Gmail images

Google today announced that it is (for better or worse) finally going to get rid of that annoying "show images" button in Gmail

The gist is that embedded images will be routed through Google's severs and then transcoded, ensuring you won't get hit with any malware. If you're worried about bandwidth — or just don't want to fix something that's not broken for you in the first place — you'll be able to keep the status quo in the settings.

The web version of Gmail is up first, and the mobile apps will see this feature early next year.

Source: Gmail Blog

 
There are 46 comments

Telomir says:

About time - well played, Google!

For some reason I like to hit the show images button on my phone. But I guess changes happen.

Posted via Android Central App

benurd says:

This is a cool change for most, but I get emails from everyone concerning everything. I can't take the risk of opening an email and nudes pop out and I'm at work or something haha. I'll opt out.

Posted via my Nexii 4 using the Android Central App

YzBrad99 says:

Stop acting like women send you nudes to your email. lol

tdizzel says:

I don't remember him saying it was women

Posted via Android Central App

Nice one

Posted via Android Central App

NoNexus says:

Well played

----------------------------------------------------
My phone can beat up your phone. It's bigger, badder and has more moves. If worse comes to worse, it also comes with a sword.

MERCDROID says:

Lol

Posted from my "Gift from God" Nexus 5

icebike says:

I'm guessing work is the only place most people use the web interface to gmail.

With every mainstream email package able to handle Gmail via Imap, there is no reason to suffer the web interface.

skbgiants says:

Finally

Posted via Android Central App

Fr3lncr says:

Now how long before the native Email app gets this as well? Hopefully not too long. It's one of those features everyone else has that Android doesn't.

mobilewill says:

I can't say I am completely happy about this. I hope its something you can turn off. Only because if you are at work its nice to have images off.

movielover76 says:

Did you read the post? it says you'll be able to turn it off in the settings.

92turbo2 says:

Stop reading porn emails at work LOL

Posted via Android Central App

tdizzel says:

... not gonna read article... just... gonna... comment...

Posted via Android Central App

MERCDROID says:

Didn't you hear? Reading is no longer fundamental.

Posted from my "Gift from God" Nexus 5

John-Smith says:

TLDR

return_0 says:

Four letters... do you really expect me to read all that?!!??!?!!!?!????!!!!!!?!?!??!

Yes, I know someone will say the same about this comment... :P

Nice.Thanks Google you are the best :-)

Posted via Android Central App from Nexus 7 2013

movielover76 says:

Welcome change in my book, thanks google :)

Gekko says:

great news.

McDaddyTree says:

About time...I keep telling to always show messages from senders (including Google stuff) and every time I open a new email I still have to click on show images which is rather annoying so I'm glad to see this coming.

Saturn1217 says:

Sounds good to me. I can't think of any time when I've ever wanted NOT to show images in an email so yay!

knahrvorn says:

I can. Automatically showing an image loaded from a server in an email is a convenient way for a spammer to verify that he's spamming an active email address. Other than that, a welcome change.

Posted via Android Central App

knahrvorn says:

Oh, I see that someone else already commented on this :-)

Posted via Android Central App

Jamookie says:

Exactly what I was going to comment. Google's newest feature: Auto address validation to spammers. So, what was wrong with white listing addresses for future e-mail with a click, and people in your address book being white listed?

Finally, lol. This was getting so annoying because sometimes you would click the damn thing and then they next time u got an email from the same person it would still ask you again for whatever odd reason

Posted via Android Central App

dchawk81 says:

I'm guessing you didn't click "always show images from this sender."

W1zz says:

Finally... this was getting tiring. Especially for Rom installers, it's no fun going through enabling for everything all over.

ScottJ says:

The reason the hiding of images was implemented by Google was to prevent spammers from using image retrieval to confirm that an email address was valid. They could embed your email address in the call to the image and they would know that the email address is valid when you retrieved it.

It looks like Google has solved this by becoming the middle-Man between you and the image, probably stripping out the portions of the address that identify the source the outbound request.

devorama says:

The blog post doesn't mention anything about removing identifiable information from the image http request. All it says is that it proxies them and scans for viruses and malware. Besides, it may not be obvious how the image URL is encoding your email address. It could be hashed to anything. I think the spammer confirmation risk is still there.

icebike says:

Exactly.
Unless Google strips out those Unique Identifying images from the email source all the tracking capabilities are still there.

Almost every email with images has some tracking images embedded with Unique Ids.
Often these are single pixel images. Some of these are under a HTTPS url, so Google can't realistically proxy them.

