×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Makes It Harder For Marketers To Collect User Data

timothy posted about 4 months ago | from the no-peeking-now dept.

Google 195

cagraham writes "In a seemingly minor update, Google announced that all Gmail images will now be cached on their own servers, before being displayed to users. This means that users won't have to click to download images in every email now — they'll just automatically be shown. For marketers, however, the change has serious implications. Because each user won't download the images from a third-party server, marketers won't be able to see open-rates, log IP addresses, or gather information on user location and browser type. Google says the changes are intended to enhance user privacy and security."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

195 comments

And google will retain that info exclusively. (5, Insightful)

Spamalope (91802) | about 4 months ago | (#45697279)

While I applaud the move, it is about competitive advantage for Google.

Re:And google will retain that info exclusively. (3, Informative)

dotancohen (1015143) | about 4 months ago | (#45697297)

While I applaud the move, it is about competitive advantage for Google.

Google already knew which emails you have or haven't read. So does every other email client, web-based or IMAP / POP3.

Re:And google will retain that info exclusively. (4, Insightful)

jaseuk (217780) | about 4 months ago | (#45697361)

Yes and the point the summary misses, is that the images are used to verify that you have received and viewed the e-mail. This is far more important than browser types / locations etc.

It also prevents some evil things, such as first time you hit the page you get a drive by, the second time (with cookie set) you get the actual image and all seems fine.

Jason.

Re:And google will retain that info exclusively. (5, Insightful)

pradeepsekar (793666) | about 4 months ago | (#45697489)

The article does not state of all images would be cached automatically even if you have not read your mail. It only says that images would be served through a Google proxy server, which caches the images.

So if Google proxies and caches the images when you open the mail, there is no protection added from marketers, except for the fact that Google can scan the images for exploits.

And if Google proxies and caches the images as soon as the service receives the mail, marketers can verify if the address is a valid gmail address or not by just sending mails and waiting for Google to cache the image. Expect more spam if this is the case.

There will be true protection from email tracking only if Google caches the images in all emails it receives, even if the email address is invalid - and that would increase the load on Google servers quite a bit.

Re:And google will retain that info exclusively. (2)

HiThere (15173) | about 4 months ago | (#45697687)

But if they're doing reasonable de-duping, then only the first person to click on the image will register. Everyone else will hit the cache. To avoid this every email would need a separate link to the picture.

Hah (1)

Anonymous Coward | about 4 months ago | (#45697705)

Yeah, because it will take all of two seconds to generate a unique tracking bug per email address. Two 32 bits pixels offers a lot of data storage.

Re:Hah (1)

jaseuk (217780) | about 4 months ago | (#45697715)

Yep and in fact despite what I said earlier, this could be worse. If google pre-fetch every image for instance, then this could have some horrid consequences. Such as confirming e-mail addresses.

Jason

Re:Hah (3, Interesting)

TheRaven64 (641858) | about 4 months ago | (#45698763)

Not necessarily. A lot of email virus scanners will pre-fetch images and follow links in emails, for example. They'll do it even if they're just forwarding the mail to another server, and sometimes before the mail even gets to the delivery agent.

Re:Hah (1)

Reeses (5069) | about 4 months ago | (#45698565)

Which is what most direct marketers do. Images in marketing emails are not embedded, they're links to remote images ( tag FTW!). Most images have a hashed part of its URL that is your "unique" identifier in their logs.

What the cache will likely do is pre-emptively grab the images, triggering higher hit rates on the marketer's servers, leading them to believe more people are reading their emails, meaning more spam.

Re:Hah (1)

icebike (68054) | about 4 months ago | (#45698785)

What the cache will likely do is pre-emptively grab the images, triggering higher hit rates on the marketer's servers, leading them to believe more people are reading their emails, meaning more spam.

Supposedly Google only hits the image when you request the mail, and then only from a web browser. So the best thing to do is use an email client with image suppression on.

But If google decides to hit every image even before you read the mail, they initially play right into the hands of the spammers. However, other than verifying that the email address exists, it may make this uniquely coded url a useless indicator for the spammers. Why go to the trouble when every single one of them will verify?

Re:And google will retain that info exclusively. (2)

blippo (158203) | about 4 months ago | (#45697773)

Isn't this what everyone does today? I thought the whole point of tracker images was personal urls like 'img158294.png'.

It won't help the users privacy a bit, or actually make it worse since users can't ignore image attachments anymore - google automatically hit the tracker url for them...

Re:And google will retain that info exclusively. (0)

Anonymous Coward | about 4 months ago | (#45697915)

google automatically hit the tracker url for them...

I think that's the problem. Marketers won't know when YOU have read their email. Google's marketing team, however, will know.

Re:And google will retain that info exclusively. (1)

Anonymous Coward | about 4 months ago | (#45698273)

I'd keep an eye on their APIs to see when they start to SELL back this

Re:And google will retain that info exclusively. (2)

icebike (68054) | about 4 months ago | (#45698759)

De-duping of images that have unique names keyed to your email address? Really?

All the spammer has to do is watch his web server logs to know that the address was a REAL email address, because google will be hitting every one of those images.

Since spammers arrange to never receive bounced mail, the uniquely coded embedded image url has been the favorite tactic for email verification for over 10 years. Google is going to give these guys a gift.

Read your gmail from a email client (pop or imap) and hope Google is smart enough not to hit those links unless you are using a web browser.

Re:And google will retain that info exclusively. (4, Insightful)

KiloByte (825081) | about 4 months ago | (#45697725)

And if Google proxies and caches the images as soon as the service receives the mail, marketers can verify if the address is a valid gmail address or not by just sending mails and waiting for Google to cache the image. Expect more spam if this is the case.

Verifying that foobar@gmail.com is a valid address doesn't give spammers any real information: the namespace is so full even most pwgen outputs point to existing names, as long as you don't have embedded numbers (on gmail, addresses seem to have numbers at the end).

Thus, that check can be quite simplified to "does a Markov chain say this string of letters is pronounceable?". Not a big benefit to a spammer. On the other hand, they don't get told anything about the recipient anymore.

While for a small mail provider this change might leak some info, for Gmail it seems to be nearly entirely positive.

