most certainly not used by your customers intentionally. There is a reasonable expectation of privacy when reading your own email on your own computer.
You're right about two things though. The days are long gone when spammers cared about whether an address was valid or not. They are not incurring any costs spamming to invalid addresses. All they care about is how many suckers they hook with a response. And yes, the cached image hits are yet more information being sucked up by google, that will inevitably be sold in some way in the future.
Re: (Score:2)
Here's a novel idea: If you want to know your readers' opinions, how about you *ask them* instead of assuming you are the all-knowing guru who best knows what everybody else wants?
Yes, I realize that's difficult. Yes, I realize most people won't respond. Those people don't care, so why should you? Then your data will be based on people who actually want and read your mailings rather than people like me who just open everything so it's all marked as read. Although I block all images anyway to prevent the exa
Re: (Score:2)
ding ding ding
Re: (Score:3)
De-duping of images that have unique names keyed to your email address? Really?
All the spammer has to do is watch his web server logs to know that the address was a REAL email address, because google will be hitting every one of those images.
Since spammers arrange to never receive bounced mail, the uniquely coded embedded image url has been the favorite tactic for email verification for over 10 years. Google is going to give these guys a gift.
Read your gmail from a email client (pop or imap) and hope Goog
Re: (Score:2)
De-duping of images that have unique names keyed to your email address? Really?
Its called block-level deduplication, and its not terribly exotic as storage technologies go.
Re: (Score:3)
Re: (Score:2)
Every mail does have a separate link to the picture, that is the whole point. They want to know which people opened the emails.
Re: (Score:2)
Yep and in fact despite what I said earlier, this could be worse. If google pre-fetch every image for instance, then this could have some horrid consequences. Such as confirming e-mail addresses.
Jason
Re:Hah (Score:4, Interesting)
Re:Hah (Score:4, Insightful)
Yep and in fact despite what I said earlier, this could be worse. If google pre-fetch every image for instance, then this could have some horrid consequences. Such as confirming e-mail addresses.
Jason
You all seem to assume you are the first people to realise this, ten to one says some Google engineer also realised this and so is just going to get the software to do a hit on the sending or linked server for every image, even if the email address it was sent to does not exist. Then, they can use the content of that image as an additional way to help identify unsolicited email.
Re: (Score:2)
Which is what most direct marketers do. Images in marketing emails are not embedded, they're links to remote images ( tag FTW!). Most images have a hashed part of its URL that is your "unique" identifier in their logs.
What the cache will likely do is pre-emptively grab the images, triggering higher hit rates on the marketer's servers, leading them to believe more people are reading their emails, meaning more spam.
Re: (Score:2)
What the cache will likely do is pre-emptively grab the images, triggering higher hit rates on the marketer's servers, leading them to believe more people are reading their emails, meaning more spam.
Supposedly Google only hits the image when you request the mail, and then only from a web browser. So the best thing to do is use an email client with image suppression on.
But If google decides to hit every image even before you read the mail, they initially play right into the hands of the spammers. However, other than verifying that the email address exists, it may make this uniquely coded url a useless indicator for the spammers. Why go to the trouble when every single one of them will verify?
Re: (Score:2)
Google caches content only for it's own Gmail client, so you have no choice of clients with regards to this caching.
Also; did you notice the convenient popup in Gmail stating that, unless you explicitely disable the feature, all images will now be automatically loaded?
Re: (Score:3, Informative)
Google caches content only for it's own Gmail client, so you have no choice of clients with regards to this caching.
That makes no sense.
If they only cache for their Gmail client, that would mean I DO have a choice, by simply using another client.
As for the disable feature, that is the FIRST thing I did. This feature does nothing to protect the user. Its all about giving google an advantage. It MAY be illegal. Its not at all clear that Google has the right to cache image files that were intended to be sent directly from my Brokerage account to me via an embedded URL in an email.
Re: (Score:2)
I think it's only meant to protect you from marketers getting FREE access to your cache.
They can still buy this info from Google, right?
Re: (Score:2)
Its not at all clear that Google has the right to cache image files that were intended to be sent directly from my Brokerage account to me via an embedded URL in an email.
Right. And I suppose they may have no legal right to scan for spam or viruses? And my ISP has no legal right to cache traffic like DNS requests?
Your service providers can do pretty much whatever they want. If you have a problem with that, use encryption.
