Google is Testing Self-Destructing Emails in New Gmail

The upcoming update to Gmail might include a feature which would allow users to send emails that expire after a user-defined period of time. From a report: Working on an email service is hard as you have to be compatible with all sorts of email providers and email clients. But it doesn't seem to be stopping Google as the company is now evolving beyond the simple POP3/IMAP/SMTP protocols. Based on those screenshots, expiring emails work pretty much like expiring emails in ProtonMail. After some time, the email becomes unreadable. In the compose screen, there's a tiny lock icon called "confidential mode." It says that the recipient won't be able to forward email content, copy and paste, download or print the email.

O rly?

I receive data on my computer. It is then uncrypted and displayed on my screen. Ergo, stored in clear in RAM. What prevents me from finding a way to copy-paste this data?

Re:O rly?

[MightyYar]

Nothing - it's not for you or any other thinking person. It's meant for the same people who use the other insanely popular "self-destructing" message apps. They undoubtedly know it is stupid, but ultimately they need to compete with stupid.

Re:O rly?

[ctilsie242]

I also receive data. The E-mail message gets read, and auto-archived on my encrypted IMAP server VM. Unless Google changes IMAP to have expiration dates and forces Dovecot to respect that, the message is going to remain.

Usually I see two ways of having disappearing E-mail work. One is that the E-mail stays with the provider. This works, but once a protocol like IMAP, POP, or another snarfs the E-mail and copies/moves it, that protection is useless. Another way is requiring a special extension, be it a web app, or the content only viewable in some specific program. That also works, but in the age of ransomware, who trusts running a content viewer?

Re:O rly?

[gnick]

...in the age of ransomware, who trusts running a content viewer?

Like Acrobat? I receive the occasional PDF and even include "New Features.pdf" with my software distribution.

Re: O rly?

Then it would have to eliminate every other worldwide email provider.

They're making strong inroads into just that.

Re:O rly?

[AvitarX]

Or, they could prevent you from sending them to non Google servers, or they could convert the email into a link as soon as it leaves Google (this could even be true for people receiving their Google mail via POP3 or IMAP). The link could be forwarded, but break in x number of days. And they could enforce whatever nonsense in a browser visiting that link.

None of this is to say it isn't stupid, simply that it's a pretty easy thing to do to force browser viewing of the email, no matter where it goes.

I highly doubt they'll be able to effectively block printing and copy paste from a web browser.

Re:O rly?

[goose-incarnated]

I also receive data. The E-mail message gets read, and auto-archived on my encrypted IMAP server VM. Unless Google changes IMAP to have expiration dates and forces Dovecot to respect that, the message is going to remain.

Usually I see two ways of having disappearing E-mail work. One is that the E-mail stays with the provider. This works, but once a protocol like IMAP, POP, or another snarfs the E-mail and copies/moves it, that protection is useless. Another way is requiring a special extension, be it a web app, or the content only viewable in some specific program. That also works, but in the age of ransomware, who trusts running a content viewer?

I use IMAP to read gmail. I'm probably not the only one. They would have to disable IMAP/POP for those messages. Then they would have to enforce gmail usage via their chrome browser only so that they can lock down the copy-n-paste hole.

Ultimately it becomes a proprietary message reader that can also read emails and surf the web (approved content only)! Once the a monopoly is achieved they can introduce foolproof google-only DRM into their browser.

The DRM won't be used for Hollywood releases, it will be used to detect wrongthink.

Of course proprietary email standards never took off before, so there is not reason to be afraid that it will take off now.

Re:O rly?

[the_B0fh]

They don't send you an email. They send you a link to the email. That's how they control it. All you have is a link.

Which is still stupid, but.

Re:O rly?

[fahrbot-bot]

They would have to disable IMAP/POP for those messages. Then they would have to enforce gmail usage via their chrome browser only so that they can lock down the copy-n-paste hole.

And two more words: Screen Capture

Re: O rly?

[sexconker]

The whole thing is nonsense. To get it even close to being workable google would have to remove pop3, imap and smtp support from gmail to start. Then it would have to eliminate every other worldwide email provider. Even then, unless you are on a chromebook or stupid enough to use the gmail app on iOS or Android there is still no way to enforce it.