I for one don't use Gmail for privacy reasons, and don't fetch remote images, but good luck training aunt Lucy about that.

Re:And google will retain that info exclusively. (0)

Anonymous Coward | about 4 months ago | (#45698077)

"And if Google proxies and caches the images as soon as the service receives the mail, marketers can verify if the address is a valid gmail address or not by just sending mails and waiting for Google to cache the image. Expect more spam if this is the case."

Marketeers already know the address exists the moment they get a 200 on the RCPT TO: header. Spammers, using botnets, generally don't care about the maildelivery itself, for these the autodownload of images is extra information.

Re:And google will retain that info exclusively. (3, Insightful)

icebike (68054) | about 4 months ago | (#45698817)

Marketeers already know the address exists the moment they get a 200 on the RCPT TO: header. Spammers, using botnets, generally don't care about the maildelivery itself, for these the autodownload of images is extra information.

Spammers do everything in their power not to get bounce messages. They do everything they can to not personally contact your (google's) mail server.

The fact that uniquely encoded image URLs are embedded in virtually ALL spam and UCE should be proof enough for you that you haven't thought your argument through. Go look at your email raw view someday.

Re:And google will retain that info exclusively. (3, Interesting)

hairyfeet (841228) | about 4 months ago | (#45698069)

Do those even work anymore on anything other than XP? Because I fix PCs 6 days a week and I haven't seen one in years. The way most folks get infected nowadays is 1.- "Hey its your (insert friend's name) on (insert IM) and I found this great new thing that made my PC faster, just (click this link,push this button)". 2.- "You want to see teh lesbians? To watch this hot video just run 'IzNotViruzIzCodec.exe'". 3.- (insert friend name) just sent you an e-card for (insert holiday), just go here and receive your e-card!" 4.- "Oh noes, you have teh viruz OMG! Run 'IzNotViruzIzCleaner.exe' to get rid of it". That last one works well on old folks BTW

As for TFA yet again another change that fucks the user or takes a valuable tool away from the user while giving Google more power....are we even surprised anymore? the only nice thing about Google in the last year is only the hardcore Googleaid drinkers buy the "Do no evil" "don't be evil" horseshit, the rest of the world can see its as much bullshit as "think different" and "where do you want to go today", Google has become just as nasty as the other two and in some ways worse.

Ehh, not quite (0)

Anonymous Coward | about 4 months ago | (#45697603)

pop3 doesn't tell anyone which messages you read, only that you received them.

Re:Ehh, not quite (1)

znrt (2424692) | about 4 months ago | (#45697701)

email protocol is irrelevant here.

if you use a local email client, what is relevant is under which circumstances it decides to accesss those image urls for display, regardless of protocol.
if you use a web client you are screwed anyway (as in "you have absolutely no control over what is accessed by whom and when").

Re:Ehh, not quite (0)

Anonymous Coward | about 4 months ago | (#45698587)

Why would you allow images to be accessed from an email message? Yeah of course then you can be tracked.

Re:And google will retain that info exclusively. (0)

Anonymous Coward | about 4 months ago | (#45698885)

Yes, the point is that now other people don't know... Hence the competitive advantage gained.

Re:And google will retain that info exclusively. (2, Interesting)

Anonymous Coward | about 4 months ago | (#45697329)

Yep. And the security angle is overrated for two reasons:

1. NSA
2.Most mailing software generates unique images to track opens, so you're still being tracked. It's actually decreases privacy for Google to auto-download the images.

Re:And google will retain that info exclusively. (1)

Lisias (447563) | about 4 months ago | (#45697381)

Most mailing software generates unique images to track opens, so you're still being tracked. It's actually decreases privacy for Google to auto-download the images

As a matter of fact, it does nothing about privacy. What it does is just make it useless.

As Google *always* cache the image, the sender does not knows anymore when or even if the image was viewed and, so, doesn't knows anymore if the email was opened.

Re:And google will retain that info exclusively. (3, Informative)

EvanED (569694) | about 4 months ago | (#45697511)

As Google *always* cache the image, the sender does not knows anymore when or even if the image was viewed and, so, doesn't knows anymore if the email was opened.

If they have specific knowledge about Gmail. Unfortunately, mailers that don't would make the more dangerous assumption (that you read the mail) under that behavior.

But anyway, even that's not true because under Gmail's new setup, the first download will still come when the user opens the mail and loads the images. At least, that's the best information I can find on this [techcrunch.com]. I also saw a comment somewhere a couple of days ago by someone who claimed to have tested that behavior, and checked that the load of the image came when the mail was opened.

Ad broker + NSA (2, Insightful)

Anonymous Coward | about 4 months ago | (#45698403)

From the OP: "Google says the changes are intended to enhance user privacy and security."

I find this lie from google/doubleclick insanely funny yet darkly cynical.

To enhance user privacy and security, don't use services from this huge ad broker which has a small army of lobbyists working Washington to prevent laws that would harness our privacy, and which works with the NSA to rape our liberty and privacy. If you use gmail, you should have no expectations of privacy or security whatsoever. That would be insane. It is everything their prime directive is not - i.e. make money of your privacy.

Re:And google will retain that info exclusively. (0)

Anonymous Coward | about 4 months ago | (#45698899)

2.Most mailing software generates unique images to track opens, so you're still being tracked. It's actually decreases privacy for Google to auto-download the images.

No, it still helps here, because google will download all of the images. The spammers rely on you downloading them only when you read the message to tell that you read it.

Harder for **Other** Marketers (4, Insightful)

perpenso (1613749) | about 4 months ago | (#45697411)

Yeah. The move is to make things harder for **other** marketers. For the marketer named Google it confers advantages.

Re:And google will retain that info exclusively. (1)

PureRain (231574) | about 4 months ago | (#45697567)

Now that marketing departments cannot track emails being viewed, the next move by Google will be to sell this tracking information back to the companies' marketing departments. They will probably set up a protocol to do it, or a nice dashboard/UI for it. In fact this might be good for smaller companies whose marketing/IT departments are small such that they don't have the ability to code in tracking images and cookies. Even good for larger companies - would cut down the infrastructure and development time; no more needing to host images on a server, with databases, etc...

Could be good for everyone involved.

