Gmail Download Images by Default Feature Could be Security Problem, Expert Says

December 23, 2013 Updated: July 18, 2015

Gmail opted to improve security and efficiency by showing all images in your messages, meaning that you’ll never be asked to “display images below” again.

But at least one security expert doesn’t agree with the move.

HD Moore with the vulnerability management company Rapid7 told SCMagazine this week that it might be less secure.

“If Gmail does start to display images automatically and this occurs only when a user views the message, it will enable ‘read tracking’ by default for all Gmail users,” Moore wrote to the publication. “This would allow a stalker or other malicious entity to determine whether the email they sent to a target is being read.”

He added: “If Gmail starts to cache images as email is received and before the user reads the message, the tracking aspect will be resolved, but it does open the door to malicious request proxying in a much more aggressive form.”

Last Thursday, John Rae-Grant, a Google Product Manager, announced that Gmail has changed the way it handles images.

“Thanks to new improvements in how Gmail handles images, you’ll soon see all images displayed in your messages automatically across desktop, iOS and Android. Instead of serving images directly from their original external host servers, Gmail will now serve all images through Google’s own secure proxy servers,” he wrote.

“So what does this mean for you? Simple: your messages are more safe and secure, your images are checked for known viruses or malware, and you’ll never have to press that pesky ‘display images below’ link again. With this new change, your email will now be safer, faster and more beautiful than ever.”

Google said that users can opt out of the feature by clicking the option “Ask before displaying external images” in the General tab under Settings.

The improvement has already been implemented on desktop computers and will be rolled out for mobile in 2014.