But but but snapchat; all the left wing brain dead kids cry. Yes because nobody ever took a screenshot of a naked snap and posted it to the inter webs did they...

Nah.

If recipient address ends with @gmail.com or any other @domain.tld that Gmail manages, they get the email with the new bullshit.
Otherwise, they get an email with a link to a copy of the actual email in Google Docs. The link expires at a certain time.

In both instances, the page is riddled with Javascript cancer to prevent copying and pasting. Anyone with a brain will still be able to retain/copy/share it, of course.

Re:O rly?

[sexconker]

If you're using Gmail you'll see it.
Otherwise you'll get an email with a link. The link takes you to Google Docs to view the shit.

Re:O rly?

[wwphx]

And in case they disable that, three words:

Camera in cellphone.

Re:O rly?

[taustin]

If I can read it, I can copy it. The only way to keep me from copying an email is to keep me from reading it.

Re:O rly?

[aaarrrgggh]

But there is no way to plug the analog hole. You can still take a screenshot... it might need to be from another device, but it is there.

But, one thing works in its favor-- verification. If I have a screenshot of a document there is no way for me to prove its authenticity. Without some kind of verification means, much information loses its value.

Re:O rly?

[cstacy]

And they could enforce whatever nonsense in a browser visiting that link.

This means that mail reading apps need a new feature: auto-archive linked web content. When a message includes an (e.g. unlikely trivial IMG self-destruct implementation) link, and you have enabled (for this message, or for the domain) Show Web Content, then in addition to showing the content, you save it. If the pixels appear in your browser (or email app that includes a browser, like most do), then you can save them for yourself. Depending on how they write the Javascript, it might be less straightforward to analyze to get the desired content. (In the worse case, if it's in my video frame buffer...) But at the end of whatever nonsense Google (or whoever) comes up with, there is visible content such as an image. And there is no way to stop that from being automatically copied and conveniently saved as part of the message.

If I was making this feature in the app, I would automatically save the content the first time, along with retrieval metadata. That metadata could include the entire page contents (that is, the Javascipt and everything, not just all the downloaded pixels). This would then be hashed. On subsequent viewings of the message, I would compare the hash to see if I need to download another version. Message presentation would then include an indication that this was saved content, and indicate whether it had changed. Options on the message include: Always Show Original vs. Show Latest Content. Either way, the message presentation shows what's going on and let's you click to see other versions that you've captured.

Some people would like to see the latest content, presumably a little picture of a charred envelop and the words "Message self-destructed after reading on 4/1/2018 01:02:03 EDT". There could even be a setting in the app to disable offering by default the historical versions. Or even settings to disable capturing the initial version (or later versions, or more than x number of versions, etc.) For those who like to go along with the self-destruct fantasy.

There are security issues associated with this, most of which should already be addressed by existing apps, since people send HTML mail all the time. Basically what's going on is that every time you retrieve the message, you are downloading a new virus. And every time you display it you are executing potential malware (even if it's just showing you a captured JPEG, it could be a crafted one). General security principles should take care of stateful tactics based on having downloaded previous versions, but that's something to think about since you've now introduced thises new data store features into the app.

Re:O rly?

[o_ferguson]

Conversely, once this "feature" is poplar, you can just produce a "screenshot" of whatever shit you want, and then claim it was sent as an "expiring email." No need to prove it was actually sent anymore. Anyone who uses "expiring email" willingly opens themselves up to whatever fakes other people desire to produce.

Re:O rly?

[skids]

Without some kind of verification means, much information loses its value.

Trusted timestamping the screenshot is probably better proof even than having it in your inbox, as there's no telling how easy forgeries are to send through the system on a closed source SaaS.

Re:O rly?

[novakyu]

Not to mention the literal photo shot of the literal screen that you can read. Short of showing the message only in some kind of retina projector (with necessary authentication mechanism to ensure somebody can't just replace the eye with other sets of optics), who are they kidding themselves about these "self-destructing" emails?

Re:O rly?