Re:And google will retain that info exclusively. (3, Interesting)

icebike (68054) | about 4 months ago | (#45698689)

While I applaud the move, it is about competitive advantage for Google.

If you applaud this you haven't thought it out very far.

Almost ever SPAM has small uniquely named images embedded. Often single pixel images.
These are encoded to your email address. If you fetch this image, your email address is VERIFIED. You just did the spammer a favor.

If you were reading the email with a mail client, you would NEVER fetch these, because 1) spam is spam, and 2) most
email clients don't download images by default and most email recipients are just fine with that.

With Google pre-fetching all of these, every GMAIL address id Verified for the Spammers.

Its not a well thought out scheme at all. No sensible person would read Gmail with a web browser from now on.
The wise choice is to use a traditional Email Client, (something like Thunderbird, Kmail, k-9 mail, Evolution, etc), and set them not to load images at all.

Re:And google will retain that info exclusively. (0)

Anonymous Coward | about 4 months ago | (#45698877)

You don't make any sense. Your email address is "verified" the moment the SMTP server send a "250 Recipient OK".

Cutting into their business (5, Funny)

Anonymous Coward | about 4 months ago | (#45697293)

Of course they're cracking down hard - stealing user data is Google's job...they don't like the competition.

Re:Cutting into their business (0)

Anonymous Coward | about 4 months ago | (#45697487)

It really is just this: "Don't be evil (because we don't like competition)"

They do see open rates (3, Informative)

Anonymous Coward | about 4 months ago | (#45697317)

The cache system honors no-cache headers. As long as your images are served no-cache, you do see exactly when the email was opened, since the GMail servers refetch it every time. If each user gets a unique URL, you know exactly who opened the email.

Re:They do see open rates (5, Interesting)

Anonymous Coward | about 4 months ago | (#45697961)

Multiple tests by multiple individuals have shown that they do NOT honor any of the various no-cache headers.

Tracking unique users is still easy (using a unique URL) - but tracking how many times they opened the email, or where they opened it from (IP address) or on what platform is now lost.

Possible? (3, Insightful)

Tim12s (209786) | about 4 months ago | (#45697323)

Well, pulling all the images certainly solves the problem of having to display emails with images. The only reason we (I) don't click the display-images button is because the images allow us to be tracked, the images may have some sort of exploit (rare). Originally this used to be due to limited download speeds.

I suspect caching the images allow pre-processing of the images and therefore making the whole system more secure by default. Images could therefore be displayed in full by default with images, preferably with some large images being intelligently excluded by default.

Google could release a mass marketing email API/gateway and monetise that allowing marketeers access to data regardless of whether you open the images/email or not. This is slightly more valuable information.

Re:Possible? (2)

EvanED (569694) | about 4 months ago | (#45697367)

I suspect caching the images allow pre-processing of the images and therefore making the whole system more secure by default.

I saw mention that Google will be transcoding them, so yeah, you should be more protected by exploits.

That said, I still turned off the showing of images by default because of the first issue you mention -- otherwise Google will still go out and download the tracking bugs.

Re:Possible? (4, Informative)

symbolset (646467) | about 4 months ago | (#45697761)

Image formats have been used to compromise browsers in the past, so automatically loading images in your webmail or email client is a bad idea. Fortunately this is just a change from the default behavior so you can turn it off in the options.

In fact, Microsoft just patched a .tiff image format exploit last Tuesday [pcworld.com].

Uruguay's president José Mujica: no pal (-1)

Anonymous Coward | about 4 months ago | (#45697333)

Uruguay's president José Mujica: no palace, no motorcade, no frills

        In the week that Uruguay legalises cannabis, the 78-year-old explains why he rejects the 'world's poorest president' label

        Jonathan Watts in Montevideo
        The Guardian, Friday 13 December 2013 13.37 GMT

        Article: http://www.theguardian.com/world/2013/dec/13/uruguay-president-jose-mujica [theguardian.com]
        Author: http://www.theguardian.com/profile/jonathanwatts [theguardian.com]

        =

        Image: http://static.guim.co.uk/sys-images/Guardian/About/General/2013/12/11/1386784118202/Jos--Mujica-009.jpg [guim.co.uk]

        José Mujica, the Uruguayan president, at his house in Montevideo. Photograph: Mario Goldman/AFP/Getty Images

        =

        "If anyone could claim to be leading by example in an age of austerity, it is José Mujica, Uruguay's president, who has forsworn a state palace in favour of a farmhouse, donates the vast bulk of his salary to social projects, flies economy class and drives an old Volkswagen Beetle.

        But the former guerrilla fighter is clearly disgruntled by those who tag him "the world's poorest president" and â" much as he would like others to adopt a more sober lifestyle â" the 78-year-old has been in politics long enough to recognise the folly of claiming to be a model for anyone.

        "If I asked people to live as I live, they would kill me," Mujica said during an interview in his small but cosy one-bedroom home set amid chrysanthemum fields outside Montevideo.

        The president is a former member of the Tupamaros guerrilla group, which was notorious in the early 1970s for bank robberies, kidnappings and distributing stolen food and money among the poor. He was shot by police six times and spent 14 years in a military prison, much of it in dungeon-like conditions.

        Since becoming leader of Uruguay in 2010, however, he has won plaudits worldwide for living within his means, decrying excessive consumption and pushing ahead with policies on same-sex marriage, abortion and cannabis legalisation that have reaffirmed Uruguay as the most socially liberal country in Latin America.

        Praise has rolled in from all sides of the political spectrum. Mujica may be the only leftwing leader on the planet to win the favour of the Daily Mail, which lauded him as a trustworthy and charismatic figurehead in an article headlined: "Finally, A politician who DOESN'T fiddle his expenses."

        But the man who is best known as Pepe says those who consider him poor fail to understand the meaning of wealth. "I'm not the poorest president. The poorest is the one who needs a lot to live," he said. "My lifestyle is a consequence of my wounds. I'm the son of my history. There have been years when I would have been happy just to have a mattress."

        He shares the home with his wife, LucÃa Topolansky, a leading member of Congress who has also served as acting president.

        As I near the home of Uruguay's first couple, the only security detail is two guards parked on the approach road, and Mujica's three-legged dog, Manuela.