Re:And google will retain that info exclusively. (Score:5, Insightful)
And if Google proxies and caches the images as soon as the service receives the mail, marketers can verify if the address is a valid gmail address or not by just sending mails and waiting for Google to cache the image. Expect more spam if this is the case.
Verifying that foobar@gmail.com is a valid address doesn't give spammers any real information: the namespace is so full even most pwgen outputs point to existing names, as long as you don't have embedded numbers (on gmail, addresses seem to have numbers at the end).
Thus, that check can be quite simplified to "does a Markov chain say this string of letters is pronounceable?". Not a big benefit to a spammer. On the other hand, they don't get told anything about the recipient anymore.
While for a small mail provider this change might leak some info, for Gmail it seems to be nearly entirely positive.
I for one don't use Gmail for privacy reasons, and don't fetch remote images, but good luck training aunt Lucy about that.
Re:And google will retain that info exclusively. (Score:4, Interesting)
Actually, it does. Because it tells the spammers that the recipient opened the email
Google doesn't fetch the image until you open the email. And the moment you do, Google just confirmed that the email was read. And that information is very valuable.
There are two ways Google can fix it:
1) Set "Don't load images" back as default again, as it is now and in every email client.
2) Simply load every image, so valuable information like that isn't revealed - the marketer just pays for bandwidth and gets zero information - they don't even know if the image is read. No storage requirements as Google can re-write the email to self-contain all the images.
Of course, Google is probably going into email marketing - given how Gmail has sprouted that "Promotions" tab (yes, you can turn it off, but don't you think it immediately foreshadows something? It's not Spam, but "Promotions" - what, spam that someone paid to bypass Google's filters?). And they don't need competition - best way to squash it is to starve out the existing marketers.
And of course, since Google's in the information business, selling that information is very valuable - Google knows what you like, so they can sell targeted ads into your inbox.
Re: (Score:2)
> Google doesn't fetch the image until you open the email.
Are we sure about that? I didn't see timing information in the article. Google could cache the images as soon as their server receives the message. In fact, the second article says that Google will automatically download all *incomming* messages. That suggests they're pulling them when the e-mail is sent, thus cloaking whether or not the user has read them. And since that's Google's goal, I'll wager that's exactly what they are doing.
Re:And google will retain that info exclusively. (Score:4, Insightful)
Marketeers already know the address exists the moment they get a 200 on the RCPT TO: header. Spammers, using botnets, generally don't care about the maildelivery itself, for these the autodownload of images is extra information.
Spammers do everything in their power not to get bounce messages. They do everything they can to not personally contact your (google's) mail server.
The fact that uniquely encoded image URLs are embedded in virtually ALL spam and UCE should be proof enough for you that you haven't thought your argument through. Go look at your email raw view someday.
Comment removed (Score:4, Interesting)
Re: (Score:2)
Yes, but now they can charge for forwarding the data.
Re: (Score:2)
Re: (Score:2)
Most webmail does it too - at least Hotmail and until now, Gmail. Heck, even personal webmail things normally block linked images by default.
That's right, Gmail is going to enable loading of linked images with this change.
It's a setting - you can switch it back, but who knows how long Google will keep that option available... Just that the default setting is show all images now.
Re: (Score:2, Interesting)
Yep. And the security angle is overrated for two reasons:
1. NSA
2.Most mailing software generates unique images to track opens, so you're still being tracked. It's actually decreases privacy for Google to auto-download the images.
Re: (Score:2)
Most mailing software generates unique images to track opens, so you're still being tracked. It's actually decreases privacy for Google to auto-download the images
As a matter of fact, it does nothing about privacy. What it does is just make it useless.
As Google *always* cache the image, the sender does not knows anymore when or even if the image was viewed and, so, doesn't knows anymore if the email was opened.
Re: (Score:3, Informative)
If they have specific knowledge about Gmail. Unfortunately, mailers that don't would make the more dangerous assumption (that you read the mail) under that behavior.
But anyway, even that's not true because under Gmail's new setup, the first download will still come when the user opens the mail and loads the images. At least, that's the best informa [techcrunch.com]
Ad broker + NSA (Score:2, Insightful)
From the OP: "Google says the changes are intended to enhance user privacy and security."
I find this lie from google/doubleclick insanely funny yet darkly cynical.
