Skip to content

Google modifying links in Gmail raising security concerns

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on telegram
Share on whatsapp
Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Despite Google’s recent update to Gmail’s logo so that all google services look unified and follow the same design scheme, now google is making modifications to URLs when received by IMAP users and other external clients.

The addition of new features or design changes doesn’t cause many problems when it happens on social media or entertainment sites. But email’s are the supreme form of communication where serious links would be sent.

This tweak by Google makes it impossible for IMAP users to see the original email without logging into the web interface, due to the fact that it breaks verification of the cryptographic signatures.

Gmail Security - Google modifying links in Gmail raising security concerns
Google modifying links in Gmail raising security concerns 3

Google is the largest e-mail provider in the world, offering both consumer-targeted Gmail product and G Suite for business customers. For some users, it is such that Google is actually modifying URLs instead of using their own link-checking and redirect service. This requires the body of the email to be edited before it reaches the user. External email clients that fetch email over IMAP are affected, with no way to access the original raw email they were sent.

Initially, it was thought that the editing was happening within the Gmail app or through their web client. However, Google confirmed that this is a new feature and is being rolled out to G Suite customers. In addition to that, you can disable this if you want to. Google calls this “Click-time link protection in third-party email clients” which you can read more about here.

Gmail Security - Google modifying links in Gmail raising security concerns
Google modifying links in Gmail raising security concerns 4

The intention of this feature is to prevent phishing attacks with Google’s redirect service including a link checker to warn users who are traveling to potentially dangerous sites. However this explanation is not satisfactory for the average person, forcing users to head to a Google server to view the original URL they were sent is to many an egregious breach of privacy, and a security concern to boot. Moreover, the Company hasn’t shown any warnings or notified its users prior to implementing this feature.

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on telegram
Share on whatsapp
Share your thoughts!
Join our community and share your thoughts about this article with thousands of people like you. You can ask questions, give answers, and do more. Don't miss out on all perks you will have as a community member, join now.
Join the TUX Community!
Join our tech community and meet people like you. Post and discuss about computers, smartphones or any other gadgets. Feel free to sign up now, it only takes a few seconds!