It is the benevolent dictator issue in my view. As long as the dictator is benevelont everything is hunk-dory. A bad dictator wreaks havoc, and a benevolent dictator can become bad.
So not a positive step as I see see it.

Won't this break GPG email signing?

If Google has replaced the image, then the contents of the email has changed. Imagine someone composes an email in Thunderbird, signs it and sends it using gmail... Google then does a switcheroo with the image. If the receiver tries to verify the email, it should fail.

So, in this respect it's bad for privacy, because you wouldn't be able to tell if Google tampered with it or some other party.

I sign all of my emails with my 2048 byte key, which I rarely create using gmail's composer. When I want to keep something private I encrypt the document and add it as an attachment. Good luck breaking into those. (until quantum computers become practical).

True it's v.difficult to "break" the signature, that's not quite what I meant.

My point is if you use gmail then it will now always give an error when the recipient tries to verify the email is from you, because the email you sent is not the email they received. They won't know if the only difference is the image or if the entire email is a forgery.

What do you mean, exactly?

Perhaps I misunderstood, do the changes only affect reading email with gmail?

Let's unpack the relevant paragraph:

AliceCorp sends a marketing email to Bob, Carol, and Dave, the three of whom have Gmail accounts. Google reads all the external links in every email, and when a link points to an image, Google downloads the image and stores it in a Gmail image cache. Gmail rewrites the URL in the link in each email to point to the cached version rather than the original external location.

When Bob opens his email, images now appear automatically, and are served up from Gmail's cache -- because that's what the URL in the mail now points to. Same thing for Carol and Dave. AliceCorp will hate this, because AliceCorp now has no clue that each of Bob, Carol, and Dave read the email; instead, AliceCorp sees only a single request from Google for the image.

If AliceCorp has signed its email, then yes, as Feathers has wondered, Gmail's modification will invalidate AliceCorp's digital signatures. AliceCorp signed the email when it contained links to images on AliceCorp's web servers. The mail as received by Bob et. al. has been modified in transit; when Bob's email program attempts to verify the signature, the verification will fail.

Note that this does not affect images embedded in email, whether as attachments, MIME parts, or base64 encoded. It only affects HTML mail that contains URLs pointing to external images.

I agree with richb, with the possible benefit that some advertisers might be discouraged by this move (a good thing, IMHO).

Tenuis wrote:
Would you care to expand on that? I have heard the same thing, maybe......what..... 5 years ago.

Not the particular article, whatever, but an expansion on the baisic thing:

unless it is the trivial "when you click it it has you" kind of thing.

woodjustwonderingsmoke

More importantly, the sender will know you've read the email and that the email address is valid. The one-pixel technique is called a "web bug."

The ars technica article succumbed to the desire for a sensational headline, IMO (after ploughing through 6 pages of comments, and reading the Washington Post item about it). With the new Gmail approach, web bugs still work, in fact they'll work better. Google does not retrieve and cache all images in mail to Gmail as it receives them, it only does so when the recipient opens the message. The reason I claim web bugs will work better is that Gmail users are having their setting changed to "always display external images", which previously was "ask before displaying external images" by default. Gmail warned me it was doing this, saying something like external images "performed better now", so I promptly reset it. I imagine for most users this will slip past unnoticed.

E-mail marketers will lose some info, mainly the IP address and the user agent string, and some of them use the address for approximate geo-location, and now it'll look like you're in Mountain View, CA. They'll only see one open per day, because google cache the images for 24 hours, but client-side cacheing would normally do that anyway.

There is a supposed benefit to Gmail users in that the images will be scanned for malware, and something slightly creepy about them changing the message you receive (rather than just messing with the headers); that might seem like a slippery slope.

Regards, John Little

Thanks for mentioning the Washington Post article. You're right -- it's a better analysis than Ars Technica, which I was relying on previousy. WP says:
Marketers will also lose access to any third-party cookies stored in your browser, like those from DoubleClick et. al.

More than slightly, it feels. I'm so glad I ditched Gmail and run my own server now.