The elimination of web bugs (well, for Gmail anyway)


I read Google’s post of December 12 announcing that Gmail would now display graphics in messages automatically with some interest. It seems like a very good idea to me to address the “web beacon” or “web bug” problem that has forced users to decide whether they want to download images included in their email. Dealing with embedded but invisible images that allow senders to track whether recipients have accessed email has been a conundrum for a very long time.

The technique creates some ethical questions about whether a sender should be able to know whether their message has been read through a mechanism that is invisible to the reader. It also poses some privacy concerns in some countries. The result is that most email systems allow users to block the automatic download of images unless sure that they come from a trusted source, such as an address on the user’s “safe senders” list.

As long ago as 1999, reputable corporate giants such as Microsoft, Quicken, and FedEx used invisible bugs to let web pages and messages report their progress back to their respective mother ship, so it’s actually surprising that it has taken so long before one of the major email providers has done something to quash the habit. If you were cynical, you’d say that it’s even more surprising that it is Google, the company built on advertising, which has taken the step. We live in interesting times, I guess.

Google’s solution is to have all images referenced in email fetched by their secure proxy servers. In other words, images used by web beacons are fetched once, held on the proxy server, and provided to Gmail when users read their messages. It all sounds very efficient and “the right thing to do.”

Unhappily for the marketing community, their carefully crafted missives will now generate tons of responses back from Google’s servers instead of from individual email addresses or IP addresses, so they will never be sure quite whom they have reached. All of Gmail will seem like a great big amorphous blob for marketing purposes.

Some in the security community have pointed out that some risks might exist in the new technique because malicious code might be able to sneak past Google’s checks and be then executed from their proxy servers. For the moment this remains a theoretical threat and I am sure that the sharp minds in Mountain View will have considered how best to mitigate the problem.

Some others have questioned Google’s motives in making the change by asking who benefits from the new approach. It’s reasonable to speculate that Google might be able to benefit from the change by selling a service to marketing companies based on the information it gathers from downloads from its proxy servers. After all, as has been pointed out elsewhere, Google is way more than an email provider and has substantial if not all-encompassing interest in all things connected to advertising, so any action taken by them that affected others in the marketing arena is automatically suspect. We shall have to wait and see, but if you have strong views on the topic, you can always join the Arstechnica debate.

It would be nice if the underlying issue was resolved so that images could be displayed safely while preserving privacy and that a common standard for the resolution could be agreed across all of the major email systems. Perhaps we’ll see this in the future, but for now I applaud Google’s initiative – at least, on the email front.

Follow Tony @12Knocksinna

About these ads

About Tony Redmond ("Thoughts of an Idle Mind")

Exchange MVP, author, and rugby referee
This entry was posted in Email, Office 365 and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s