Tuesday, 24 December 2013

Gmail increased image security

Gmail has taken the excellent step of increasing image safety in emails by pre-loading them and presenting transcoded images by proxy. This means it's safe for you to always show images in Gmail now, and you as a user don't need to make a security decision whenever an email contains pictures. That's good, because people are, on the whole, pretty bad at making security decisions. However, Gmail's new functionality is also disruptive to old marketing email practices.

It used to be the case that embedded email images could track who had opened an email and when, by using a unique address for the image in each individual email. Whenever that address was accessed, you could know who was looking at that email. Now that Google hides all image loading behind a proxy, you can't really rely on it any more. It doesn't tell you that an email address is valid, because Google might open that image anyway for an invalid email address, and you can't tell that a particular person opened the email either, because of the same image pre-loading. This could be pretty big.

Mokalus of Borg

PS - It's one of those situations where we win, Google wins and spammers lose.
PPS - Google's win here is a more usable and more secure email service.

No comments: