Gmail takes image loading out of users’ hands – here’s how to take it back

Gmail's automatic image viewing, and how to turn it off

gmail-170Do your shoulders feel lighter?

They should if you’re a Gmail user, since Google just lifted from users what one assumes must have been the heavy burden of having to choose whether to display images in email.

You were relieved of this choice as of Friday, when Google announced that Gmail users will now see images automatically.

Automatic image viewing for desktops was enabled on Friday, and we’ll see it on Android and iOS apps in early 2014.

Up until now, we’ve had to mull whether or not we want to view images because all sorts of security sliminess and privacy pitfalls can lurk behind them.

Clicking on images is like leaving whatever fortress you’re holed up in and venturing out into the wide, open, scary world of somebody else’s HTTP territory.

That’s because emailed images, though they might look like they’re part of the email, are normally hosted on a web server controlled by the email sender.

As far as privacy issues go, when you load the images, you not only get to see whatever pretty picture the sender wishes to bestow upon your eyeballs; you’re also sending a message about yourself (an HTTP request) to the email sender.

First off, by clicking on an image, you’re giving the sender any cookies you might have previously received from their website. You’re also giving them your IP address, which can provide a rough idea of your location, and your user-agent string which is a brief description of the browser and operating system you’re using.

Also, unless you’re using a browser or a browser add-on that blocks the action, the sender will also get an HTTP referrer: an HTTP header field that shows the URL of the page that you are on.

Perhaps more useful than all of those though, you’re giving email marketers and spammers confirmation that their email has been read and that your email address is ‘live’.

As Ars Technica’s Ron Amadeo points out:

It's even possible to uniquely identify each e-mail, so marketers can tell which e-mail address requested the images—they know that you've read the e-mail. And if it was spam, this will often earn you more spam since the spammers can tell you've read their last e-mail.

So if images are on by default then by the time you’ve looked at an email, determined it’s spam and hit the ‘junk’ button you’ve already told the spammers that you’ve opened the  email.

But wait, there’s more: given that the images are hosted on remote, third-party servers, there’s even the possibility that images themselves can be rigged to exploit security vulnerabilities and inflict malware on the computer systems of those who click.

Google aims to curtail the risks of clicking on remotely hosted images by henceforth serving all images from its own, secure proxy servers.

It will be great – just great! says Google:

Your messages are more safe and secure, your images are checked for known viruses or malware, and you’ll never have to press that pesky “display images below” link again. With this new change, your email will now be safer, faster and more beautiful than ever.

With Google serving as the image middleman marketers, spammers and phishers should be starved of all that leaky HTTP stuff but will they still know who’s opened their emails?

Up until now marketers have been able to look at how many times their images have been loaded and use it to work out, at least roughly, how many times their emails actually got opened.

Now that Google’s putting itself between you and the marketers’ servers they will presumably be requesting each image just once from the original server and then caching it for the benefit of all Gmail users.

That ought to mess up marketers’ “open rates” and prevent confirmation that your email address is active, right? Nope, it won’t help matters at all.

As a Google spokesperson acknowledged when CNET asked, senders can simply use a unique image URL per recipient.

Instead of requesting one image from the sender and caching it, Google would have to ask for each unique URL. This ought to make email open-rate tracking even more accurate than it is now because, thanks to this update, every email that’s opened will automatically download images.

This is, in fact, the conclusion reached by security researchers including H.D. Moore and Robert Hansen.

Moore told CNET that the proxy servers will turn on default “read tracking” for all Gmail users, which bestows power on people we don’t necessarily want to empower:

This would allow a stalker or other malicious entity to determine whether the e-mail they sent to a target is being read.

The Google spokesperson pointed out that the proxy server helps protect the recipient’s IP address, geographic location, browser user agent, and “other identifying information.”

OK. But Google could have given their users all that good stuff without taking away their ability to choose whether they want to see images or not.

Luckily, Gmail users can disable automatic image viewing – here’s how:

  1. Open Gmail.
  2. Click the gear icon in the top right.
  3. Select Settings.
  4. Stay in the General tab.
  5. Scroll down to the Images section.
  6. Choose “Ask before displaying external images”.
  7. Click Save Changes at the bottom of the page.