Does Gmail's 'Confidential Mode' Go Far Enough? (engadget.com)

← Back to Stories (view on slashdot.org)

Does Gmail's 'Confidential Mode' Go Far Enough? (engadget.com)

Posted by BeauHD on Sunday August 19, 2018 @04:16AM from the pseudo-security dept.

Last month, Gmail's big redesign became default for everyone, changing up the aesthetic appearance of the email service and introducing several new features. One of the key features, Confidential Mode, lets you add an "expiration date" and passcode to emails either in the web interface or via SMS, but not everyone is so trusting of its ability to keep your private data secure. "Recipients of these confidential emails won't be able to copy, paste, download, print or forward the message, and attachments will be disabled," notes Engadget.

The Electronic Frontier Foundation (EFF) doesn't think this new mode is secure at all. It's not encrypted end-to-end, so Google could read your messages in transit, and the expiring messages do not disappear from your Sent mail, which means they are retrievable. What's more is that if you use an SMS passcode, you might need to give Google your recipient's phone number. Because of these reasons, Slashdot reader shanen doesn't believe the new feature goes far enough to secure your data. They write: [M]y initial reaction is that I now need a new feature for Gmail. I want an option to reject incoming email from any person who wants to use confidential mode to communicate with me. Whatever conspiracy you are trying to hide, I'm not interested. So can anyone convince me you have a legitimate need for confidential mode? The main features I still want are completely different. Easiest one to describe would be future delivery of email, preferably combined with a tickler system.

160 comments

Min score:

Reason:

Sort:

How does gmail's new "confidential mode" by Hallux-F-Sinister · 2018-08-19 04:21 · Score: 5, Insightful

How does it stop someone from taking a photo of your displayed e-mail with another device? Even if it somehow stops me taking a screenshot, there's no way from keeping me from taking a shot of the screen.
Sounds like privacy-theater to me.

--
Our reign has gone on long enough. Indeed. Summon the meteors.
1. Re:How does gmail's new "confidential mode" by 110010001000 · 2018-08-19 04:26 · Score: 5, Informative
  
  It doesn't. Completely stupid idea. Google is full of stupid ideas, but they have a lot of employees so they need to keep looking like they are busy doing stuff.
2. Re:How does gmail's new "confidential mode" by fyngyrz · 2018-08-19 04:28 · Score: 1
  
  yeah, this. I posted essentially the same thing. Your post wasn't here when I started typing - but I admit to drinking coffee and didn't get it written very fast. :)
  
  --
  I've fallen off your lawn, and I can't get up.
3. Re:How does gmail's new "confidential mode" by CanadianMacFan · 2018-08-19 04:35 · Score: 1
  
  As long as you don't use Google email you do can do anything you want to the message including copying, pasting, forwarding, and pasting.
4. Re:How does gmail's new "confidential mode" by novakyu · 2018-08-19 04:44 · Score: 1
  
  What it does is raise the stakes. It forces the sender to make "screenshot is photoshopped" accusation.
  But then, unless the message is CC'd to multiple people at the time of sending, it's not like there wasn't "email is forged" accusation available already, anyway. (While faking full headers might take more effort, unless the adjudicator has access to the mail servers—highly doubtful—they can't be verified against a third-party record anyway.)
5. Re:How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 04:51 · Score: 0
  
  They also have a lot of users.
  Anyone remember the whole gmail invite rigmarole? I was totally uncool because nobody gave me any nor did I even have friends whom I could ask. But I don't mind. My email runs under my own control, and seeing this, I certainly don't regret that.
  Perhaps I should block gmail. Just like I really should block any microsoft domain (hotmail, outlook, ...) and even any email coming from exchange servers. And I probably could get away with it too. Being uncool does have its upsides.
6. Re:How does gmail's new "confidential mode" by geekmux · 2018-08-19 04:53 · Score: 2, Insightful
  
  How does it stop someone from taking a photo of your displayed e-mail with another device? Even if it somehow stops me taking a screenshot, there's no way from keeping me from taking a shot of the screen...
  Uh, I hate to point out the obvious here, but there's not a single end-to-end encryption solution in the world that would prevent this, so it's rather difficult to classify this as mere "theater" without slapping that label on every other form of email encryption.
7. Re:How does gmail's new "confidential mode" by 110010001000 · 2018-08-19 04:55 · Score: 1
  
  I know. I use gmail myself. I actually like it, but I wouldn't use it for confidential stuff because Google reads it all.
8. Re:How does gmail's new "confidential mode" by PopeRatzo · 2018-08-19 04:57 · Score: 1
  
  It doesn't. Completely stupid idea. Google is full of stupid ideas, but they have a lot of employees so they need to keep looking like they are busy doing stuff.
  That's why Google is a failing company with terrible ratings! Witch hunt!
  
