December 19th, 2013

Secure? Google Mail Getting Increasingly Less Private

In the news this week: Gmail is trying to make its web interface faster and a little safer … but are they trading away some of your privacy in the process and making Gmail addresses better targets for email marketers?

What is Google Doing?

Instead of waiting for you to click a “show images” button on every message that is displayed, Google is pre-loading all the images on their servers, scanning for viruses, and then displaying them automatically inline. You can turn this off in your Settings.

On this surface, this gives you:

  1. Images right away — fewer clicks
  2. Safer images — they have been scanned for viruses and malware

Sounds good so far, but…

What is the Downside?

Email messages sent by email marketers (and spammers) usually contain tracking codes attached to images (called web bugs).  These are used to track who has viewed the spam / marketing email messages and when.

Marketers use this to determine how successful their email campaigns are in getting recipients’ eyes to look at the message and many email marketing programs (like Spotlight Mailer) make this tracking process simple. Spammers use the same trick to see who has opened or viewed their spam message and thus who is a good candidate for more spam.

By switching to pre-loading and showing images by default for users, Google has made life much simpler for marketers and spammers … they now have a much more accurate picture of who has viewed their messages!  Whereas before they might not have known unless you clicked “view images”, now the sender always knows, unless you explicitly update your Google settings to prompt you if you want to view images.

So – yes – a little more safety and one less click in some cases.  But, now you are likely to get more spam and others are more likely to know what email you have and have not viewed.

What about LuxSci?

Like Google, LuxSci allows you to toggle the display of images or block images.  LuxSci also allows suppressing the display of any HTML content completely. This is best if you are concerned about any security or privacy issues related to email.  If HTML is off, you can’t get infected by viewing a text version of the message and nobody will know if and when you have viewed the message.

Additionally, LuxSci supports plain text previews of messages.  View the plain text version of a message without actually opening it, without marking it read, without opening any attachments, and without triggering any HTML.  I personally use plain text previews as they are very fast and concise … and when I want the full message (and trust it) I click one button and the full content is displayed.  Very safe … and much better than either Google’s old or new behavior.

Finally, LuxSci customers with Premium Email Filtering have two excellent features called “HTML Shield” and “Click Protect” which will also help protect you against any attacks and/or marketing tracking.

  1. Click protect will scan all external URLs and can block or alert you from clicking to malicious web sites.  It even re-checks these sites right as you click, not relying on the results of the scan from “days ago” when the message came in.  Click protect is true real-time protection against phishing web site attacks and other malicious sites
  2. HTML Shield allows you to automatically block parts of HTML message content that are commonly used to attack web browsers and users.   It can do this without completely removing the HTML itself.  E.g. automatically stripping things like iframes, Java, JavaScript, etc. You can choose degree of stripping — from the most egregious culprits … to removing all HTML completely.  You can also choose to have email marketing tracking images (the web bugs) stripped out. while leaving other images intact.     E.g. you can hide yourself from inadvertently informing the spammers and email marketers that you have opened their messages, while still enjoying your images.

What about scanning images?

LuxSci only displays PNG, GIF, and JPG images inline. Other formats like TIFF are left as downloads and never displayed inline.  While there has been a very small number of browser vulnerabilities  related to these images long ago in the past (e.g. this one), the attack surface is very small. Furthermore, as these types of images are pervasive, any attack would be followed immediately by browser updates that resolved the issue.

That is not an excuse for taking a chance by not scanning all possible images — however, the most likely issue will be a zero-day attack that is fixed in browsers almost immediately. In this case, virus scanners will also likely miss the issue for a while as well… so you could still easily get infected during the initial onslaught.  For customers concerned with this, LuxSci recommends:

  1. Use text previews of your messages, only viewing the full content as needed.  So, you will never see images in untrusted messages, or
  2. Turn off viewing of images in LuxSci — you can toggle viewing images as needed, or
  3. Use Premium Email Filtering HTML Shield to block all images and/or remove web bugs.

LuxSci has requested that the Premium Email Filtering service be extended to scan HTML-linked images, just like Click Protect actively protects you against any link that you might click on. This is of huge importance as phishing and malware sites in email links are everywhere…. and Google doesn’t offer any protection against those threats.

In our opinion, Google was only seeking to make their email a little simpler by reducing 1 click to view images for most people.  To do that, they had to scan these images for viruses or they would be criticized for making email less secure.  In the process, they assist email marketers and make email even less private. Perhaps this is a little “give back” to those marketers who were upset when their messages started being filed into a separate Promotions tab in Gmail.

This policy change is similar to Google’s offer of “HIPAA Compliance” which gives an illusion of security while not really providing the tools to actually encrypt email: reacting to a perceived need and causing a possibly more serious problem as a result.

Leave a Comment

You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.