        Mujica cuts an impressively unpolished figure. Wearing lived-in clothes and well-used footwear, the bushy-browed farmer who strolls out from the porch resembles an elderly Bilbo Baggins emerging from his Hobbit hole to scold an intrusive neighbour.

        In conversation, he exudes a mix of warmth and cantankerousness, idealism about humanity's potential and a weariness with the modern world â" at least outside the eminently sensible shire in which he lives.

        He is proud of his homeland â" one of the safest and least corrupt in the region â" and describes Uruguay as "an island of refugees in a world of crazy people".

        The country is proud of its social traditions. The government sets prices for essential commodities such as milk and provides free computers and education for every child.

        Key energy and telecommunications industries are nationalised. Under Mujica's predecessor, Uruguay led the world in moves to restrict tobacco consumption. Earlier this week, it passed the world's most sweeping marijuana regulation law, which will give the state a major role in the legal production, distribution and sale of the drug.

        Such actions have won praise and â" along with progressive policies on abortion and gay marriage â" strengthened Uruguay's reputation as a liberal country. But Mujica is almost as reluctant to accept this tag as he is to agree with the "poorest president" label.

        "My country is not particularly open. These measures are logical," he said. "With marijuana, this is not about being more liberal. We want to take users away from clandestine dealers. But we will also restrict their right to smoke if they exceed sensible amounts of consumption. It is like alcohol. If you drink a bottle of whisky a day, then you should be treated as a sick person."

        Uruguay's options to improve society are limited, he believes, by the power of global capital.

        "I'm just sick of the way things are. We're in an age in which we can't live without accepting the logic of the market," he said. "Contemporary politics is all about short-term pragmatism. We have abandoned religion and philosophy ⦠What we have left is the automatisation of doing what the market tells us."

        The president lives within his means and promotes the use of renewable energy and recycling in his government's policies. At the United Nations' Rio+20 conference on sustainable development last year, he railed against the "blind obsession" to achieve growth through greater consumption. But, with Uruguay's economy ticking along at a growth rate of more than 3%, Mujica â" somewhat grudgingly, it seems â" accepts he must deliver material expansion. "I'm president. I'm fighting for more work and more investment because people ask for more and more," he said. "I am trying to expand consumption but to diminish unnecessary consumption ⦠I'm opposed to waste â" of energy, or resources, or time. We need to build things that last. That's an ideal, but it may not be realistic because we live in an age of accumulation."

        Asked for a solution to this contradiction, the president admits he doesn't have the answers, but the former Marxist said the search for a solution must be political. "We can almost recycle everything now. If we lived within our means â" by being prudent â" the 7 billion people in the world could have everything they needed. Global politics should be moving in that direction," he said. "But we think as people and countries, not as a species."

        Mujica and his wife chat fondly about meetings with Che Guevara, and the president guesses he is probably the last leader in power to have met Mao Zedong, but he has mixed feelings about the recent revolts and protests in Brazil, Turkey, Egypt and elsewhere. "The world will always need revolution. That doesn't mean shooting and violence. A revolution is when you change your thinking. Confucianism and Christianity were both revolutionary," he said.

        But he is cynical about demonstrations organised by social networks that quickly dissolve before they have a capacity to build anything lasting. "The protesters will probably finish up working for multinationals and dying of modern diseases. I hope that I am wrong about that."
        Life history
        Shot, arrested, jailed and elected

        1969 Active in the Tupamaros revolutionary group, which earned a reputation as the "Robin Hood guerrillas" by robbing delivery trucks and banks and distributing the food and money among the poor.

        1970 Arrested for the first of four times. Mujica escapes Punta Carretas prison in a daring jailbreak. Shot and wounded numerous times in conflicts with security forces.

        1972 Imprisoned again. Remains in jail for more than a decade, including two years' solitary confinement at the bottom of a well, where he speaks to frogs and insects to maintain his sanity.

        1985 Constitutional democracy is restored in Uruguay and Mujica is released under an amnesty law.

        1994 Elected deputy and arrives at the parliament building on a Vespa scooter. A surprised parking attendant asks: "Are you going to be here long?" Mujica replies: "I certainly hope so."

        2009 Wins presidential election. Only words to the media that day: "Despite all this lip service, the world is not going to change." Adopts a ruling style closer to centre-left administrations of Lula in Brazil and Bachelet in Chile, rather than harder-left leaders such as Hugo ChÃvez.

        2012 Lauded for a speech at the UN's Rio+20 global sustainability conference in which he calls for a fight against the hyper-consumption that is destroying the environment. "The cause is the model of civilization that we have created. And the thing we have to re-examine is our way of life."

        2012 Announces that the presidential palace would be included among the state shelters for the homeless. Meanwhile, Mujica continues to live in his small farmhouse outside Montevideo.

        2013 Mujica's government pushes the world's most progressive cannabis legalisation bill through Congress. "This is not about being free and open. It's a logical step. We want to take users away from clandestine business," he says.

        Additional reporting by Mauricio Rabuffetti"

        © 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

        =

        Links within article (excluding the photo) not included here

        =

        The New Zealand Copyright Act 1994 specifies certain circumstances where all or a substantial part of a copyright work may be used without the copyright owner's permission. A "fair dealing" with copyright material does not infringe copyright if it is for the following purposes: research or private study; criticism or review; or reporting current events.

And when the next JPEG or PNG exploit comes along (1)

93 Escort Wagon (326346) | about 4 months ago | (#45697343)

You'll get hit automatically! It's a win-win!

Re:And when the next JPEG or PNG exploit comes alo (3, Interesting)

Anonymous Coward | about 4 months ago | (#45697495)

No, because Google will scan the images for viruses and common inconsistencies, then convert them to raw pixel data, using there decoding libraries that don't have these exploits, and then re-encode them into consistent and buffer-overflow-free images, that will work on any old and/or bug-riddled operating system or browser used by the recipient.
I hope google will also re-sacale images when people embed 3000 DPI company logo's in HTML-emails.

Makes it easier? (1)

WPIDalamar (122110) | about 4 months ago | (#45697351)

As long as you're giving a unique url to each user who you email, this actually makes open-rate calculations a lot more accurate, doesn't it? Instead of a large percentage of your users never seeing the image, they'll all get loaded.