  --
  You are welcome on my lawn.
9. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 04:58 · Score: 0
  
  Then live stream it to twitch. You could name yourself something stupid like Strong Bad...checka checka eeee maaaaaail.
10. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 05:04 · Score: 1
  
  Wrong. Other forms of encryption only offer to keep you email private in transit from you to the recipient. I'm not aware of any others that suggest they can make the email disappear from existence.
11. Re:How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 05:10 · Score: 0
  
  Tin-foil hat says it's a way for users to explicitly "tag" that which they don't want shared, feeding some kind of dirty-little-secrets honeypot.
12. Re:How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 05:23 · Score: 1
  
  google isn't the only one that reads it all.
13. Re:How does gmail's new "confidential mode" by gweihir · 2018-08-19 05:26 · Score: 2
  
  Indeed. The idea of a message that destroys itself is ages old. It cannot be implemented securely though. I have gone so far as making physical screenshots with a digital camera to get around it on a device not under my control. (It was a complicated error message, with no regular way to copy it.) This whole thing is a combination of a rather shameless marketing lie and the stupidity of the customer.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
14. Re:How does gmail's new "confidential mode" by gweihir · 2018-08-19 05:28 · Score: 1
  
  That as well. But even if you use Gmail, you can do the same with a bit more effort.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
15. Re:How does gmail's new "confidential mode" by gweihir · 2018-08-19 05:40 · Score: 5, Informative
  
  End-to-end email encryption is not "theater". Its security assurances do not include prevention of any use by the intended recipient though.
  So any claim to be able to control the intended recipient is a big fat lie ("theater"), but most people creating end-to-end email encryption do not make this claim in the first place.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
16. Re: How does gmail's new "confidential mode" by geekmux · 2018-08-19 05:53 · Score: 1
  
  Wrong. Other forms of encryption only offer to keep you email private in transit from you to the recipient. I'm not aware of any others that suggest they can make the email disappear from existence.
  I was referring to the specific vulnerability identified, which was taking pictures of a screen, which is irregardless of the purpose of the security (end-to-end or "confidential" mode).
  My point was it's difficult to label THAT as a weakness or "theater" in this solution because every service is vulnerable to it.
  And yes, Snapchat tends to advertise their "disappearing" act when it comes to private messages and videos, and yes, even they are vulnerable to this.
17. Re:How does gmail's new "confidential mode" by Blue+Stone · 2018-08-19 05:59 · Score: 1
  
  Confidential mode is not about securing the email from third party eyes, as with encryption, but securing it's content's usage from the indended recipient's control, as such comparing it's benefits and shortcomings to encryption is erroneous and irrelevant.
  
  --
  Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
18. Re:How does gmail's new "confidential mode" by omnichad · 2018-08-19 06:03 · Score: 1
  
  So it doesn't send you to a secure portal if you're not a gmail user? That would be an immediate failure right there. Email contains only a link and instructions but Gmail client interprets and displays it would be so much smarter.
19. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 06:04 · Score: 0
  
  You're being stupid lol. Google is the one claiming it's possible, and it IS theater obviously because there's no real way to stop people from capturing something sent to them. To compare it to general end/end encryption is just obtuse.
  End/End encryption works as advertised for its role, is not theater. You can admit you misspoke or made a dumb comparison or you can't admit it. I don't care, it's dumb either way, but you have an opportunity for self-correction...
20. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 06:06 · Score: 0
  
  Click...view source...so much effort.
21. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 06:09 · Score: 0
  
  Every other service doesn't claim to not be protecting against it.
  That's why this service, which explicitly has the selling point of "recipients won't be able to read the shit you send them" is security theater.
  Here's an idea: don't send people you don't trust important data.
  Problem solved.
22. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 06:10 · Score: 0
  
  If you don't want me to read something, at any time at all, do not send it to me.
  If I read it and it was important it got recorded. Fuck your software, I can capture any data on my computer.
23. Re:How does gmail's new "confidential mode" by geekmux · 2018-08-19 06:16 · Score: 1
  
