Google believes it has discovered a safe way to display images in Gmail by default, but security experts disagree. By caching images on its own servers, Google has made it more difficult — but not by any means impossible — for marketers to track your data. Until the end of last week, Gmail users had to load images sent to them in emails manually. The process was admittedly a little cumbersome, involving two or three clicks to load up what was often the meatiest part of a message. That said, this process also kept users very safe from prying eyes, of both benign and malicious varieties. John Rae-Grant, a product manager at Google, took to the Gmail blog last week to share the good news: Gmail can now display images by default without any security risk, as Google will now cache all emailed images on its own servers. This, in theory, roots out images riddled with malware and prevents unsolicited marketers from tracking images to their recipients. MORE: 13 Security and Privacy Tips for the Truly Paranoid The only problem is that this process is not quite the panacea that Rae-Grant makes it out to be. Web-savvy marketers can get around these restrictions with relative ease, as H.D. Moore, chief research officer at Boston-based security firm Rapid7, explained to Ars Technica. Having images in emails makes it much easier for marketers to track when users open messages. If you're part of a mailing list — either because you requested it or via spam — expect to get a lot more junk sent your way if marketers discover that you're opening all of their stuff to view their images. If users access these images from Google's servers instead of through a marketer's website, they become harder to track, but not impossible. By including a user-specific URL in every image it sends out, a marketer can detect when Google accesses the image and correlate that image with the user the marketer had intended to reach. Email marketing firm Mail Chimp backed up these findings in a blog post. Rae-Grant also asserted that when Google caches images, it will run anti-virus scans on them, keeping users safe from image-embedded malware. Although the method is uncommon, it's at least theoretically possible to embed malware in image files. By modifying headers in JPEG image files, security researchers have been able to hide unwanted software in online images. If you let Gmail open images by default, you won't likely encounter any malware, but marketers may still be able to track you and continue sending you unsolicited advertisements. To avoid such tracking, you can set Gmail to require permission before loading any kind of image file, just like it did before. To keep your inbox free of images (until otherwise specified), open Gmail and click on the cog in the upper right corner. Select Settings, then scroll down to External content. Select "Ask before displaying external content," and click Save at the bottom of the page. Now, images won't display without your explicit say-so. Although the process makes opening emails a bit more of a chore, it's better to keep your computer safe and leave a few clicks between you and that picture of the Shiba Inu wearing fancy clothes than to risk another few dozen spam messages. Follow Marshall Honorof-@marshallhonorof and on-Google+ . Follow us-@tomsguide,-on-Facebook-and on-Google+. 40 Best Free Android Apps 40 Best Google Chrome Extensions 2014 Best Free Email Service Reviews Copyright 2013 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
More...
Bookmarks