Sure you can't track cookies, get IP addresses, or any of that anymore...

I'm assuming Google is only downloading images of emails that people open. If Google is downloading every image of every email they get, then never mind.

if Google is smart, they download 1 copy, ignoring (2)

raymorris (2726007) | about 4 months ago | (#45697521)

If Google is smart, they'll download approximately 1 copy of each image, ignoring the tracking ID in the URL.

"Most successful tech company in the world" suggests that they may in fact be smart.

Re:if Google is smart, they download 1 copy, ignor (2, Informative)

Anonymous Coward | about 4 months ago | (#45697625)

You make the tracking ID part of the image name. Set up a cgi to always return the same image regardless of what it is called. Use a fake hashed etag thingy so they are always different.
Google has to download the image to see if it is the same, marketing mission accomplished.

e.g. http://examplemarketing.com/images/gjdfkadfdhkhkfdhkdsfhkhfdsqiuqr.gif

Oh. Please send royalties to A.C. @ Slashdot.

cached without login? (1)

Anonymous Coward | about 4 months ago | (#45697355)

cached when you open the email or cached if you are not even logged in? this could either verify active email addresses for spammers or hinder spammers, which is it?

The fix that breaks things (2)

Kvasio (127200) | about 4 months ago | (#45697373)

This fixes: opening ratio, opening time, user's IP.

This breaks: spammers will now have confirmation is the @gmail email is valid or not.

Re:The fix that breaks things (0)

Anonymous Coward | about 4 months ago | (#45697581)

You mistakingly assume spammers care about someone reading there spam. They could test whether there mail makes it through Googles spam-filter, yet they send it to millions of gmail addresses anyway, all ending up in users spam boxes, never to be read.
Spammers are not in the product selling business, they are in the mail sending business. They are paid for each mail send, even if they know in advance that the millions of copies they send to gmail addresses will all end up in spam-boxes.
It doesn't have to work when someone is willing to pay for it regardless.

Down to a single info (1)

bidule (173941) | about 4 months ago | (#45697375)

img source = "img/target/example.com/0xDEADBEEF.png"

Yes, target@example.com received our email.

We don't know where he was, what tool he used and anything more.

Re:Down to a single info (2, Interesting)

Anonymous Coward | about 4 months ago | (#45697621)

I suspect Google will load the image even if the gmail address is invalid, or else it would be an easy way to build a list of all valid gmail addresses. So your example does not indicate that it ended up in someones in-box (or spam box!), let along that someone actually opened the email.

What this is really (3, Interesting)

Rosco P. Coltrane (209368) | about 4 months ago | (#45697383)

is a monopoly tightening its grip on the market it monopolizes.

Re:What this is really (1, Insightful)

Anonymous Coward | about 4 months ago | (#45697459)

There is no pretense by Google any longer. They are basically in full-out "as evil as possible" mode now. Pretty much everything they've done for a long time has zero benefit for the end user. Today it is removing the ability for end users to block third party images. Yesterday it was removing the ability of end users to control privacy settings for Android apps. Day after day, Google does something that is good for them and bad for end users. They are an evil that never sleeps, a cold machine intelligence that has but one law -- "Embrace, Extend, Extinguish".

Re:What this is really (0)

Anonymous Coward | about 4 months ago | (#45697577)

It's amusing to see how the worm turns. I'm old enough to remember when Microsoft was a media darling, bravely standing up to the big, bad IBM empire.

Everything old is new again. Who shall be the next hero to save us from the evil machinations of Google?

Re:What this is really (1)

Anonymous Coward | about 4 months ago | (#45697655)

Alas, for the most part, evil increases over time. Google is a more aggressive, more virulent, more intelligent, evil than Microsoft ever was. What comes to "save us" from Google will be something even worse than Google.

Re:What this is really (1)

KingOfBLASH (620432) | about 4 months ago | (#45697805)

s a monopoly tightening its grip on the market it monopolizes.

On email? You really should look up the definition of monopoly.

I use gmail because i like it. I use it because it's the best free email service I can find, and I've tried quite a few of them.

I use google search because I like it. Back in the day when new search engines were coming out I used to switch between them quite often. Remember Altavista? Jeeves?

Google is not a monopoly. They play in markets with very very low barriers to entry. And a lot of users choose to use them, despite the numerous choices out there.

If all of a sudden their search results started to suck, or I couldn't get into my email without seeing a big giant flash I'd stop using them in a heart beat. And so would many other users.

Ergo, by definition Google is not a monopoly.

Re:What this is really (1)

penix1 (722987) | about 4 months ago | (#45698293)

Oh popycock! The market you refuse to acknowledge they are a monopoly in is... Wait for it... Marketing which this move is directed at. It attempts to limit the tracking to themselves being the only one who can track you albeit very poorly. Other marketers will have to find the loopholes in this strategy which gives Google the upper hand for a while.

Re:What this is really (1)

KingOfBLASH (620432) | about 4 months ago | (#45698439)

Are you seriously saying google has a monopoly on Marketing?

Even assuming you're talking about just online media, there are plenty of other places to market than google. If you decided to boycott google you could :

  • Market directly on websites relevant to your product. Selling viagra? You might consider the AARP site
  • Market via Facebook and their "social advertising" platform. Analysts in the know are betting whether Facebook might conquer google.
  • Banner ads on general interest sites people go to to waste time (I'm looking at you slashdot)

That's what I came up with in 30 seconds while taking a coffee break. I'm sure someone in the business of advertising could come up with many many more.

Google is indeed big. Huge actually. And by preventing beacons within mail, they are putting their foot down to say that if you want access to their user base, you have to go through them.

But there are plenty of alternatives to google. They're simply not a monopoly.

And, if you look at all of their initiatives like Google+, it seems they're afraid of losing you as a customers. They're branching out to stay competitive. They're afraid that Facebook is going to drink their milk shake (Facebook had revenues over $5 billion in 2012, and the bulk of it comes from Ads).

And active competition is not something a monopoly has to do.