  Confidential mode is not about securing the email from third party eyes, as with encryption, but securing it's content's usage from the indended recipient's control, as such comparing it's benefits and shortcomings to encryption is erroneous and irrelevant.
  As is identifying taking pictures of a screen with another device, which was my entire point.
  That specific vulnerability exists in every security solution today, so it's pointless to label it as a weakness here. Even Google trying to prevent forwarding or printing of content is defeated by this rather simple tactic, just as Macrovision, DVD/Blu-Ray encryption, and many other types of security measures designed to prevent dissemination have been defeated in the past by recording the playback with a different device.
24. Re:How does gmail's new "confidential mode" by geekmux · 2018-08-19 06:26 · Score: 1
  
  End-to-end email encryption is not "theater". Its security assurances do not include prevention of any use by the intended recipient though. So any claim to be able to control the intended recipient is a big fat lie ("theater"), but most people creating end-to-end email encryption do not make this claim in the first place.
  Allow me to clarify. The vulnerability identified (taking pictures or recording video of the screen from another device) is a weakness that exists in every security solution today, so it becomes rather pointless to identify it as a weakness in this solution.
  Yes, Googles implementation is half-assed shit for multiple reasons, but if you were to exclusively count screen capturing from another device (which the parent did), then every security solution is half-assed shit. That was my point here. It's pointless to label them guilty of this when no one is innocent.
25. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 06:29 · Score: 0
  
  Why do you think the service disables the ability to copy/paste when using this feature?
  It doesn't seem at all pointless to point out that google seems to be trying to implement a feature that we all agree is clearly impossible. Why are they doing this? To mislead their customers, I guess?
26. Re: How does gmail's new "confidential mode" by aticus.finch · 2018-08-19 06:30 · Score: 1
  
  Irregardless isn't a word. It's a blunder.
27. Re: How does gmail's new "confidential mode" by gweihir · 2018-08-19 06:34 · Score: 1
  
  Maybe I should have said a "tiny bit" more effort, but since I do not use gmail, I can not try it.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
28. Re:How does gmail's new "confidential mode" by gweihir · 2018-08-19 06:36 · Score: 2
  
  I disagree. _This_ solution claims to fix this problem, but it does not. So it is a vulnerability of this system and it needs to be identified here. Other solutions do not claim to fix this problem, so it is not a vulnerability there, but a known limitation instead.
  The problem is, in essence, Google lying to its customers about what its technology can do.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
29. Re: How does gmail's new "confidential mode" by geekmux · 2018-08-19 06:53 · Score: 1
  
  Why do you think the service disables the ability to copy/paste when using this feature?
  It doesn't seem at all pointless to point out that google seems to be trying to implement a feature that we all agree is clearly impossible. Why are they doing this? To mislead their customers, I guess?
  A deadbolt disables the ability to enter a secured space. 90% of consumer grade deadbolts are vulnerable to lock picking or bumping, and yet not a single manufacturer warns the consumer of this on the package. Why are they doing this? To mislead their customers, I guess?
  Truth in Advertising is probably the biggest lie we've ever been sold. At the end of the day Google doesn't care about the "we" here, because we represent the 1% who care about this. The other 99% of their customers don't care, mainly because real security requires actual effort beyond some default configuration, and consumers are obscenely lazy. I'm struggling to understand why Google even felt the need to implement this.
30. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 06:56 · Score: 0
  
  The idea of getting an email from someone you know â" perhaps even with a subject line from a previous conversation â" which says âoeclick this link to view this messageâ is rather comical from a security perspective.
31. Re:How does gmail's new "confidential mode" by AmiMoJo · 2018-08-19 06:59 · Score: 1
  
  It's not supposed to be secure. The help page even tells you that: https://support.google.com/mai...
  The idea is to signal to the recipient that they should not forward or print the message. They can circumvent that with some effort but so can you easily copy documents marked "top secret" and "confidential". This feature prevents casual, thoughtless copying.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
32. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 06:59 · Score: 0
  
  Yikes. That wasnâ(TM)t first post from an iPhone. Now I see firsthand slashdotâ(TM)s antiquated Unicode support.
  Also, we have software that intercepts attachments at my job that does something like I had described. Nobody ever clicks the link.
33. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 07:08 · Score: 0
  
  Your choice of words was fine, grandparent AC was just showing off what he learned last week.
34. Re:How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 07:17 · Score: 0
  
