I hate to be "that guy", but does this mean Google is storing every one of our pics on their proxy servers? For how long do they store them, and what is their data retention policy?
Also, remembering that Google has no obligation to protect non-American users, does that give the NSA access to them, to run things like facial recognition, etc?
Because if you stop serving up the remote reference before it gets requested by a particular client, it won't be there.
If it's archived {immediately,on first request} permanently thereafter, there's now another copy outwith your control.
Edit: moreover, the images are requested locally by the user's browser. Google doesn't get a look at them at any point[1]. Whereas now, they get a permanent copy for free, because they're doing you such a favour!
[1] Directly, anyway. I guess they could use js to get the requests and headers and submit them back to the mothership, but on slow connections that could be pretty obvious.
yeah, OK, but again, it's not really an invasion of privacy bcause they get the mails and the URLs in the first place. If you don't want your e-mails read by google, you probably don't use GMail.
Assuming worst-case NSA scenario, even if the images weren't hosted by Google, the NSA would just pull the external images anyway for facial recognition/what not.
Another commenter above noted that the cache duration is on the order of "a few minutes". If the email is opened a second time later on in the day, Google's cache hits the server again.
(Of course, this doesn't rule out the possibility that Google is actually holding onto each version they cache. I imagine it's not actually worth it for them to do so.)
That was my initial reaction to. I suppose it has its pros and cons just like anything else. However, with recent Google (among other companies) and NSA dealings I'm looking at this with my cynical eyes as another data retention policy.
Yes. Whilst you can embed images as MIME attachments (or data:// uri trickery and the like), the vast majority are <img> tags referencing external http:// uris. A message with remote image references is not a complete document, and won't render correctly unless those references can be followed. Google are instead fetching and caching those remote references, then serving them indirectly to you.
As comparison, Firefox has a 'save page' function which distinguishes between 'html only' (akin to the mail message), and 'complete', which would include all images, stylesheets, external js files, etc.
To me, it sounds like they did all the heavy lifting for the NSA, and then packaged it up as a "feature" for us.
If Google handed over the emails themselves to the NSA, it would contain a lot more noise, but now it's really simple for the NSA.
The work is obviously to sift through all the emails, remove the photos, and separate/store them on a separate server. Now all NSA needs to do is get a daily dump of all the pics, and then run their data collection/facial recognition on them.
Also, remembering that Google has no obligation to protect non-American users, does that give the NSA access to them, to run things like facial recognition, etc?