[Obfuscant]

you can just produce a "screenshot" of whatever shit you want, and then claim it was sent as an "expiring email." No need to prove it was actually sent anymore.

I have no idea where you got this idea from. Are the laws different on your planet than here on planet Earth? If you want to claim an email is valid, you do still have to prove it was sent, even if it was sent using an expire flag. You can't just make stuff up and claim that you don't have to prove it is real because you say it came from Gmail's expiring email system.

Re:O rly?

[93+Escort+Wagon]

But, one thing works in its favor-- verification. If I have a screenshot of a document there is no way for me to prove its authenticity. Without some kind of verification means, much information loses it's value.

Unless the email trail is 100% through Google's servers (and probably even then), it will contain headers which allow tracking of the email across the servers which have handled it. So I would think you could "Show Original", then save that as a PDF or take a screenshot, and be able to verify the veracity of your copy.

That said - I generally use IMAP (via an application like Apple Mail or Thunderbird) to check my work mail, which is Google apps-based. Should I start getting messages that say something like "you must click on this link to view this email", I will either ignore the message as spam or respond to the sender telling them why I am not going to click on a link which purports to show me an email message. But I can't believe the bright minds at Google would be stupid enough to not see the problems in doing something like that (/snark)...

Re:O rly?

[93+Escort+Wagon]

I use IMAP to read gmail. I'm probably not the only one. They would have to disable IMAP/POP for those messages.

In which case I would either ignore the message, send it to spam, or email the sender back with some variation of "I can't read that message" (possibly with either feigned ignorance or snarky smugness, depending on the sender).

Re:O rly?

[93+Escort+Wagon]

If you're using Gmail you'll see it.
Otherwise you'll get an email with a link. The link takes you to Google Docs to view the shit.

We've spent the last decade or so training users never to click on links in emails. This seems like a good reason to double down on that practice.

Re: O rly?

[Obfuscant]

Your examples are the exact opposite of what was being responded to. Denying that an email was sent is not the same as trying to forge an email and then claiming it cannot be denied because it was "expired". It's not "you can't prove I was stalking you by email because you have no email", it's "I can prove you were stalking me by email because I have a screenshot of a google expired email and I don't have to prove you sent it because it was sent using expiration." That last clause is the ridiculous claim.

Re: O rly?

[c6gunner]

Putting a trusted timestamp on a screenshot doesn't prove it's legit; it just tells you that if I forged it, I did it prior to the date of the timestamp.

Re:O rly?

If you say so. Go ahead and try to copy a 20 dollar bill on a copy/scan/fax machine. Attempt to playback some bootleg movies on official blue-ray players. Both things will only copy/play the content for a short period before stopping. That fingerprinting tech can be brought into computers, phones, and cameras to stop people from taking pictures or or viewing a ton of content.

The analog gap is slowly closing though a combination of technical and legal means. There will always be ways around it until we get chips embedded in our brains, but it increasingly becomes not worth the effort.

Re:O rly?

[Cederic]

in the age of ransomware, who trusts running a content viewer?

The 70% of web users that use Chrome.

Google could tell the other 30% that they can't view these emails.

Re: O rly?

[skids]

That's correct. However, contemporaneous records have some legal standing in building an overall case of credibility. Especially if they were taken before there was a plausible reason or means to produce a forgery.

Re: O rly?

[skids]

I don't think you understand how TSS works. The supplicant's clock is never used. What a TSS proves is that didn't alter whatever you are timestamping after a certain time. If other evidence can build a reasonable case that you did not have the means or motive to produce a forgery before then, it has value as evidence.

Re: O rly?

[unrtst]

That was the exact opposite on purpose!

One side of the case could claim, "you can't prove I was stalking you by email because you have no email".

The other side can claim, "I can prove you were stalking me by email because I have a screenshot of a google expired email".

Who is the court going to side with? Either google will need to prove it one way or the other, meaning it didn't actually go away, or they'll have to pick one of the above. If there is supporting evidence of stalking, it might be enough to convince the jury, especially if it's a civil case.

None of this matters though, cause people will find easy ways to make legit copies of it quite quickly. There doesn't need to be a provable paper trail back either, since email is already very easy to spoof but can still be used as evidence.

