The widespread takeaway from today's announcement that Google will start caching all remotely hosted images sent to Gmail users was that the move will hinder e-mail marketers and other nosy senders by preventing them from seeing recipients' personal information. But less reported was this: the move also promises marketers—and, indeed, other types of shady senders—a major silver lining.

That's because of two ways Google has gone about implementing the change. First, Gmail will begin displaying Web-based images by default, reversing the years-long practice of automatically hiding them unless a user clicks a button. And second, according to preliminary tests, the Google server that temporarily stores the image contacts the Web address where the image is hosted only after a user opens the message. And sometimes Google servers request the image each time the message is opened. That means for the first time in years, Gmail by default will allow senders who embed a unique image address in each message they send to know which ones are ignored, which ones are opened, and how many times they are viewed.

Rapid7 Chief Research Officer HD Moore sent several Gmail messages that contained Web-based images hosted on servers he controlled. Then he monitored the URLs of the images to see what happened. Each time, Google servers didn't download the images until after he opened the Gmail message and viewed the remote content. As Google promised Thursday morning, the new cached delivery system is safer and more secure, mainly because Web requests to view remote images are no longer made by the end-user computer. Having Google servers make the request instead prevents the image host from being able to see the receiver's IP address, browser version, or other system information.

This is mostly a terrific improvement and a good example of how Google frequently outperforms its competitors in offering security improvements such as always-on HTTPS Web encryption, SSL certificate pinning, and two-factor authentication. Unfortunately, Google made another move on Thursday that largely blunts those good works. By default, Gmail will no longer hide remote images. That means that unless users make changes to their default settings, it will be possible for senders to confirm whether a message sent to a Gmail address has been opened.

It's simple for senders to do this. Embed in each message a viewable image—or if you're feeling sneaky, a nearly invisible image—that contains a long, random-looking string in the URL that's unique to each receiver or e-mail. When Google proxy servers request the image, the sender knows the user or message corresponding to the unique URL is active or has been viewed. In Moore's tests, the proxy servers requested the image each subsequent time the Gmail message was opened, at least when he cleared the temporary Internet cache of his browser. That behavior could allow marketers—or possibly lawyers, stalkers, or other senders with questionable motives—to glean details many receivers would prefer to keep to themselves. For instance, a sender could track how often or at what times a Gmail user opened a particular message.

E-mail marketer Mail Chimp posted a blog post that supported Moore's findings. Google support pages also warn: "senders may be able to know whether an individual has opened a message with unique image links." Unfortunately, the significant caveat is missing from the blog post Google published Thursday.

Of course, Gmail users can easily prevent these details from being exposed by reversing the change Google is in the process of rolling out. But given the small percentage of people who change default settings for any software or service, it's a fair bet that most Gmail users won't bother. So kudos to Gmail for rolling out a safer way to deliver remote images, but let's not give too much credit. The way the new system works now, it also gives a major leg up to marketers and other senders many users would prefer to keep in the dark.