  No, as Google states
  "Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
35. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 08:11 · Score: 0
  
  which is irregardless of the purpose
  No, it's not, because irregardless isn't a word.
36. Re:How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 08:53 · Score: 0
  
  You're conflating two completely separate deficiencies with Gmail's "Confidential" service.
  End-to-end encryption prevents eavesdropping. Many systems do that. Gmail's apparently doesn't, though it certainly could. That is Problem #1.
  The screenshot / behavior that OP mentioned is about what the end user (for whom the message is decrypted at the endpoint) can do with the data. Gmail's service can only stop the most rudimentary forms of data preservation - and, you're right, no system in the world can stop screenshots and even screen photos. If the user can see it, the user can persist it.
  The point is that *systems should not promise what they cannot deliver*. Gmail's system suggests a form of protection that it does not and cannot offer. That is Problem #2.
37. Re:How does gmail's new "confidential mode" by CanadianMacFan · 2018-08-19 09:12 · Score: 1
  
  If I get an email that says I have to go to a secure portal to read the message then I'm deleting the email. It's way too easy for the spammers to copy, especially for initial messages. I also hate using webmail interfaces. That's why I choose to use a mail client application. There is a good solution for sending secure messages that works in many mail applications. No, it doesn't prevent me for copying, pasting, forwarding, or printing but if you want to put DRM on a message to me then don't send me the message. I'll do what I like with it.
  The only exception to the rule above is a service I signed up to from Canada Post. Some companies and cities only send their electronic bills to the Canada Post service instead of having their own infrastructure. The way I see it I'd have to log onto a site to get the bill so it doesn't matter which one, the company or Canada Post.
38. Re: How does gmail's new "confidential mode" by novakyu · 2018-08-19 09:24 · Score: 1
  
  Then it forces the sender to make "the video is edited" accusation. If you don't think a live-stream can't be edited or otherwise faked, you have not watched news broadcasts.
  I mean there's a reason PGP was invented. Once there is a properly signed message, it becomes much harder for the sender to deny that they sent the message (because at that point, the only out is "I am too stupid to keep my secret key secure").
39. Re:How does gmail's new "confidential mode" by omnichad · 2018-08-19 09:24 · Score: 1
  
  I'm only describing the type of system that a lot of medical providers use for HIPAA compliance. And it's set up this way specifically because it doesn't require you to set anything up in advance to be able to receive the message.
40. Re:How does gmail's new "confidential mode" by mysidia · 2018-08-19 11:40 · Score: 1
  
  They're trying to send DRM'ed E-mail. I absolutely despise this idea, because the most likely uses are (1) Extorting or bullying people, Or (2) Attempting to send messages regarding an illegal act and making sure the recipient doesn't keep evidence to use against the sender.
  Thus... I want a way to BLOCK confidential mode e-mail and ensure it gets rejected.
41. Re:How does gmail's new "confidential mode" by Hallux-F-Sinister · 2018-08-19 13:06 · Score: 1
  
  It doesn't. Completely stupid idea. Google is full of stupid ideas, but they have a lot of employees so they need to keep looking like they are busy doing stuff.
  That's why Google is a failing company with terrible ratings! Witch hunt!
  You forgot to mention that Gmail's new confidential mode is totally rigged, that it's sad, and also that someone should investigate whether or not Hillary Clinton has ever used Gmail. No confidentialusion!
  
  --
  Our reign has gone on long enough. Indeed. Summon the meteors.
42. Re:How does gmail's new "confidential mode" by worf_mo · 2018-08-19 18:32 · Score: 1
  
  How does it stop someone from taking a photo of your displayed e-mail with another device?
  Google seems to have missed the opportunity to make this system really secure: format the text of a confidential message like a damn captcha. Take as many pictures of the screen as you like, the whole thing is still unreadable.
43. Re:How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-19 20:54 · Score: 0
  
  Gmail is not confidential. Google reads all of it, that is well known. Unlike other email providers, who merely stick some ads in the web interface or perhaps sell you address to spammers. They are bad too, but you can at least have the expected confidentiality.
  An email provider should not read the content of mail - just as the post office is not supposed to snoop. Which is why I only use gmail for one thing - communication with Google itself. (Password resets, mostly.)
44. Re: How does gmail's new "confidential mode" by geekmux · 2018-08-20 00:29 · Score: 1
  