Screenshot...

[b0s0z0ku]

So easy to take a screenshot. Also, it's ultimately up to the browser whether to enable copy/paste or not.

Re:Screenshot...

[Joce640k]

Screenshots would never be admissible as evidence.

Re:Screenshot...

[MightyYar]

Are you saying that ironically?

Re:Screenshot...

[MobyDisk]

FYI: Just because something can be doctored does not mean it is not permitted as evidence. The most common form of evidence is witness testimony, which is inaccurate, easily altered, and degrades over time.

Re:Screenshot...

[Kielistic]

Are they going to block copy and paste with Javascript? I'm sure that will prevent copying and pasting.

Re:Screenshot...

emails can be doctored almost as easily as screenshots.

Re:Screenshot...

[alvinrod]

Assuming it weren't, it wouldn't be too much more difficult to take a video of the entire process of opening the email. Even better if as you take that video it is uploaded some some cloud service that time stamps everything as well. At some point you've got evidence that is every bit as good as the email itself and if you won't accept that, then what good would the actual email do as evidence?

Re: Screenshot...

[aviators99]

Can someone point me to a reference that states that GMail keeps messages more than a month after deletion, as AC parent says?

Re:Screenshot...

[phantomfive]

Basically they are worried that other companies (proton mail) are gaining marketshare by having this feature. It's not about whether the feature works, it's about whether they can click the 'feature' checkbox.

Re:Screenshot...

[Rick+Schumann]

Or pull out your phone and take a picture of your screen. Stick a post-it note with date and time handwritten on the screen, if you really need proof of when it was taken.

Besides which all this doesn't federal law mandate that ISPs have to retain copies of all email sent and received for, what 18 months or something like that? If someone really had a legal reason to see it, they could get a court order demanding it anyway?

If there's something you don't want other people seeing, maybe you shouldn't use email of any kind for it.

Re:Screenshot...

[nine-times]

I think that misses the point somewhat. The purpose isn't to necessarily to prevent the recipient from having continued access to the information if they want it. The point is to prevent the recipient from leaving the message in their inbox out of carelessness.

It's not uncommon for someone's email account to be compromised, and then the attacker might have access to every email ever sent or received from the account. If you "expire" emails after some period of time, it lowers the risk that those emails will be compromised during that kind of attack.

Re:Screenshot...

[angel'o'sphere]

Why?
Evidence is evidence.
Come back to me when they come for you because of the child porn screen shots on your computer.

Re: Screenshot...

Itâ(TM)s called the Investigatory Powers Act in the UK and itâ(TM)s actually 1 years retention of data for all national level or international level companies. Small, local companies donâ(TM)t have to comply. GPs claim of 7 years is based on the older Regulatory Investigative Powers from 2000-2016.

It applies to data and service providers so for the ISP itâ(TM)s web history, email, phone calls. For data and service providers its all data and meta data.

Itâ(TM)s a horrible piece of legislation and currently being fought in the UK courts by many parties. In the Mainland EU they are trying to pretend that they disagree with the UK at EU parliament level but have the same data collection program only itâ(TM)s classified in the EU so nobody talks about it. In the UK people in the know are raging but the general public have no idea.

The US is no better, infact the UK collects extra data in conjunction with the US as part of the US Prism Program

I work with these systems every day, I work digital forensics with a large police county. You donâ(TM)t even have to be law enforcement to get access, your kids school can request access, your doctor can request access, pretty much anyone in a public service job can request your web and email history.

First google link in search: https://www.theguardian.com/law/2015/oct/30/telecoms-companies-to-retain-browsing-data-under-new-law

Some of the Agencies that can access collected data:
https://www.independent.co.uk/life-style/gadgets-and-tech/news/investigatory-powers-bill-act-snoopers-charter-browsing-history-what-does-it-mean-a7436251.html

Re: Screenshot...

google doesn't delete anything. EVER. deleted emails? nope. dmca'd search results? nope. removed youtube videos? nope. nothing. ever. gets. deleted.

you don't need a reference to cite. they can't make money off anything that's been deleted. they can't have their treasure trove of data that makes TLAs and competitors drool, with deleted data.

