[Justsignedup]

I thought this is completely pointless nowadays:

- Gmail USED to block images unless you do "allow images"

- Gmail changed to a system where gmail pre-fetches the images and runs them through safety checks.

- Gmail only does this check if you open the email.

- Even if you block the pixel, you only block the gmail cache of it. NOT the original.

Unless I misunderstand.

[panarky]

This is easy to test.

You will find images are NOT retrieved by Google's proxy before or after opening the email when you have external images turned off in Gmail.

1) Ensure Gmail is set to "Ask before displaying external images".

2) Send yourself an HTML email with an img tag pointing to a site you control (doesn't even need to be a real image).

3) Check your server log to see if the img url was retrieved.

4) Open the email in Gmail, but don't click "Display images".

5) Check your server log again.

6) In Gmail click "Display images" and check the server log again.

Only when explicitly clicking "Display images" does GoogleImageProxy fetch the image.

Conclusion - don't install an extension that can spy on everything you do. Just ensure external images are not displayed by default.

[ramoq]

I think the point of the extension is that you can keep images _on_ and not have to worry about people tracking your opens. I would imagine the majority of Gmail users keep images on

[mike-cardwell]

Or just use https://www.emailprivacytester.com

[dancablam]

Gmail proxies an image so a pixel cannot get the source IP address, user-agent, etc. But it still permits message open detection just fine.

[panarky]

> But it still permits message open detection just fine.

This is only true if you allow external images to be displayed by default.

If you set Gmail to ask before displaying external images, then message open detection does not work unless you explicitly tell Gmail to display images on an individual message.

[pasbesoin]

I think dancablam's point with regard to the proxying is that, if the email sent to you contains img5_135986213.jpg, and 135986213 is unique to the email sent to your address, then when the Gmail proxy pulls that file, it still registers as a hit for the email sent to you.

Your point, in turn, would be that if you never give Gmail permission to load the images for the email sent to you, then Gmail never tries to access that image file that is, by filename, linked to the specific email that was sent to you.

dancablam's point is separately valid. If you think Gmail's image proxying is going to hide your reading (with images) of the email, well, these days not so much, depending upon the design of said email and corresponding tracking.

Maybe Gmail still catches crap/malicious metadata in viewed images, including stuff that can be escalated/elevated by parsing bugs and whatnot. As long as their detection is updated to catch whatever's being thrown at you in a particular email.

[chimeracoder]

> - Gmail USED to block images unless you do "allow images"

Google changed the default settings, but you can re-enable this behavior.

[phyzome]

What sort of safety check are you referring to? I've never heard of such a thing.