To enhance user privacy and security, don't use services from this huge ad broker which has a small army of lobbyists working Washington to prevent laws that would harness our privacy, and which works with the NSA to rape our liberty and privacy. If you use gmail, you should have no expectations of privacy or security whatsoever. That would be ins
Harder for **Other** Marketers (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
It makes life more difficult for the competition, plus they can sell the data to the competition later.
Re:And google will retain that info exclusively. (Score:4, Interesting)
While I applaud the move, it is about competitive advantage for Google.
If you applaud this you haven't thought it out very far.
Almost ever SPAM has small uniquely named images embedded. Often single pixel images.
These are encoded to your email address. If you fetch this image, your email address is VERIFIED. You just did the spammer a favor.
If you were reading the email with a mail client, you would NEVER fetch these, because 1) spam is spam, and 2) most
email clients don't download images by default and most email recipients are just fine with that.
With Google pre-fetching all of these, every GMAIL address id Verified for the Spammers.
Its not a well thought out scheme at all. No sensible person would read Gmail with a web browser from now on.
The wise choice is to use a traditional Email Client, (something like Thunderbird, Kmail, k-9 mail, Evolution, etc), and set them not to load images at all.
Re: (Score:3)
Uhmmm... what if google reads the images *regardless* of whether the recipient is known?
Re:And google will retain that info exclusively. (Score:4, Informative)
Typically SMTP servers won't accept delivery if the recipient is unknown, although I suppose when you write your own SMTP server you can do pretty much as you want. I can't see any up-side for google to process mail for NO ONE.
If they don't accept the body of the message they wouldn't get the URLs.
Re: (Score:2)
With Google pre-fetching all of these, every GMAIL address id Verified for the Spammers.
But Google doesn't need to prefetch all of them for everybody. That would be merely equivalent to just flat out *removing* their "Load Images" link feature. Maybe that is what they're doing, if their marketing department has gotten vicious enough. But they may be smarter than that.
Presumably, a spammer will send the same image to a million email addresses using a unique image URL for each one. For this maneuver, all Google needs to do is load some images that arrive in emails that bounce or that are address
Re: (Score:3)
Your example of devious spammers using single-pixel images is a really poor one. Google probably has all those images stored somewhere already.
No, its not a poor example. I get them all the time.
Here's one for you: (it took me all of 15 seconds to find one in my spam bin)
https://q4fg3t1i.emltrk.com/q4fg3t1i?p&d=3D3215081772,F2A9FJZZ,TC05EM,CMNC04,U007 [emltrk.com]
Grep the raw text of your UCE and SPAM mails. LOTS AND LOTS of companies use emltrk.com In fact, that's all that company does.
But lots of companies don't use a service like that, they just have a bazillion random images on one of their own web servers.
Further, google can't very well decide by i
Re: (Score:2)
> With Google pre-fetching all of these, every GMAIL address id Verified for the Spammers.
Not necessarily. The article says Google is pre-fetching all incoming images. It could be doing that *regardless* of whether or not the e-mail address is valid. I'm willing to bet that Google engineers thought through all of these arguments and has implemented a system that actually achieves their goals of blocking that sort of information.
Re: (Score:3)
Funny little AC, still assumes spammers connect directly to google. How quaint.
Re: (Score:2)
You need to consider setting your Gmail Account to IMAP and disabling POP.
POP is old school, and has always suffered from the problem of having to manage deletion on only one station, or risk not knowing where your mail went.
SM and Thunderbird handle IMAP as can K-9, and just about every modern email program.
Re: (Score:2)
Yes, caching HTTPS content is good if Google does it.
Re:And google will retain that info exclusively. (Score:4, Interesting)
The solution is simple:
if(connection.ip_address in google_ip_addresses)
write(connection, "Sorry Google, only the user may open this image!");
Re: (Score:3)
In which case, a broken link or no image will be shown to the user, and it might result in your message being marked spam.
Cutting into their business (Score:5, Funny)
Of course they're cracking down hard - stealing user data is Google's job...they don't like the competition.
They do see open rates (Score:3, Informative)
The cache system honors no-cache headers. As long as your images are served no-cache, you do see exactly when the email was opened, since the GMail servers refetch it every time. If each user gets a unique URL, you know exactly who opened the email.