  You're being stupid lol. Google is the one claiming it's possible, and it IS theater obviously because there's no real way to stop people from capturing something sent to them. To compare it to general end/end encryption is just obtuse. End/End encryption works as advertised for its role, is not theater. You can admit you misspoke or made a dumb comparison or you can't admit it. I don't care, it's dumb either way, but you have an opportunity for self-correction...
  As someone else has already pointed out, this is actually what Google states on this:
  "Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
  Google is not stupid. The average Google user may be, but Google knew damn well they would get flak from this, hence the above discliaimer.
  And yes, every other type of similar service (end-to-end or anything like it) is vulnerable to this. Every one. It's rather stupid to label someone as guilty of this when no one is innocent.
45. Re: How does gmail's new "confidential mode" by geekmux · 2018-08-20 00:31 · Score: 1
  
  Every other service doesn't claim to not be protecting against it. That's why this service, which explicitly has the selling point of "recipients won't be able to read the shit you send them" is security theater. Here's an idea: don't send people you don't trust important data. Problem solved.
  Here's another idea. Actually read what Google says about this. You'll find they're really not claiming it either.
  ""Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
46. Re: How does gmail's new "confidential mode" by geekmux · 2018-08-20 00:35 · Score: 1
  
  Irregardless isn't a word. It's a blunder.
  Regardless of the blunder, my point still stands. Here is the fine print regarding this specific vulnerability, which tends to confirm they're not really claiming they can protect against this.
  "Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
47. Re:How does gmail's new "confidential mode" by geekmux · 2018-08-20 01:11 · Score: 1
  
  You're conflating two completely separate deficiencies with Gmail's "Confidential" service.
  End-to-end encryption prevents eavesdropping. Many systems do that. Gmail's apparently doesn't, though it certainly could. That is Problem #1.
  The screenshot / behavior that OP mentioned is about what the end user (for whom the message is decrypted at the endpoint) can do with the data. Gmail's service can only stop the most rudimentary forms of data preservation - and, you're right, no system in the world can stop screenshots and even screen photos. If the user can see it, the user can persist it.
  The point is that *systems should not promise what they cannot deliver*. Gmail's system suggests a form of protection that it does not and cannot offer. That is Problem #2.
  Problem #3: The fine print:
  "Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
  Even Google is not claiming they can protect against this. Google's end goal here is rudimentary, because that is really all it takes to be fairly effective for 99% of their customers. (It's also rudimentary because as you stated Problem #1 exists when it doesn't have to)
  As far as misleading consumers, deadbolts are advertised and sold as a device that prevents theft, and yet 90% of them can be defeated with lock picking or bump keys. Millions are sold every year, and yet there's not a single label on any package that warns the consumer of this vulnerability. This is also an example of rudimentary protection being good enough for the overwhelming majority of consumers. If you were to ask a person if a skilled locksmith could defeat their deadbolt they would say "yes, most likely". If you asked a consumer if a skilled hacker could defeat "Confidential" mode they would probably say the exact same thing. Between this reality and the fine print above, it's hard to label this as deception.
  Google also used the lowest form of data classification used by the US Government. If they advertised this as "Top Secret" mode, then it would probably come across as far more deceptive. "Confidential" tends to imply rudimentary or basic protections.
48. Re:How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-20 03:31 · Score: 0
  
  Problem #3: The fine print:
  "Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
  Even Google is not claiming they can protect against this. Google's end goal here is rudimentary, because that is really all it takes to be fairly effective for 99% of their customers. (It's also rudimentary because as you stated Problem #1 exists when it doesn't have to)
  As far as misleading consumers, deadbolts are advertised and sold as a device that prevents theft, and yet 90% of them can be defeated with lock picking or bump keys. Millions are sold every year, and yet there's not a single label on any package that warns the consumer of this vulnerability. This is also an example of rudimentary protection being good enough for the overwhelming majority of consumers. If you were to ask a person if a skilled locksmith could defeat their deadbolt they would say "yes, most likely". If you asked a consumer if a skilled hacker could defeat "Confidential" mode they would probably say the exact same thing. Between this reality and the fine print above, it's hard to label this as deception.
  Google also used the lowest form of data classification used by the US Government. If they advertised this as "Top Secret" mode, then it would probably come across as far more deceptive. "Confidential" tends to imply rudimentary or basic protections.
  Just because they are able to get away with using fine print to disclaim any and all responsibility, and just because the general public is too stupid/lazy to care about security and will just accept "good enough" rammed down their throats, that doesn't make Google's claims any less deceptive. You consider this acceptable, and THAT is the real "Problem #1".
49. Re: How does gmail's new "confidential mode" by aticus.finch · 2018-08-20 09:16 · Score: 1
  
