Gmail for android silently overwrites links in your emails, so it can track what you open
I clicked on a link inside an email from a privacy service, and was surprised to see they used google tracking for their stuff, so I opened it in thunderbird and behold, it had no tracking.
But the worst part is… if I went back again and long pressed the link on gmail, it showed the link preview, WITHOUT the tracking. There’s some kind of rule, so try it first on a new, unopened email, without long clicking. You’ll need something to intercept it because the browser will just redirect to the main link.
Imagine the mailman looking at you, noting down which letters you open, it’s crazy.
I noticed this thanks to link eye, an app that intercept all browser links and shows a list of supported apps, so you can redirect to the preferred one. It also displays the link, it’s abandoned but still working.
I’m 99% sure I have all the privacy stuff set correctly. I suppose it may also happen on desktop/ios, but I have no way to check it
Also fedia is not showing me a field to set the post title, so I’m sorry if everything ends up in the title or if the title is empty
Does the same thing from gsheets. Cracks me up seeing it try to track an Aspera ssh tunnel that’s literally only accessible from one IP.
Yes, this is shitty and grey pattern behaviour designed to fool even more seasoned email users into giving up more privacy.
However, do not use gmail for anything if you value your privacy. Failing that, there is no need to ever use the Gmail app, can easily use any of a hundred other mail apps on Android.
I already have another service, sadly these are “legacy” accounts that I cannot discard
Then use FairEmail for that account.
Then use the thunderbird app!
And/or try to change the email address these services use
The issue isn’t even which app you read email with anyway; Google is actually modifying your raw email content to embed links within tracking urls. They do it to calendar links as well, and they’ve been doing this for at least a few years now.
Absolutely everything is tracked in Gmail. Spend an extra second hovering over the send button for Sara’s email and it will be in their data model for you. That’s the whole point of Gmail for them.
Even without redirect links, it would be entirely possible to use other app mechanisms to track which links are clicked.
Ha, clicking links, like, with a mouse? https://addons.mozilla.org/en-US/firefox/addon/vimium-c/
I remember being real excited about the eye tracking software getting better, as it meant we’d likely be able to communicate with my aunt better (we can communicate To just fine) and then thought about how we have these cameras pointed at our faces a lot.
Outlook replaces weblinkes in emails as well, to a “safelinks” redirect URL. Certainly a security feature, but man it’s annoying. Not just the redirect, and the potential tracking, but when a readable URL to my build server build turns into a multiline cryptic unreadable mess and then pollutes my webbrowser history - fuck.
I already thought about a Thunderbird extension where I can replace them back to their original.
(My workplace uses Outlook.)
But does it do this even if you access Outlook from the web at: outlook.office365.com
That’s what I do for ny work. I don’t have the app installed and just check manually.
When I access through Thunderbird via IMAP the emails have been rewritten. It’s not local to the Outlook client software.
I think my webmail is
outlook.office.com, dunno if that’s the same asoutlook.office365.com. It may be a org/account setting managed by my org. Maybe you also don’t receive emails with unlabeled links, where it’s very obvious that they’re replaced. On linked text, only if you notice the URL you’re opening.
It’s literally never done anything except add delay. It shouldn’t be showing the fucking link if its dangerous especially because there’s ways around it.
Like they’re not just tracking it in the browser and OS anyway.
@Blackmist@feddit.uk - I have heard people make comments on the same lines before. Generally my response is - “oh, so that makes it ok?”
But I want to do better. Could you please help me understand what’s the underlying point you were trying to make? Thank you!-
Did you think an amazing system like Gmail was free? I know when I use stuff like that what the cost is but I get virtually nothing important in email anyway.
until google decides that your online behavior is bad and blocks your access to your gmail account because you criticised fascism
That is why I, as a citizen, am always on my best behavior.
… like banking alerts, your vehicle registration renewal notices, and tax e-filing updates? What world do you live in for email to not be critical?
They mostly just say, log into blah blah to read a message. Not exactly a treasure trove of data
I suppose, but some of them show your actual balance, etc.
Outlook does this, too. All in the name of security, of course.
Yeah, their financial security, and no one else’s anything.
Can confirm.
Within the last week or two I started fully committing to Tuta and I don’t give out any of my gmail addresses for anything. I wish I’d done it sooner.
Soon (maybe this week) I’m going to buy a device to use as an Immich server. People online say they’ve had good performance with a Raspberry Pi 5 so I’ll probably try that first.
Fuck Google.
It’s not just their mobile app. Gmail on desktop browsers (firefox) does something similar. You can see it in your “history” after clicking a link.
Not shocking as how else does google pay for Gmail if it can’t build a better advertising profile on you?
gmail does this in general. whats really annoying is you can use the browser copy clean link and im not sure if they are not following standards or what but you still get the google encapsulated link.
That useless “feature” has never worked for me, I think literally once. I use my own AutoHotkey link-cleaning script that I have yet to find out how to port over to Linux.
I should do something like that but im lazy and just mannually delete the begininig part.
Hi, just tested and it’s not doing this to me. Links are showing, copying, and opening correctly.
May I ask how you checked for any redirects?
Sorry, probably I had outdated app version, now I clearly see google.com loading first. Disgusting.
mine is redirecting to Google first. fucking gross, the fact that they are doing this on mobile only, where it’s harder to notice it is shitty as hell
Same, I click a link and see a moment of it loading “www.google.com” before loading the actual site linked
Do K9 or thunderbird mail on Android do this? (even if you use gmail as backend?)
No, only the official google clients do link hijacking. Thunderbird doesn’t do it.