Re:They do see open rates (Score:5, Interesting)
Multiple tests by multiple individuals have shown that they do NOT honor any of the various no-cache headers.
Tracking unique users is still easy (using a unique URL) - but tracking how many times they opened the email, or where they opened it from (IP address) or on what platform is now lost.
Re:They do see open rates (Score:4, Insightful)
Tracking unique users is still easy (using a unique URL)
Not if google simply opens all e-mail behind the scenes, regardless of whether the user exists or not.
Possible? (Score:4, Insightful)
Well, pulling all the images certainly solves the problem of having to display emails with images. The only reason we (I) don't click the display-images button is because the images allow us to be tracked, the images may have some sort of exploit (rare). Originally this used to be due to limited download speeds.
I suspect caching the images allow pre-processing of the images and therefore making the whole system more secure by default. Images could therefore be displayed in full by default with images, preferably with some large images being intelligently excluded by default.
Google could release a mass marketing email API/gateway and monetise that allowing marketeers access to data regardless of whether you open the images/email or not. This is slightly more valuable information.
Re: (Score:2)
I suspect caching the images allow pre-processing of the images and therefore making the whole system more secure by default.
I saw mention that Google will be transcoding them, so yeah, you should be more protected by exploits.
That said, I still turned off the showing of images by default because of the first issue you mention -- otherwise Google will still go out and download the tracking bugs.
Re:Possible? (Score:5, Informative)
Image formats have been used to compromise browsers in the past, so automatically loading images in your webmail or email client is a bad idea. Fortunately this is just a change from the default behavior so you can turn it off in the options.
In fact, Microsoft just patched a .tiff image format exploit last Tuesday [pcworld.com].
while (Marketer != Google) loop (Score:2)
And when the next JPEG or PNG exploit comes along (Score:2)
You'll get hit automatically! It's a win-win!
Re: (Score:3, Interesting)
No, because Google will scan the images for viruses and common inconsistencies, then convert them to raw pixel data, using there decoding libraries that don't have these exploits, and then re-encode them into consistent and buffer-overflow-free images, that will work on any old and/or bug-riddled operating system or browser used by the recipient.
I hope google will also re-sacale images when people embed 3000 DPI company logo's in HTML-emails.
Makes it easier? (Score:2)
As long as you're giving a unique url to each user who you email, this actually makes open-rate calculations a lot more accurate, doesn't it? Instead of a large percentage of your users never seeing the image, they'll all get loaded.
Sure you can't track cookies, get IP addresses, or any of that anymore...
I'm assuming Google is only downloading images of emails that people open. If Google is downloading every image of every email they get, then never mind.
if Google is smart, they download 1 copy, ignoring (Score:3)
If Google is smart, they'll download approximately 1 copy of each image, ignoring the tracking ID in the URL.
"Most successful tech company in the world" suggests that they may in fact be smart.
Re: (Score:2, Informative)
You make the tracking ID part of the image name. Set up a cgi to always return the same image regardless of what it is called. Use a fake hashed etag thingy so they are always different.
Google has to download the image to see if it is the same, marketing mission accomplished.
e.g. http://examplemarketing.com/images/gjdfkadfdhkhkfdhkdsfhkhfdsqiuqr.gif
Oh. Please send royalties to A.C. @ Slashdot.
The fix that breaks things (Score:3)
This fixes: opening ratio, opening time, user's IP.
This breaks: spammers will now have confirmation is the @gmail email is valid or not.
Re:The fix that breaks things (Score:5, Interesting)
If I were google, I would download images in all incoming messages regardless if they are intended for real email boxes or not. This would let them know which websites are being used for spam. The spam detector could use this information by pattern matching every image (regardless of relabling or website copying), and mark spam accordingly.
Down to a single info (Score:2)
img source = "img/target/example.com/0xDEADBEEF.png"
Yes, target@example.com received our email.
We don't know where he was, what tool he used and anything more.
Re: (Score:2, Interesting)
I suspect Google will load the image even if the gmail address is invalid, or else it would be an easy way to build a list of all valid gmail addresses. So your example does not indicate that it ended up in someones in-box (or spam box!), let along that someone actually opened the email.
What this is really (Score:3, Interesting)
is a monopoly tightening its grip on the market it monopolizes.
Re: (Score:2)
s a monopoly tightening its grip on the market it monopolizes.
