Google modifying links in Gmail raising security concerns

Deprecated: ltrim(): Passing null to parameter #1 ($string) of type string is deprecated in /var/www/html/insights/wp-content/themes/jupiterx/lib/api/utilities/functions.php on line 152

Despite Google’s recent update to Gmail’s logo so that all google services look unified and follow the same design scheme, now google is making modifications to URLs when received by IMAP users and other external clients.

The addition of new features or design changes doesn’t cause many problems when it happens on social media or entertainment sites. But email’s are the supreme form of communication where serious links would be sent.

This tweak by Google makes it impossible for IMAP users to see the original email without logging into the web interface, due to the fact that it breaks verification of the cryptographic signatures.

Google is the largest e-mail provider in the world, offering both consumer-targeted Gmail product and G Suite for business customers. For some users, it is such that Google is actually modifying URLs instead of using their own link-checking and redirect service. This requires the body of the email to be edited before it reaches the user. External email clients that fetch email over IMAP are affected, with no way to access the original raw email they were sent.

Initially, it was thought that the editing was happening within the Gmail app or through their web client. However, Google confirmed that this is a new feature and is being rolled out to G Suite customers. In addition to that, you can disable this if you want to. Google calls this “Click-time link protection in third-party email clients” which you can read more about here.

The intention of this feature is to prevent phishing attacks with Google’s redirect service including a link checker to warn users who are traveling to potentially dangerous sites. However this explanation is not satisfactory for the average person, forcing users to head to a Google server to view the original URL they were sent is to many an egregious breach of privacy, and a security concern to boot. Moreover, the Company hasn’t shown any warnings or notified its users prior to implementing this feature.