Re:Screenshot...

[Ol+Olsoc]

Screenshots would never be admissible as evidence.

If a text email is allowed, but not an image, it would be allowing a lesser secure mode as legit.

I can alter a text message with no problem at all. I'm good at photoshopping too, but would almost certainly leave some evidence that I altered an image.

Re:Screenshot...

[tlhIngan]

Also, it's ultimately up to the browser whether to enable copy/paste or not.

And I know Firefox lets you bypass those blocks by holding the Shift key and right-clicking. (This stops Javascript execution of the right-click event, so the regular right-click Firefox menu will display with all the normal options).

I assume other browsers have similar features to bypass Javascript.

Re:Screenshot...

As a real lawyer, I use screenshots all the time. Usually, I use them with text messages and Facebook posts, but I could see it working here too. The courts I am in front of allow screenshots because a lot of time, they are the only evidence available in a way accessible to the Court. The thinking of the courts is that you want the best evidence available to be what is admitted. If you don't have the better evidence but have a good reason why, they will let you do so.

You cannot haul your cell phone provider in front of the court for every little dispute, nor can you bring Apple, or Facebook, so they let in screenshots. In the case of emails, they prefer printouts with full headers but not everyone knows that so in small claims, they will allow lesser evidence in.

In this case, because the email, by its nature, destroys itself, screenshots are all that would remain of said email. Therefore, the best evidence available to a party is the screenshot, so if the disagreement is about the content of the message, then screenshots will almost have to be admitted if the actual content is in dispute. No better evidence + Good reason why == admissible evidence. Of course, all this assumes there are no other objections to the evidence (relevance, hearsay, privilege, etc.).

Re:Screenshot...

[jordanjay29]

Someone who sends confidential information by way of unencrypted email need not be concerned about the security they don't have.

Re:Screenshot...

[AvitarX]

I have literally never seen a text or a facebook post admitted any other way.

What do you think they do for that type of information?

Re:Screenshot...

[Bruce+Perens]

Screenshots would never be admissible as evidence.

It's really astonishing how a statement so at odds with the law, and maybe even common sense, could be up-moderated on Slashdot.

Screenshots are entirely admissible as evidence and have been used successfully in many cases.

All evidence comes with the testimony, under oath, of the person who provides it. So, just as a photographer would testify that photographic evidence - which is certainly nothing new - is unaltered, a person providing a screenshot would testify about how they acquired it and would attest that it is unaltered.

Re:Screenshot...

[nine-times]

Again, I think you're missing the point. These services that send self-destructing emails aren't sending them unencrypted.

Re:Screenshot...

[Obfuscant]

Besides which all this doesn't federal law mandate that ISPs have to retain copies of all email sent and received for, what 18 months or something like that?

I have no idea what the law is, but many organizations (companies, e.g.) require retention of all official communications in case there are lawsuits about stuff.

One professor here moved from 'professor' to 'associate dean' and because of that had to move her email from the local system over to the university email system that retains everything.

This Gmail feature will be a lot like the Exchange "recall email" feature. On a semi-regular basis I get email from some Uni official who then five minutes later changes his mind and tries to recall the message. I see both the original and the recall because I'm not on Exchange. It's funny.

Re:Screenshot...

[PixelPusher1532]

It's really astonishing how a statement so at odds with the law, and maybe even common sense, could be up-moderated on Slashdot.

I was going to say "you must be new here", but you have a four digit ID.

Re:Screenshot...

[Kjella]

Well I'd argue the opposite is true - the probability that someone will allege or deny something happened is inverse to the probability that the information was stored permanently. If I got a self-deleting email claiming it'd be gone soon the first thing I'd do is pick up my cell phone and make a picture. Why? I don't know why, but it'd be freaky. And you know it would be abused to say send dick pics to women (or girls?) and then denying it ever happened. Apart from not working, making messages ephemeral is not really a good thing. Sometimes logs are bad. Sometimes logs are good.

Re: Screenshot...

[aviators99]

The link explaining the law only talks about browsing data. Not e-mail messages. I researched this earlier in the year and could not find any mention of e-mail retention by GMail. But would like to know if it's true.

