For many years now, most email systems – including Gmail – have hidden images in deliveries because of phishing risks. However, a new policy now allows all emails that have image attachments to show them, whether they have been authorized as a safe sender or not.
This new feature comes thanks to new technology. Google now hosts all images via a proxy server, which means any malware hiding out in the picture will not show up in the email. This makes the “show images in this email” button permanently defunct, and many users have already expressed how pleased they are with this change.
However, H.D. Moore, a security researcher, says that this isn’t the most secure way to deal with images, and poses an entirely different threat. In part, it means that Google will be able to track email as read or unread for all users, regardless of permission.
While this isn’t a big deal on its own, a hacker or even a stalker would be able to determine if their email was opened and read at all. This is still a minor issue in most situations, but in some it could mean violation of privacy or restraining orders. In some cases, this could also verify if an account is active or dormant so that spam lists can be trimmed appropriately.
In addition, since URLs for images will need to be requested by Google’s servers, there could be some problems with emails sent to people for malicious purposes that are filled with images. These emails could be sent to email accounts at random. The problem with this comes with web application exploitation that happens when a URL is requested.
Google’s spokesperson does admit that a requestor could easily find out if an email has been read or not, but that doesn’t mean private information such as geographic location or “identifying information” is released. That information, unless something is downloaded from an email, remains completely secure with Google’s new image setup.
Furthermore, Google argues that there is an “opt-out” feature that requires that the button be pushed for images to show again, and that option isn’t going anywhere soon. The company says that if it becomes a problem, they can remove the proxy server reroute fairly easily and go back to requiring all emails for everyone to “show images”.