Slashdot Mirror
Does Gmail's New 'Confidential Mode' Make It Easier to Phish? (vortex.com)
Gmail's new confidential mode lets its users create "expiration dates" for emails, or require recipients to provide an SMS passcode. (And Google also claims they've removed the option to forward, copy, download or print messages.)
But Slashdot reader Lauren Weinstein warns that Google is also opening up a new vector for phishing emails: The problem arises since non-Gmail users cannot directly receive Gmail confidential mode messages. Instead...when a Gmail user wants to send a non-Gmail user such a message, the non-Gmail user is instead sent a link, that when clicked takes them to Google's servers where they can read the confidential mode message in their browser.
The potential risks for any service that operates in this way are obvious. Those of us working on Internet security and privacy have literally spent many years attempting to train users to avoid clicking on "to read the message, click here" links in emails that they receive. Criminals have simply become too adept at creating fraudulent emails that lead to phishing and malware sites.
But Slashdot reader Lauren Weinstein warns that Google is also opening up a new vector for phishing emails: The problem arises since non-Gmail users cannot directly receive Gmail confidential mode messages. Instead...when a Gmail user wants to send a non-Gmail user such a message, the non-Gmail user is instead sent a link, that when clicked takes them to Google's servers where they can read the confidential mode message in their browser.
The potential risks for any service that operates in this way are obvious. Those of us working on Internet security and privacy have literally spent many years attempting to train users to avoid clicking on "to read the message, click here" links in emails that they receive. Criminals have simply become too adept at creating fraudulent emails that lead to phishing and malware sites.
And Google also claims they've removed the option to forward, copy, download or print messages.)
So then you just print screen or take a picture of the email and then just transcribe it?
"Those of us working on Internet security and privacy have literally spent many years attempting to train users to"
So... tell me your success stories.
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
That's fine really, because I have yet to come up with any legitimate reason to use this "service". If someone sends me one of these, I'll just send it to spam right away because there's no way it's a legitimate email.
I would recommend that anyone running a mail server should probably do that system wide.
Microsoft has had this service for awhile: confidential and expiring email. If you’ve done a loan or bought house in the last two years, you may have encountered it. Usually the loan or escrow company calls me ahead and tell me to expect it. So the best practice for these type of emails would be don’t click unless you’re expecting it.
Everyone in the world should just use Gmail then. Duh!
Cheers
L. Page & S.Brin
How does this work if you use POP (or IMAP) to get your messages from Gmail using, say, Thunderbird? If I get a link, I imagine I'll either ignore confidential mode messages or send a reply asking the sender to not be a dick and try again.
It must have been something you assimilated. . . .
So Google will send non-Gmail users (and presumably Gmail users using POP/IMAP) an email containing a link to the actual confidential email. But the first rule in *every* spam and anti-phishing training course -- which people are routinely required to take at work (I know I was) -- is: Don't click on links in email messages. Nice going Google.
It must have been something you assimilated. . . .
Also why is Google trying to re-invent PGP and S/MIME, badly ?
These already work nicely for confidential information :
only the person holding a private key for which a message was encrypted can every see the actual message.
If an encrypted message ends up in the wrong hands, that mistaken destinary will NOT be able to open it anyway due not missing the private key.
The only difference is that a *decrypted* message could be copied-and-pasted from and a user could end up repackaging the information in another (non encrypted) message.
Whereas here, GMail's confidential mode pretends to do something to prevent copy-paste and printing... and in practice is completely failing at it just as suggested.
You cannot trust somebody else's computer to do what you want to do. No matter how much clever javascript you put into your stupid stuff, at best you're still vulnerable to good old "analog hole" (i.e.: take a picture with a camera as suggested), at worse the target browser can be told to ignore any anti-printing hooks (e.g.: just hold "shift" while right-clicking, you'll get the default browser alt menu, no mater what the javascript tries to overload).
The only thing that you can trust is that, thanks to correctly executed cryptography, your message reaches its intended destination without any unwanted 3rd party able to peer along the way. Once the intended person has de-crypted it, you cannot control anything.
PGP (such as GPG, EnigMail Thunderbid plugin, Mailvelope browser plugin, etc.) and S/MIME have solved this a long time ago (with difference in the way trust is handled)
No need for google to invent a poorer solution... Oh yes, I get it. Current working solution happen to *also* prevent Google from peering into your e-mail, so they cannot contextualize and get less efficient at selling your eyeballs to advertisers, and earn less money. That's why they need a poorer solution than PGP and S/MIME.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]