Re:Screenshot...

[Waccoon]

One screenshot isn't. 50 screenshots from different sources can be cross-referenced.

Re:Screenshot...

[nine-times]

If I got a self-deleting email claiming it'd be gone soon the first thing I'd do is pick up my cell phone and make a picture. Why? I don't know why, but it'd be freaky.

Well that's a bit silly and childish.

I've seen these kinds of emails in use, and the way I've seen it used has been in business settings, for things like, "Hey, I'm sending you this confidential information. Please note that this email will expire in 48 hours. Make a copy of this information for your own records." Again, it's not to prevent the recipient from having continued access to the information if they want it. It's ineffective for that purpose. The purpose is more to prevent information from leaking to third parties in the event of an email breach.

The biggest value of these things isn't even about the fact that it can be set to expire. Email is totally insecure, and these kinds of messages allow for some security. The actual message isn't sent in plaintext via SMTP and isn't stored on the recipient's server. Enabling the message to expire is a bit of a handy side-effect.

Confused

[SuperKendall]

So wait, in one story summary Google is fighting against the right to be forgotten, and in another they are developing self-deleting emails?

Wha?

Re:Confused

It's perfectly consistent.

The email are 'self-destructing' only from the user's perspective. Google can still read them.

Re:Confused

[Brett+Buck]

Google and its customers (hint: you are NOT the customer) will still have full access, only users will be inconvenienced.

Re:Confused

[Joe_Dragon]

and send them to the FBI

Re:Confused

[quintus_horatius]

Different departments, different people, different agendas

Re:Confused

[Wrath0fb0b]

You are very confused. The RtbF is the right to demand that others remove or delist content that they created about you. For instance, let's say a journalist from the BBC wrote an article detailing your white collar fraud conviction and subsequent appeal. In any reasonable sense, we could say that this article belongs to the BBC.

The Right to be Forgotten says that John Disley has the right to make Google delist this article so that it does not show up when someone searches for his name. It's not his article, it's not Google's article -- the article belongs to the BBC but the RtBF says that he has the right to have Google delist it.

It is very confused to equate this with the idea that if John Disley writes an email, it's at least plausible that he could request that it be deleted by the recipient after reading it.

[ Note: the BBC helpfully publishes a list of all RtbF articles so you can see for yourself what sort of things are requested to be delisted and make your own informed decision. ]

Re:Confused

[MerlinTheWizard]

It's obvious. The FBI would be potentially deprived of information if the emails were destroyed permanently. So this is never going to happen.
It's just a step towards getting the legal right to block access to any user's e-mails at Google's will IMO.
I can't see any benefit for the user, except malicious. Short-term email? Is it hard to delete it with a click in a fraction of a second? Seriously?

Re:Confused

[MerlinTheWizard]

The right to be forgotten, as you said, is very different from the right to suppress something you write to specific recipients. The latter even looks like 1984. And this is more disrupting that it may seem. Permanent vs temporary has been the fundamental distinction between oral communication and written communication in man's history.
Of course, as long as there are other email solutions and that Google's "innovations" don't get standardized, you're free not to use Google and not be bothered. To be used, this feature implies that both ends of the email use Google. Just plain stupid (and arrogant).

Extensions?

[hcs_$reboot]

Not long before a bunch of extensions are released to automatically save a copy of all these "self destructive" emails...

DRM for emails?

[TimMD909]

DRM for emails? Do not want.

Snapchat, LAWL

[nctritech]

It's Snapchat for email. Snapchat is stupid. This is stupid. *takes screenshot*

the further proprietization of email.

[nimbius]

self-destructing, secured, or even recall-able messages have been the hallmark of feature sets demanded by users without so much as a cursory understanding of email. Since most of human civilization uses GMail im sure the hubris of google rides high in testing this new "feature" but for power users or those outside the domain of the big G, this is feature is as useless as 'do not track.'

mash away at self destruct all you like. Once the message leaves your Google mailserver and enters my Postfix, its mine.

Re:the further proprietization of email.

