It's important to remember the destructive nature of Truecrypt's hidden volume function. Unless you use both keys to unlock the volume, opening the outer volume and allowing the OS to load will destroy the hidden volume that has your real files. It's meant to be a last-resort against a "Use this wrench and beat the password out of him" scenario.
I've only used it with a TrueCrypt volume as a file, where it works flawlessly (unless you continue to add files to the public volume). See http://www.truecrypt.org/docs/hidden-volume
I just ran the same test and can confirm the results. Google will only load your image if you open the email, which means Google has just opted-in all users to mail receipts.
I don't use any Google services outside of small tests like this, but it still makes me concerned for how this will affect the privacy of people I know.
"Email open" tracking just got a lot more reliable for all mass email & marketing automation vendors.
On the flip side, those same solutions can no longer set a persistent cookie with the image, so persistent tracking based on the initial email open will stop working.
> "Email open" tracking just got a lot more reliable for all mass email & marketing automation vendors.
Has it? If Google's proxy is caching images, then "email open" tracking might have broken entirely. All the sender would see is that their email has been opened once by the proxy -- for all gmail addresses put together.
I'd imagine that they are going to de-dup the images they proxy which means email marketers need to generate unique images per mail and that means no more 1-pixel tracking images.
A solution would be 1-pixel high tracking lines - a 1 x 128 pixel wide image that encoded 0 and 1 as two RGB colors adjacent to the mail's background color in the visual spectrum so the difference isn't noticeable would encode a sha-1 hash placed in the url.
Mass-email senders probably would put a unique identifier in the image url (different for all users), so Google will open each image, because it can't know before loading them that it's the same image.
> "Email open" tracking just got a lot more reliable for all mass email & marketing automation vendors.
No, it didn't. If you had chosen the option to ask before displaying external content -- which existed and applied to non-image content and, without which selection, email-open tracking by external non-image content was already reliable -- then the new setting to ask before displaying external images is selected for you by default.
If you hadn't selected that option before, you weren't protected from "email open" tracking.
Interesting. The fact that they don't even address this aspect of the change in the blog post makes you wonder if this is a deliberate or incompetent move. This should be obvious for anyone who works with email and easy enough to describe in layman terms the blog post. Who is the target group for the blog?
I assume the target of the blog is Gmail power users moreso than email markers. I highly doubt that the Gmail team didn't think this through before launching. As far the reason for not explaining how this works, who knows?
> Google will only load your image if you open the email, which means Google has just opted-in all users to mail receipts.
If you didn't have the "ask before displaying external content" option set before this change, you were "opted-in" to read receipts already -- its just that, due to protections designed to stop other malicious use of images, you were incidentally protected against images as the vector for silent read receipts.
With this change, you are better protected against the malicious uses of images the default-not-to-display option was designed to protect against, but exposed to external images as a vector for read receipts if you hadn't chosen to display external content only after confirmation. If you did choose that previously, then you also got the new "ask before displaying external images" chosen by default -- so if you were protected from senders injecting read receipts before, you still are now. If you weren't before, you aren't now, but then that's not really a change.
Thanks to this post, I decided enough and enough and I started on a user script that redirects different URLs to their "pretty" version. It currently supports Google Web Search (Google Instant Search is not yet supported), although I'll be adding much more when I get home and in the next few days. I've named the script "Prettify-URL" and it is available here:
Note that this is absolutely not meant to be an end-all solution to the problem, but instead a ray of sun in a thunderstorm of ugly URLs. The core responsibility still lies on the developer, this just tries to make things a bit more bearable.
I haven't seen web servers send back different pages for non-Mozilla browsers since Mozilla browsers were selectively served frames[0], which is why most User-Agent strings contain "Mozilla". Despite whether this is a good idea or not, it's nostalgically entertaining to see history repeat itself like this.
I'm all for Google fixing their mess of communications platforms, but by attempting to consolidate those into a proprietary solution, I fear they've doomed it to the same fate as Google Wave.
If they were to at least include support for XMPP clients, they would be golden; however, the opposite appears to be true.
After they captured a good chunk of the RSS eyeballs, then pissed off the users, I'm wary of anything Google does. I'm going to have to spend a significant amount of time decoupling myself from their existing services.
I think Google is not much concerned about the crowd which loves to brew its own coffee(HN and the elk) and curate their Ghostery/ABP prefs, but they are rather focussed on the majority which loves to buy things online and also click on ads and hardly care how much Google reads their email.
