[englehardt]

Gmail's image proxying actually won't help much with this style of tracking. In the paper we found email addresses (or hashes of them) leaking to third parties via a query string parameter in the request URL. So the proxied URL still contains your email address and the third parties can still learn you opened and read the email. As another commenter mentions, we found these requests to occur the moment you first open the email in the Gmail web interface. Since the request URL is unique to you, it can still be used to serve you targeted content. See: https://web.archive.org/web/20170922213846/https://support.l...

Actually I suspect image proxying will also interfere with request blockers like ABP or uBlock Origin, which may have otherwise blocked all requests to that third-party domain.

[voidmain]

This is particularly annoying, because if they just cached the image immediately upon receiving the e-mail, there would be no privacy impact AND you would get to see the image. (Yes, it might still send your e-mail address to third parties, but someone who has your e-mail address is free to send it to anyone they want without your help; there is no way to stop that.)

I guess we didn't need further evidence that Google cares more about third party marketers than users' privacy.