[RedEars]

Your forgot the "Mwahahahaha..." at the end.

Re:the further proprietization of email.

[Dr.+Evil]

Embrace, extend, extinguish.

Remember to use takeout.google.com to get your mbox before you shut down your gmail.

I’m so sick of these ‘free’ accounts.

Re:the further proprietization of email.

[sjwest]

Microsoft have a similar feature, which looks retarded outside of exchange sites and makes the staff using that feature still look like idiots.

I once had a mainframe email account with such a feature.

I wonder what the us courts think about use of such features legacy it might be evidence tampering.

Mission Impossible

[Zorro]

Your mission Dan/Jim, should you choose/decide to accept it, ... As always, should you or any of your Force be caught or killed, the Secretary will disavow any knowledge of your actions. This tape/disc will self-destruct in five/ten seconds. Good luck, Dan/Jim.

Embrace, extend, and extinguish?

[mi]

the company is now evolving beyond the simple POP3/IMAP/SMTP protocols

I find this rather worrying for the future of e-mail...

Re:Embrace, extend, and extinguish?

Google has gotten a lot worse and more evil than Microsoft ever was.

Should be illegal, allows sender to be in control

[SysEngineer]

It is your mailbox, the receiver legally has the right to control their mailbox. That is like saying SPAM can not be deleted. But still Google has the email on their server. This takes the control of your email away from you. Very Microsoftish, knowing what is best for the user.

Google gets a Govt. order to disclose &

[BoRegardless]

Is Google going to have to turn over their backed up server data?

Re:Google gets a Govt. order to disclose &

[jader3rd]

Is Google going to have to turn over their backed up server data?

Why do you think Google has backups? Backups are way too expensive for an operation their size.

Translation provided

[Chris+Mattern]

"the company is now evolving beyond the simple POP3/IMAP/SMTP protocols."

Translation: "Those leave complete control of the recipients mailboxes in the hands of the recipient. We can't have that."

Wut?

[HeckRuler]

It says that the recipient won't be able to forward email content, copy and paste, download or print the email.

BWAHAHAHAHAHAHAHAHAHAH!!!!

holy shit how far has Google fallen!?

I remember when they wouldn't even try to float that one by the general populace because they know that we're going to read it.

God DAMN, has this "post-truth society" thing really infected everyone else?

Works how I expect - with a Google link

[m.w.hurley]

Did anybody read the article? Funny I know. Looks like it will work like our company's secure email used internally for PHI. When I get a secure email I get a link to the secure email system. If you're a gmail user, Google will magically make it load like a regular email. If you're running your own email server or are otherwise outside gmail, all you'll have in your system is the link.
Yes you can work around it with a screenshot or copy/paste. But the act of running your own system will not magically make it be in your system unless you do something manually like that. Maybe some wget shenanigans.
I wonder how doing that will play out with various computer usage laws in place in US or elsewhere. Same for that proton mail I saw mentioned in the article. Sure the data's in your system, but if you're told up front that you're not allowed to store it outside of their system, would that be breaking the law? Or how could it play out during e-discovery if one of these manually saved emails is found after the expiration date? So maybe not only could you be "violating" Google's access policy, but would you also "violate" the Google user who sent the message?

Re:Works how I expect - with a Google link

[m.w.hurley]

I haven't posted to Slashdot much. Looks like I'm in HTML edit mode which should have automatically put line breaks at my line breaks but as you can see it's all one blob. How do I fix this?

Re:Works how I expect - with a Google link

[m.w.hurley]

I see the line breaks now. Thanks.

Re:Works how I expect - with a Google link

[m.w.hurley]

When I posted this, I had blank lines between paragraphs. Looks like they got eaten into one line break.

April Fools?

[CanEHdian]

If your April Fools stunt is delayed from some reason, that's not to be taken as releasing it later. These jokes are only funny on the morning of April 1st.

The only reason you might want this is for emails that are only relevant for a short period of time e.g. "Want to go for supper tonight?" and put a cancel-by time of 5:30pm, if you haven't heard back by then you can make other arrangements and your email will be gone so you won't have to worry, sitting at the fast food place putting a way a burger, gettting an email at 5:55pm saying "I'd be delighted! Pick me up at 6:30?". You can think of your own other scenarios for limited-time-relevancy emails that you don't want a whole thread about after-the-fact.