There are companies that provide this as a service: Google emltrk and take the first hit. There is an image from that company in every american express email as well as hundreds of other companies. Look for that in the source of you emails. It is always a link to a one pixel image with a unique name.

Showing the pictures is self serving, protecting google's interests (advertising). They aren't doing you any favors here. They are helping themselves out.

jsabo says:

This is really going to come down to how Google implements this feature.

The tracking pixel is going to keep count of how many times you open the email, and cookies are probably used to see if you clicked through or were a prior visitor.

The cookies probably break no matter what-- unless Google's going to violate a very basic tenant of the HTTP protocol, they aren't allowed to read cookies set by another domain. That means that when they proxy the request, that data won't be sent, and any cookie sent back won't be set.

Google could easily break that, particularly in the app, but I think they'd get too much heat if it was discovered that they were sending other company's cookie data back to their own servers; they've had too much history of hanging onto data they weren't supposed to.

The count will depend on how Google implements this.

If they simply proxy every request, then things should be fine.

However, there's an argument to be made that rather than proxying every time, they would cache the result so they don't have to deal with all those requests and transcoding. In that case, it wouldn't ever look like you opened a message more than once. There are a lot of reasons NOT to do this, such as missing out that an image changed on the remote server, but it's not outside the realm of possibility that Google might roll the dice and try to save themselves some bandwidth.

Further, Google might look at preemptively caching the images-- if a newsletter's going to 1M people, why not grab all those graphics as soon as the first message arrives, rather than waiting for someone to open it? Better to take the server hit once at 2AM than deal with it at 9AM when everyone gets to work.

In that situation, the tracking pixel is going to record that EVERYONE opened the email, because Google went and snagged a copy.

HTTPS really doesn't change anything-- Google can't IMPERSONATE being the remote server, but they can proxy it without issue. Your email is almost certainly going to be rewritten so that all the image links now go to the proxy instead of the original location, so as far as you know, you're just trying to get all your images from Google.

icebike says:

Wait, this has nothing to do with coolies. You'r totally on the wrong track here.

These things embed a unique URL for this image in your mail and then they simply watch their web logs in real time to see if it was fetched when the mail was opened.

They don't need cookies. Your browser fetched the image, therefore they know the email address they sent it to is valid, and you saw the email. That's all they wanted.

And google is now going to hand that to them, by fetching them when you use the web interface.

If google fetches these for you in the background even before you open the gmail webpage, (i.e. without your permission), the trackers STILL win, because they know your email address is valid. I don't think Gmail will do this because it just helps the spammers.

The only way you can avoid helping the trackers is use gmail via IMAP clients (Thunderbird, K-9) or turn this feature of Gmail-Web off. They don't fetch the images at all unless you ask/set them to.

TekNiKal says:

Great thread within the comments. There's some good info here. Thanks.

SEAJeff says:

Ars explained this in a lot more detail... Basically, Google sees the same image listed in many emails and downloads it to their cache, then rewrites all of the related emails and strips out the image call with all of its embedded UID info and replaces it to a link to the image in Google's cache. This will piss off the marketers, but it makes Gmail much more private for users who don't want to announce to marketers that they have opened an email. See http://arstechnica.com/information-technology/2013/12/gmail-blows-up-e-m...

Posted via Android Central App

decypher44 says:

Finally!!!

Posted via Android Central App

jimbo says:

I think all these images will significantly add to our phone storage. I haven't found an easy way to selectively purge old image data.

Suggestions?

MERCDROID says:

Clear cache =)

Posted from my "Gift from God" Nexus 5

Jamookie says:

You missed the word "selectively".

rawpower87 says:

Yes!

Posted via my Galaxy S 4 Google Edition

hmmm says:

I think it would have been nice to have to click from a sender one time to enable and then have that remembered on google's servers accross devices so that you never have to click it again if you don't want regardless of device or chronic rom flashing. It could be one of the sync options, sort of like remembering tabs or syncing passwords or bookmarks. Yes, for me it was annoying everytime I would flash a rom or buy a new device or whatever I'd have to enable them all over again but if google just remembered your selection on their servers it would solve that part of it and sort of be a middle ground vs either all on or all off.

About time

Posted via Android Central App

I don't mean to bitch, but that first sentence is horribly constructed. Because you've chosen a passive construction, it reads awkwardly. Today didn't do the announcing, Google did; therefore, "Today Google announced..." would have been the proper way to construct the sentence.

jonnyships says:

Interesting. This will make impacts in the marketing industry. Last I checked, COs were still serving up php mime-type image for php files and measuring card viewings that way.

It's about time , that is kind of annoying

Posted via Android Central App