On email? You really should look up the definition of monopoly.
I use gmail because i like it. I use it because it's the best free email service I can find, and I've tried quite a few of them.
I use google search because I like it. Back in the day when new search engines were coming out I used to switch between them quite often. Remember Altavista? Jeeves?
Google is not a monopoly. They play in markets with very very low barriers to entry. And a lot of users choose to use them, despite the numerous choi
Re: (Score:2)
Oh popycock! The market you refuse to acknowledge they are a monopoly in is... Wait for it... Marketing which this move is directed at. It attempts to limit the tracking to themselves being the only one who can track you albeit very poorly. Other marketers will have to find the loopholes in this strategy which gives Google the upper hand for a while.
Re: (Score:2)
Are you seriously saying google has a monopoly on Marketing?
Even assuming you're talking about just online media, there are plenty of other places to market than google. If you decided to boycott google you could :
Re: (Score:2)
Inefficient because Google is already there. Just try and find a site that doesn't use Google adsense and google analytics.
Re: (Score:2)
The slashdot homage showed me an AdChoices/AdSense banner for GoPro when I checked just now. CNN presently has a very nice background image ad for Volvo presented by Doubleclick, a Google subsidiary.
Re: (Score:2)
Old definitions of monopoly are perfectly fine to describe digital services.
If you can come up with an email service that's better than Gmail, I'd switch. Probably many other users would join me. While I do expect it to be free, i wouldn't rule out paying for something if there was value.
Same for search engines. Build me a search engine that finds stuff I want better than Google and I'll switch (as will others).
At that point, when you have the users, getting the advertisers is easy. Perhaps building suc
Worse, Google now blocks steganography too (Score:3, Interesting)
I'm surprised that everyone is focused only on how this affects advertisers. That might be just a decoy excuse for the modifications.
A far more fundamental change is that Google will now be transcoding all images, which inherently blocks the sender's ability to transmit steganographically hidden information with plausible deniability. I bet the NSA has been requesting Google to do that for ages, as it must have been an extreme headache to have to scan all images just to find the few with a hidden payloa
Re: Worse, Google now blocks steganography too (Score:4, Informative)
They're not caching attached images, they're caching linked images.
Re: (Score:2)
Facebook is the new Google.
Google is the new Apple.
Apple is the new Microsoft.
Microsoft is the new IBM.
IBM is the new Xerox.
It also beefs up security. (Score:2)
If I could likely deduce that inside our local software you owned an item with the id 9, I could email you:
Because the request goes out with your authorization cookie it'll executes successfully.
This is why you should only accept post requests for actions that change data and use xsrf tokens (that aren't stored in cookies, local storage, etc).
Re: (Score:2)
Did you accidentally a URL?
Re: (Score:2)
Sorry, my point was obscured because it ate my html. I was saying you could send a link like img src="http://10.10.10.10/things/delete?id=9" and that being in an email, gets sent with your auth cookies to the server and issues the delete without you realizing it.
In that sense it's a big plus for security, but also hurts your privacy like you're saying.
Re: (Score:2)
Oh I dare say it's far worse then that. Google might go so far as to grab images only when you open emails, but this opens up the possibility of using google to DoS a target. Think: Now merely sending an email out to millions will have google request those images millions of times, potentially drowning the unsuspecting site with requests.
Alternate Headline (Score:2)
change or same mistake I made about announcement? (Score:5, Informative)
Is this a new change, because after I saw the google announcement, I saw a report that they would share all that data about loading of images with marketers. End result: safer images, but just as much information for marketers, as along as they make nice with Google as 'official' email marketers. Would love to be wrong. Here's my source, Ars Technica article.
http://arstechnica.com/security/2013/12/dear-gmailer-i-know-what-you-read-last-summer-and-last-night-and-today/ [arstechnica.com]
Re: (Score:3)
No, you are completely misunderstanding that article.
Before mail clients stopped loading images by default, it was possible to embed a "web bug" image in an email. Essentially a transparent non-image that is referenced with a unique ID for each user. When the email was viewed, the mail client would request this web bug, and their server could record a) that this particular user opened the email, b) when they opened it, and c) whatever information they could glean from a normal HTTP request - where in t
Awesome for spam/tracking (Score:5, Insightful)
Actually, this is rather awesome for spam/tracking of "real" addresses.
Before silly users could refuse to load external tracking pixels with unique IDs, assigned to each email.
And now? It's auto-downloaded for everyone. Yay!
While absence of IP address, Referral (if tracking image was loaded via https) and Browser info is sad, "everyone now auto-loads images" waaaay outweighs it :P You won't hide from confirming that email address that easily ;)
Re: (Score:3, Interesting)
Re: (Score:2)
Now all the spammers will get their servers overloaded. If they send out millions of e-mails and they all immediately get "opened" by google trying to pull in the picture data.
I seriously doubt that. It would be rather dumb for them to cache these images on a per-email basis and not a per-URL basis. It sounds like they're just using a (modified) caching proxy. They'll likely grab and cache the image on its first ever request. All subsequent requests for that same image would then be served by the proxy's cache.
Wait, images? (Score:2)
You mean, like, attachments? Those are part of the email anyway.
Or are we talking about this weird new HTML-email thing I've been hearing so much about? Who even uses that crap. :P
Score one for Google (Score:2)
Tho, im sure they will do the tracking for their own purposes, this will help reduce 'bad things' from questionable sources. As always, its a trade-off.
Downsides: (Score:2)
Okay (Score:2)
So, presumably they don't actually rewrite the message as such, just change the way it's displayed in the web interface (through an intermediate proxy). Rewriting the message would break all those nice email verification systems, no?
So what about those people using IMAP and not GMail's web interface? Presumably, it's business as usual.
Fact is, if I don't want you to be able to know when I've loaded your images, I won't load your images unless I think they are vital. Which is why my mail-client doesn't do
Summary is wrong wrong wrong (Score:5, Informative)
This summary is garbage and complete misrepresents the implications of Gmail's change. (I already researched this last week and developed a solution to avoid cacheing with in-progress email images that might get replaced with final versions)
Every singe email marketing system already uses a unique image URL to identify a given recipient. This is frequently called a "tracking pixel" because it's usually a 1px transparent gif stuck in the corner of an email where it won't be distracting. In fact, this method has been used for web tracking as well for many years. It's how Google Analytics originally worked.
Since these unique images will still get loaded when an email is opened in Gmail, marketers will still be able to track your opens. What they won't see, however, is how many times you re-opened the email. And since the image gets cached and requested through Gmail's proxy, marketers won't get information about your machine like browser, IP address, etc. But if you click-through on a link, or you visited their site before (highly likely if you're on their mailing list) then they have most of that info anyways.
This caching by Gmail is primarily to speed up Gmail since it means images can be loaded and shared on Google's Content Delivery Network which is almost certainly faster than servers owned by the email campaign provider for image hosting.
Re: (Score:2)
Re: (Score:2)
Spammers still do the 1px thing? Who downloads images by default? .... probably most people not commenting on this thread.
Re: (Score:2)
Raises hand, at least from sources that I have flagged to do such. I have a variety of retailers, newsletters, etc where I prefer to read the full HTML email, with images, rather than just text only with markup that might look correct without images turned on.
Yes I understand the implications of having images turned on. Yes I don't give a crap if Newegg knows which emails that I read or my kids school knows that received their newsletter.
Salesforce (Score:2)
Schizophrenic google (Score:3)
So do they want privacy or not?
On one hand they're claiming to serve up images by proxy to protect users privacy, on the other hand, they're using Google+ and youtube to force users to display their real name.
We had the issue where Google started forcibly customizing google services for you based on you signing up for Google+. When I signed up a couple years ago, it broke my news archive search, because it would only search news sites in Korea, and in Korean despite having everything in English and my account being created in Canada (I happen to be in Korea). While several months later that was actually fixed, they also went ahead and first removed the insanely useful timeline from the archive, and then just recently killed off the archive entirely, because who could ever want to read news more than 30 days old.
Butchering services, heavy handed user manipulation, my patience with google is quickly wearing thin.
Re: (Score:2)
I don't really see where the problem is. You shouldn't be using horrible kluges to track your campaigns anyway. Even if it did kill your ability to track who is opening what... who fucking cares? The fact that a person opens an email has absolutely no bearing on whether or not they're going to buy it. Email marketing is still interruption marketing, for the most part. It's flawed in its basic premise. Innovation is the only way to stay in business long term. Stay ahead of the curve, it's more profitable. Ad