Just what bullies want

[jader3rd]

The ability to harass someone, and then have the evidence self destroy itself.

Confidential?

[plopez]

My ass. This is Goggle after all. Confidential except for advertisers, law enforcement, or intelligence agencies.

Big data backup

[stooo]

Why not ?
raid level 4-6 makes inexpensive redundancy.
Why would google not use a similar scheme to make an "online backup" without the expensive double storage need of conventional backup ?

Re:Big data backup

[jader3rd]

There's a difference between redundancy and backups. Google certainly has redundancy. I would be shocked if they have backups. And by backups I mean a disconnected, cold storage, copy of all of the data.

Re:Big data backup

[Kiwikwi]

We know GMail at least used to keep offline backups because they've had to restore from backups before.

Mission: IMPOSSIBLE

[p51d007]

Will it come with the (tv version) Mission: Impossible guy saying this tape will self destruct in 5 seconds...Good luck Jim!

Sounds like false security

[Khashishi]

It says that the recipient won't be able to forward email content, copy and paste, download or print the email.

Obviously impossible, unless the recipient also cannot read the email.

Re:Even if you can't take a screenshot...

[nctritech]

Stuff where JavaScript blocks things like copying text are also easily defeated. Holding SHIFT while right-clicking in Firefox seems to override most of the blocking stuff. If that won't work, the developer console is happy to help.

Re:"Confidential Mode"

[fish_in_the_c]

well presumably there would be some kind of encryption. How that works without exposing keys is a mystery to me.

Don't crush my groove, man!

[Impy+the+Impiuos+Imp]

"In fact, the only place it won't be destroyed is in our databases we give access to government! You have nothing to hide, repeal the 4th now!"

Too many idiots in this thread

[Chameleon+Man]

You all think you're so smart saying "Lol, I can copy/paste or screenshot it!". That's not the point, dummies! Say you want to send someone some info you don't want hanging around in their inbox. They get it, use the info to access...whatever...and then you get assured that they don't just hoard that email. If a user's email is compromised, it's just a house of cards as they can easily skim through and see all the services you're signed up for and reset passwords to those, including banking, credit cards, etc. It's advised to keep your inbox clean to prevent stuff like this from happening, at least now companies that send out the emails will have some control over this.

challenge accepted

[bobmajdakjr]

> It says that the recipient won't be able to forward email content, copy and paste, download or print the email. maybe your grandma wont be able to. rofl.

Is Google just a bunch of "UI experts" now?

[nightfire-unique]

Wtf Google. You used to be a company of engineers.

Microsoft Outlook already does this

[welshie]

but it's not documented. Try to send an Usenet-style Expires: header in the past to someone who uses Outlook / Microsoft Exchange, and see what happens.

Exactly

[fyngyrz]

If I can read it, I can copy it. The only way to keep me from copying an email is to keep me from reading it.

Yep. No matter what they do, there's always screen-capture, and if not at some point in the future with the OS (Windows and OSX and Linux can all do this at present), then with a camera; your phone or a DSLR or an HD video camera, etc.

If it's ever readable, it's readable forever if anyone who can read it wants it to be. End of story.

Embrace and extend

[s0lar]

We have seen this before - Microsoft called it "Embrace and exrend".

Actually, I am having trouble forming an opinion on this feature:

• It is a well-specified (i.e. with an RFC-like spec), forward-looking feature that has a chance of being adopted by the existing industry, or
• An idiotic, Google-centric toy with zero interop because, well, my world is Google and everyone uses GMail.

Stupidest shit ever

[GameboyRMH]

I've never considered moving off of Gmail as seriously as when I heard about this new idiotic anti-feature.

Almost thought there was a god

[some+old+guy]

I misread the title at first glance. Some Freudian node in my addled old brain saw it as Google testing self-destructing Gmail.

If Gmail were to suddenly vanish, I would have to re-think my atheism.

Comment removed

[account_deleted]

Comment removed based on user account deletion