Google is Testing Self-Destructing Emails in New Gmail

The upcoming update to Gmail might include a feature which would allow users to send emails that expire after a user-defined period of time. From a report: Working on an email service is hard as you have to be compatible with all sorts of email providers and email clients. But it doesn't seem to be stopping Google as the company is now evolving beyond the simple POP3/IMAP/SMTP protocols. Based on those screenshots, expiring emails work pretty much like expiring emails in ProtonMail. After some time, the email becomes unreadable. In the compose screen, there's a tiny lock icon called "confidential mode." It says that the recipient won't be able to forward email content, copy and paste, download or print the email.

Re: Screenshot...

Itâ(TM)s called the Investigatory Powers Act in the UK and itâ(TM)s actually 1 years retention of data for all national level or international level companies. Small, local companies donâ(TM)t have to comply. GPs claim of 7 years is based on the older Regulatory Investigative Powers from 2000-2016.

It applies to data and service providers so for the ISP itâ(TM)s web history, email, phone calls. For data and service providers its all data and meta data.

Itâ(TM)s a horrible piece of legislation and currently being fought in the UK courts by many parties. In the Mainland EU they are trying to pretend that they disagree with the UK at EU parliament level but have the same data collection program only itâ(TM)s classified in the EU so nobody talks about it. In the UK people in the know are raging but the general public have no idea.

The US is no better, infact the UK collects extra data in conjunction with the US as part of the US Prism Program

I work with these systems every day, I work digital forensics with a large police county. You donâ(TM)t even have to be law enforcement to get access, your kids school can request access, your doctor can request access, pretty much anyone in a public service job can request your web and email history.

First google link in search: https://www.theguardian.com/law/2015/oct/30/telecoms-companies-to-retain-browsing-data-under-new-law

Some of the Agencies that can access collected data:
https://www.independent.co.uk/life-style/gadgets-and-tech/news/investigatory-powers-bill-act-snoopers-charter-browsing-history-what-does-it-mean-a7436251.html

Re: Screenshot...

google doesn't delete anything. EVER. deleted emails? nope. dmca'd search results? nope. removed youtube videos? nope. nothing. ever. gets. deleted.

you don't need a reference to cite. they can't make money off anything that's been deleted. they can't have their treasure trove of data that makes TLAs and competitors drool, with deleted data.

Re:O rly?

[cstacy]

And they could enforce whatever nonsense in a browser visiting that link.

This means that mail reading apps need a new feature: auto-archive linked web content. When a message includes an (e.g. unlikely trivial IMG self-destruct implementation) link, and you have enabled (for this message, or for the domain) Show Web Content, then in addition to showing the content, you save it. If the pixels appear in your browser (or email app that includes a browser, like most do), then you can save them for yourself. Depending on how they write the Javascript, it might be less straightforward to analyze to get the desired content. (In the worse case, if it's in my video frame buffer...) But at the end of whatever nonsense Google (or whoever) comes up with, there is visible content such as an image. And there is no way to stop that from being automatically copied and conveniently saved as part of the message.

If I was making this feature in the app, I would automatically save the content the first time, along with retrieval metadata. That metadata could include the entire page contents (that is, the Javascipt and everything, not just all the downloaded pixels). This would then be hashed. On subsequent viewings of the message, I would compare the hash to see if I need to download another version. Message presentation would then include an indication that this was saved content, and indicate whether it had changed. Options on the message include: Always Show Original vs. Show Latest Content. Either way, the message presentation shows what's going on and let's you click to see other versions that you've captured.

Some people would like to see the latest content, presumably a little picture of a charred envelop and the words "Message self-destructed after reading on 4/1/2018 01:02:03 EDT". There could even be a setting in the app to disable offering by default the historical versions. Or even settings to disable capturing the initial version (or later versions, or more than x number of versions, etc.) For those who like to go along with the self-destruct fantasy.

There are security issues associated with this, most of which should already be addressed by existing apps, since people send HTML mail all the time. Basically what's going on is that every time you retrieve the message, you are downloading a new virus. And every time you display it you are executing potential malware (even if it's just showing you a captured JPEG, it could be a crafted one). General security principles should take care of stateful tactics based on having downloaded previous versions, but that's something to think about since you've now introduced thises new data store features into the app.

Re:O rly?

[93+Escort+Wagon]

If you're using Gmail you'll see it.
Otherwise you'll get an email with a link. The link takes you to Google Docs to view the shit.

We've spent the last decade or so training users never to click on links in emails. This seems like a good reason to double down on that practice.