Re:What this is really (1)

penix1 (722987) | about 4 months ago | (#45698645)

Market directly on websites relevant to your product. Selling viagra? You might consider the AARP site
        Market via Facebook and their "social advertising" platform. Analysts in the know are betting whether Facebook might conquer google.
        Banner ads on general interest sites people go to to waste time (I'm looking at you slashdot)

Inefficient because Google is already there. Just try and find a site that doesn't use Google adsense and google analytics. Good luck to you there.

And active competition is not something a monopoly has to do.

Yes it does to maintain its monopoly. Anyone entering the market is either bought out or kicked out by the monopoly.

Re:What this is really (0)

KingOfBLASH (620432) | about 4 months ago | (#45698813)

Utter rubbish. Are you saying the slashdot ads come from google AdSense? What about other sites like CNN? Where's the google adsense on Strobist?

Come to think of it I can't think of a website I regularly read with AdSense. It may be big, but it's not a monopoly.

Yes it does to maintain its monopoly. Anyone entering the market is either bought out or kicked out by the monopoly.

Maybe you could provide some examples?

Worse, Google now blocks steganography too (3, Interesting)

Anonymous Coward | about 4 months ago | (#45698663)

I'm surprised that everyone is focused only on how this affects advertisers. That might be just a decoy excuse for the modifications.

A far more fundamental change is that Google will now be transcoding all images, which inherently blocks the sender's ability to transmit steganographically hidden information with plausible deniability. I bet the NSA has been requesting Google to do that for ages, as it must have been an extreme headache to have to scan all images just to find the few with a hidden payload. No such payloads now.

Spooks aside, the effect of this on photography will probably be far more dramatic for the general population, since photographers often transmit precisely controlled images. Google's new transcoding means that Gmail is no longer suitable for sending bit-perfect images of known properties or quality, so we're going to have to put our images in archives from now on, which will be a pain to view.

It seems that Gmail is becoming strictly a conduit for advertising. Google is at least consistent in their evil.

It also beefs up security. (1)

JLennox (942693) | about 4 months ago | (#45697385)

If I could likely deduce that inside our local software you owned an item with the id 9, I could email you:

Because the request goes out with your authorization cookie it'll executes successfully.

This is why you should only accept post requests for actions that change data and use xsrf tokens (that aren't stored in cookies, local storage, etc).

Re:It also beefs up security. (0)

Anonymous Coward | about 4 months ago | (#45697465)

Security? Using e-mail in a browser fed from a server at Google throws security out of the window from the start. What you are talking about doesn't matter the slightest. It's like having all of your snail mail go to The Snail Mail Company and calling them to read it for you.

Re:It also beefs up security. (1)

JLennox (942693) | about 4 months ago | (#45698019)

Sorry, my point was obscured because it ate my html. I was saying you could send a link like img src="http://10.10.10.10/things/delete?id=9" and that being in an email, gets sent with your auth cookies to the server and issues the delete without you realizing it.

In that sense it's a big plus for security, but also hurts your privacy like you're saying.

Susan Sarandon admits to being stoned at Hollywood (-1)

Anonymous Coward | about 4 months ago | (#45697409)

"Celebs often complain on how interminable award shows can be but Susan Sarandon has found a way to beat the boredom. She gets stoned!

The 67-year-old actress admitted her penchant for puffing on the Bravo chat show, "Watch What Happens Live."

When host Andy Cohen asked Sarandon to name one Hollywood event that she has showed up to stoned, the "Bull Durham" star cheekily replied, "Only one?" and slapped her knee as the pair enjoyed a naughty chuckle.

"I would say almost all except the Oscars," she answered.

In case you were wondering the celebrated actress has earned eight Golden Globe and four Emmy nominations, not to mention five Oscar nods including one win for "Dead Man Walking" in which she played a nun."

http://www.foxnews.com/entertainment/2013/12/15/susan-sarandon-admits-to-being-stoned-at-hollywood-award-shows/ [foxnews.com]

change or same mistake I made about announcement? (4, Informative)

patrixmyth (167599) | about 4 months ago | (#45697415)

Is this a new change, because after I saw the google announcement, I saw a report that they would share all that data about loading of images with marketers. End result: safer images, but just as much information for marketers, as along as they make nice with Google as 'official' email marketers. Would love to be wrong. Here's my source, Ars Technica article.
http://arstechnica.com/security/2013/12/dear-gmailer-i-know-what-you-read-last-summer-and-last-night-and-today/ [arstechnica.com]

Re:change or same mistake I made about announcemen (2)

Bogtha (906264) | about 4 months ago | (#45698493)

No, you are completely misunderstanding that article.

Before mail clients stopped loading images by default, it was possible to embed a "web bug" image in an email. Essentially a transparent non-image that is referenced with a unique ID for each user. When the email was viewed, the mail client would request this web bug, and their server could record a) that this particular user opened the email, b) when they opened it, and c) whatever information they could glean from a normal HTTP request - where in the world you are, what software you are using to read the email, what language you have your mail client configured to use, etc.

If at any point you click "Load images", you will be sending this information to whomever sent the email. It's just that by default this would not occur in the majority of mail clients.

Gmail are switching to proxying the images and loading them by default. This means that email senders will get a) and b) by default. You can remedy this by switching your Gmail settings back to the old default of not loading images by default.

However because they are proxying the requests for the images, the people sending emails no longer get access to c) - things like your IP address, location, software, etc.

You seem to have invented some kind of nefarious arrangement between email marketers and Google, but that appears nowhere in the article you link to. It does not describe Google sharing data at all. All the article describes is the fact that by default, email marketers can now get a) and b) by using web bugs - this is something you don't need an agreement with Google to use, it's a natural consequence of the technology in question. It's your browser that shares the data, and it does so by performing a normal HTTP request - this is information you send to each and every website you visit. There's no http://google.com/download-private-data-muhahaha.zip [google.com] link that email marketers now have access to.

This change improves privacy and has no loss of privacy if you change your settings to not load images by default. If you leave the settings at their defaults, you gain privacy in some ways and lose it in others.

Wrong (0)

Anonymous Coward | about 4 months ago | (#45697421)

Wrong on one point: Users that click on "show images" will still download the image to Google's servers, letting marketers know if an email is ever opened or not. The one thing the marketer won't get is the user's IP address (because it's Google's cache server downloading the image, rather than the end user).