  Irregardless isn't a word. It's a blunder.
  Regardless of the blunder, my point still stands. Here is the fine print regarding this specific vulnerability, which tends to confirm they're not really claiming they can protect against this.
  "Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
  I wasn't disputing your point, I was disputing your word selection. I agree wholeheartedly with your point, and wanted to ensure that your argument makes its way into the world with as few language errors as possible.
  I unreservedly apologise if it seemed contentious.
50. Re:How does gmail's new "confidential mode" by geekmux · 2018-08-20 17:34 · Score: 1
  
  Problem #3: The fine print:
  "Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
  Even Google is not claiming they can protect against this. Google's end goal here is rudimentary, because that is really all it takes to be fairly effective for 99% of their customers. (It's also rudimentary because as you stated Problem #1 exists when it doesn't have to)
  As far as misleading consumers, deadbolts are advertised and sold as a device that prevents theft, and yet 90% of them can be defeated with lock picking or bump keys. Millions are sold every year, and yet there's not a single label on any package that warns the consumer of this vulnerability. This is also an example of rudimentary protection being good enough for the overwhelming majority of consumers. If you were to ask a person if a skilled locksmith could defeat their deadbolt they would say "yes, most likely". If you asked a consumer if a skilled hacker could defeat "Confidential" mode they would probably say the exact same thing. Between this reality and the fine print above, it's hard to label this as deception.
  Google also used the lowest form of data classification used by the US Government. If they advertised this as "Top Secret" mode, then it would probably come across as far more deceptive. "Confidential" tends to imply rudimentary or basic protections.
  Just because they are able to get away with using fine print to disclaim any and all responsibility, and just because the general public is too stupid/lazy to care about security and will just accept "good enough" rammed down their throats, that doesn't make Google's claims any less deceptive. You consider this acceptable, and THAT is the real "Problem #1".
  If you and every other consumer actually sat and read every line of every EULA you've ever been presented, you might have a point about deception. There's a reason every organization buries this kind of shit in the fine print. Again, it's hard to label someone guilty of this kind of "deception" when no one is innocent.
  Go ahead. Read the fine print. From anything. I can assure you that you will feel deceived in some way.
  And the real Problem #1 in society is the level of ignorance and stupidity among the lazy masses, which also defines the root cause.. If everyone was intelligent enough to question Googles claims here, Google would backtrack this crap faster than you could say "liar". As it stands, the 1% questioning their security tactics are nothing more than acceptable noise. We are irrelevant. The stupid masses are what is important to capitalism. No, that's not acceptable, but making our voices louder isn't going to solve this problem of mass ignorance.
51. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-20 21:06 · Score: 0
  
  Quite true. They have so many messaging apps because that's the way to get promoted.
52. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-20 21:08 · Score: 0
  
  Sounds like the coffee isn't helping bro
53. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-20 21:11 · Score: 0
  
  Their js is so convoluted. Plus you would have to emulate a browser ajax request and emulate a modern browsers JavaScript interpreter. Curl can't do that.
54. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-20 21:15 · Score: 0
  
  Then how do they ever get attachments?
  There already exists commercial solutions that do the Gmail incognito mode for exchange- where the message expires after viewing or so many days.
  It's time to go with the James bond self destructing messages. Or do like trump does and swallow them :-)
55. Re: How does gmail's new "confidential mode" by Anonymous Coward · 2018-08-20 21:54 · Score: 0
  
  Language is a living and breathing thing. Therefore irregardless is a word, now!
56. Re:How does gmail's new "confidential mode" by gweihir · 2018-08-21 03:31 · Score: 1
  
  They may state that, but how many people will read it? And Google will know that most people will not.
  This is an expert-feature. Offering it for ordinary folks is inviting them to get hurt.
  So technically, you are right. But in its actual effect you are not, since we have decided to allow non-experts to use computers.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
57. Re: How does gmail's new "confidential mode" by fyngyrz · 2018-08-23 06:38 · Score: 1
  
  It's mostly an indulgence. I'm old. :)
  
  --
  I've fallen off your lawn, and I can't get up.
Encryption is Key by careysub · 2018-08-19 04:26 · Score: 5, Insightful

Every other secure mail service or add-on of which I am aware, Lavabit, Protonmail, PGP add-ons, etc., regard encryption is the very foundation of private email.
Without that there really is no security that really matters.