Awesome for spam/tracking (4, Insightful)

saikou (211301) | about 4 months ago | (#45697425)

Actually, this is rather awesome for spam/tracking of "real" addresses.
Before silly users could refuse to load external tracking pixels with unique IDs, assigned to each email.
And now? It's auto-downloaded for everyone. Yay!

While absence of IP address, Referral (if tracking image was loaded via https) and Browser info is sad, "everyone now auto-loads images" waaaay outweighs it :P You won't hide from confirming that email address that easily ;)

Re:Awesome for spam/tracking (0)

Anonymous Coward | about 4 months ago | (#45697537)

umm... you didn't read it. The images gets autoloaded when it comes into the system; no matter what; whether the email address exists or not. It is loaded in part by the anti-spam/malware portion of gmail. There is no way to confirm one way or the other based on external image links

Re:Awesome for spam/tracking (0)

Anonymous Coward | about 4 months ago | (#45697617)

This reply is unfortunately not correct for the standard case where the marketer has crafted the email with unique image URLs, ones that are specific to the recipient. Google needs to grab the images to cache them - which shows thge marketer you've read the mail message.

Overall this is a win for marketers - they don't get your IP, but they do know you read their message. (Unless you turn off "load external images" option in gmail settings, which I recommend.)

Re:Awesome for spam/tracking (0)

Anonymous Coward | about 4 months ago | (#45698803)

That one's pretty trivial to fix at google's end, given their spam filtering doesn't just look t email accounts in isolation. What they see is 100,000 emails that are alike, with an image URL that's templated. They then only need to request one copy of the image, putting random data into the template, or even better, use a valid URL that came into an unused email address.

If I can think of that in 30 seconds, I'm sure the guys responsible for their spam filter can come up with something at least as effective!

Re:Awesome for spam/tracking (3, Interesting)

Stonent1 (594886) | about 4 months ago | (#45697575)

Now all the spammers will get their servers overloaded. If they send out millions of e-mails and they all immediately get "opened" by google trying to pull in the picture data.

Re:Awesome for spam/tracking (1)

Cl1mh4224rd (265427) | about 4 months ago | (#45697771)

Now all the spammers will get their servers overloaded. If they send out millions of e-mails and they all immediately get "opened" by google trying to pull in the picture data.

I seriously doubt that. It would be rather dumb for them to cache these images on a per-email basis and not a per-URL basis. It sounds like they're just using a (modified) caching proxy. They'll likely grab and cache the image on its first ever request. All subsequent requests for that same image would then be served by the proxy's cache.

Re:Awesome for spam/tracking (0)

Anonymous Coward | about 4 months ago | (#45698329)

and when every url is unique per user? they grab it hte million times?

Re:Awesome for spam/tracking (0)

Anonymous Coward | about 4 months ago | (#45698859)

Tracking images usually have URLs unique for each address. Google won't be able to tell that spammer.com/trackId_blahblahblah.jpg and spammer.com/trackId_notblahblahblah.jpg are the same file until it requests them from the server.

Re:Awesome for spam/tracking (1)

walter-t (253735) | about 4 months ago | (#45697619)

Agree. Google has a disclaimer about this "In some cases, senders may be able to know whether an individual has opened a message with unique image links." on their help page: https://support.google.com/mail/answer/145919?hl=en

Seeing Through Walls With a Wireless Router (-1)

Anonymous Coward | about 4 months ago | (#45697431)

Seeing Through Walls With a Wireless Router

        By David Hambling Posted 08.01.2012 at 3:28 pm

        (THIS ARTICLE IS BEING ARCHIVED VIA 'FAIR USE' ACROSS THE WEB BECAUSE IT'S NO LONGER AVAILABLE THROUGH THE ORIGINAL WEBSITE)

        Image: http://web.archive.org/web/20121101091450/http://www.popsci.com/files/wi%20spy%20lightbox.jpg [archive.org]

        In the 1930s, U.S. Navy researchers stumbled upon the concept of radar when they noticed that a plane flying past a radio tower reflected radio waves. Scientists have now applied that same principle to make the first device that tracks existing Wi-Fi signals to spy on people through walls.

        Wi-Fi radio signals are found in 61 percent of homes in the U.S. and 25 percent worldwide, so Karl Woodbridge and Kevin Chetty, researchers at University College London, designed their detector to use these ubiquitous signals. When a radio wave reflects off a moving object, its frequency changes--a phenomenon called the Doppler effect. Their radar prototype identifies frequency changes to detect moving objects. It's about the size of a suitcase and contains a radio receiver composed of two antennas Âand a signal-processing unit. In tests, they have used it to determine a person's location, speed and direction--even through a one-foot-thick brick wall. Because the device itself doesn't emit any radio waves, it can't be detected.

        Wi-Fi radar could have domestic applications ranging from spotting intruders to unobtrusively monitoring children or the elderly. It could also have military uses: The U.K. Ministry of Defence has funded a study to determine whether it could be used to scan buildings during urban warfare. With improvements, Woodbridge says, the device could become sensitive enough to pick up on subtle motions the ribcage makes during breathing, which would allow the radar to detect people who are standing or sitting still.

        See image above for how it'll work.

        1. MOVING SUBJECT
        When Wi-Fi radio waves bounce off a moving object, their frequency changes. If, for example, a person is moving toward the Wi-Fi source, the reflected waves' frequency increases. If a person is moving away from the source, the frequency decreases.

        2. REGULAR OL' ROUTER
        A Wi-Fi Internet router already in the room fills the area with radio waves of a specific frequency, usually 2.4 or 5 gigahertz.

        3. BASELINE SIGNAL
        One antenna of the radar system tracks the baseline radio signal in the room.

        4. SHIFTED SIGNAL
        A second antenna detects radio waves that have reflected off of moving objects, which changes their frequency.

        5. PERP, SPOTTED
        By comparing the two antennas' signals, the computer calculates the object's location to within a few feet as well as its speed and direction.

        BREATHE EASY

        Image: http://web.archive.org/web/20131212233946/http://www.popsci.com/sites/popsci.com/files/styles/article_image_large/public/images/2012/07/breathe%20easy.jpg [archive.org]

          Breathe Easy

        It's possible to detect a person's breathing rate[1] by surrounding him with radio waves. Neal Patwari's wireless engineering group at the University of Utah designed a network of 20 inexpensive radio transmitters that are placed around a patient's bed. Then they created an algorithm that detects a stationary person's breaths better than current detectors do. Patwari plans to upgrade the algorithm by the end of the year to filter out body movements too. The system could someday be used in hospitals in place of tubes and masks.

        --Elbert Chu

        [1] http://web.archive.org/web/20111227182352/http://www.popsci.com/technology/article/2011-09/wireless-network-accurately-and-inexpensively-monitors-patients-breathing [archive.org]

Tracking Pixels (0)

Anonymous Coward | about 4 months ago | (#45697437)

Can't believe the stupidity of this story.

Wait, images? (1)

Arancaytar (966377) | about 4 months ago | (#45697481)

You mean, like, attachments? Those are part of the email anyway.

Or are we talking about this weird new HTML-email thing I've been hearing so much about? Who even uses that crap. :P

Re:Wait, images? (0)

Anonymous Coward | about 4 months ago | (#45697731)

The way it works is one of Satan's cock suckers embeds a unique image for each victim in the HTML emails they send. Whenever the victim opens the email in a program that renders the HTML and displays the images therein a request is sent to a server in Hell and Satan himself is informed you have read their great offer of penis enlargement pills.

Google is trying to reduce the info available to those who hire spammers so that they hire Google instead. It's a good thing in that it hurts spammers, but it doesn't changes the fact Google reads your mail.

Re:Wait, images? (0)

Anonymous Coward | about 4 months ago | (#45697745)

Exactly. All HTML-mails are automatically spam and disappear.

Score one for Google (1)

nurb432 (527695) | about 4 months ago | (#45697595)

Tho, im sure they will do the tracking for their own purposes, this will help reduce 'bad things' from questionable sources. As always, its a trade-off.

Facebook has been doing this from day one (0)

Anonymous Coward | about 4 months ago | (#45697663)

Google is a bit late. Facebook has been doing this in posts to its site since day one. It makes a huge difference in
security, privacy and speed... finally.

Downsides: (1)

yakatz (1176317) | about 4 months ago | (#45697717)

Marketers will at least know that the user opened the email because the images were loaded somewhere. See MailChimp's [mailchimp.com] post on the subject. This means that you can not longer look at a message even once without the marketer knowing that you did.

Good and bad? (1)

Sits (117492) | about 4 months ago | (#45697741)

GMail will be fetching the images by default but only after the user opens the mail. So it's an improvement because the user's browser and IP address will be hidden (as it will be Google's servers doing the fetching) and it's a step back because it is tracking images will work by default. If you want the old behaviour of not showing images you will need to opt into it so only those who explicitly don't want to be tracked will remain anonymous.

Sources: Wired [wired.com], Ars Technica [arstechnica.com]

Okay (1)

ledow (319597) | about 4 months ago | (#45697765)

So, presumably they don't actually rewrite the message as such, just change the way it's displayed in the web interface (through an intermediate proxy). Rewriting the message would break all those nice email verification systems, no?

So what about those people using IMAP and not GMail's web interface? Presumably, it's business as usual.

Fact is, if I don't want you to be able to know when I've loaded your images, I won't load your images unless I think they are vital. Which is why my mail-client doesn't download any images by default anyway.

I see this as a good thing - Google are protecting users who are dumb enough to use the web interface for email and rely on it, but not touching anyone who would do things properly anyway.

Google will sell the data instead (0)

Anonymous Coward | about 4 months ago | (#45697987)

Of course, the data about the cached access will be sold by Google.

Summary is wrong wrong wrong (4, Informative)

Dynedain (141758) | about 4 months ago | (#45698277)

This summary is garbage and complete misrepresents the implications of Gmail's change. (I already researched this last week and developed a solution to avoid cacheing with in-progress email images that might get replaced with final versions)

Every singe email marketing system already uses a unique image URL to identify a given recipient. This is frequently called a "tracking pixel" because it's usually a 1px transparent gif stuck in the corner of an email where it won't be distracting. In fact, this method has been used for web tracking as well for many years. It's how Google Analytics originally worked.

Since these unique images will still get loaded when an email is opened in Gmail, marketers will still be able to track your opens. What they won't see, however, is how many times you re-opened the email. And since the image gets cached and requested through Gmail's proxy, marketers won't get information about your machine like browser, IP address, etc. But if you click-through on a link, or you visited their site before (highly likely if you're on their mailing list) then they have most of that info anyways.

This caching by Gmail is primarily to speed up Gmail since it means images can be loaded and shared on Google's Content Delivery Network which is almost certainly faster than servers owned by the email campaign provider for image hosting.

Don't be fooled. (0)

Anonymous Coward | about 4 months ago | (#45698289)

They want to make it harder for those entities to collect that data, because Google wants to collect it and sell it back to them at a premium.

Not accurate information (1)

gowmc (457451) | about 4 months ago | (#45698327)

I've done testing with my own emails with a link to my own server. The image is still only downloaded once you view the email. The only thing that is any different is that the request comes from google instead of the user's IP address. This prevents getting or reading cookie data during the image request, but does nothing to prevent image-based tracking of email opens. For image content on non-unique URLs this could mean better loading speeds, but won't do anything to make email load faster for unique images.

Nothing stops them from pre-caching these images in the future, but for now it isn't quite as catastrophic for the email marketers are some article suggest.

Re:Not accurate information (1)

cshark (673578) | about 4 months ago | (#45698411)

I don't really see where the problem is. You shouldn't be using horrible kluges to track your campaigns anyway. Even if it did kill your ability to track who is opening what... who fucking cares? The fact that a person opens an email has absolutely no bearing on whether or not they're going to buy it. Email marketing is still interruption marketing, for the most part. It's flawed in its basic premise. Innovation is the only way to stay in business long term. Stay ahead of the curve, it's more profitable. Adapt, or die.

Re:Not accurate information (0)

Anonymous Coward | about 4 months ago | (#45698745)

Please don't adapt.

No trust (0)

Anonymous Coward | about 4 months ago | (#45698735)

The only way this can be of any use is if you trust the servers the images are moving to (tip, don't trust Google). Google has sucked for a long time, this is just more of the same.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...