--
Starships were meant to fly, Hands up and touch the sky - Nicky Minaj
1. Re:Encryption is Key by Darinbob · 2018-08-19 05:02 · Score: 1
  
  But you need end-to-end encryption. Which means your recipient must have a compatible encryption tool. End-to-ISP or end-to-server is not the same thing. Until Google controls every email user, having encryption only for gmail users is short sighted.
2. Re:Encryption is Key by gweihir · 2018-08-19 06:10 · Score: 1
  
  Sure. But encryption gives you some things and others is does not. In particular, there is no way using encryption to prevent the intended recipient from doing whatever they like with an email. Making that claim is just a shameless lie. What they can see and read, they can copy, store, print, forward, etc.
  What end-to-end encryption does give you is confidentiality against 3rd parties and authenticity of the sender and these are both critical to have.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
3. Re:Encryption is Key by gweihir · 2018-08-19 06:11 · Score: 1
  
  Google thinks they are the world...
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
4. Re:Encryption is Key by ls671 · 2018-08-21 02:46 · Score: 1
  
  What end-to-end encryption does give you is confidentiality against 3rd parties and authenticity of the sender and these are both critical to have.
  Sorry, to be more precise, encryption does NOT provide you with authenticity of the message at all. Signing your messages does and there is no requirement to encrypt for signing a message. I sign all my emails digitally and anybody can still read them. I sometimes encrypt also.
  Encryption is done with the public key of the recipient so it doesn't prove authenticity since anybody has access to the public key. Signing is done with the private key of the sender so it does prove authenticity.
  
  --
  Everything I write is lies, read between the lines.
Nonsense by fyngyrz · 2018-08-19 04:26 · Score: 3, Insightful

"Recipients of these confidential emails won't be able to copy, paste, download, print or forward the message, and attachments will be disabled," notes Engadget.

This is utterly ridiculous bullshit. As long as you can do a screen capture or simply photograph the screen, the recipient can create a record of the email. "Confidential emails" my ass.

--
I've fallen off your lawn, and I can't get up.
1. Re:Nonsense by Anonymous Coward · 2018-08-19 04:44 · Score: 0
  
  This sounds like a Rudy Giuliani idea. https://www.huffingtonpost.com/entry/rudy-giuliani-truth-isnt-truth_us_5b79754be4b018b93e94c9f8
2. Re:Nonsense by Anonymous Coward · 2018-08-19 06:09 · Score: 0
  
  Nothing greasemonkey won't fix probably.
3. Re:Nonsense by gweihir · 2018-08-19 06:12 · Score: 1
  
  In addition, you can make screenshots on OS level, and you may even be able to do a direct copy on browser-level, depending on the browser. Browsers are not able to secure things they display. They can just make copying minimally harder.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
4. Re:Nonsense by Anonymous Coward · 2018-08-19 07:35 · Score: 0
  
  Not only that, you don't NEED a browser to use GMail. You can have a dedicated mail reader access it, unless they completely disable IMAP and POP access.
  Let me stress (the secret word here) that once you've got it on your local reader's file, it's yours. 'Course, the kids at google probably never considered using anything other than a web browser.
5. Re:Nonsense by gweihir · 2018-08-19 08:44 · Score: 1
  
  They allow IMAP and POP with this feature? That is even more stupid that I excepted from Google. With that, they cannot even prevent accidental copying and forwarding.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
6. Re:Nonsense by loonycyborg · 2018-08-19 21:52 · Score: 1
  
  They advertise it as purely means to prevent "accidental" copying, if you're determined to subvert expiration and copy it somewhere then not only you can do a screenshot but also use modified viewer that will net you original message in pristine form.
7. Re:Nonsense by Anonymous Coward · 2018-08-20 00:17 · Score: 0
  
  I wouldn't be surprised if this hooks into the black box DRM module Google provides for various browsers. So Gmail might be able to hijack your OS to prevent access to the "protected" buffer.
Hillary and her staff ... by Anonymous Coward · 2018-08-19 04:28 · Score: 3, Funny

Hillary and her staff wish they had that feature. And regarding the sent folder, last I checked you can delete emails in there. And of course wipe you local HD, smash you smartphone.
lol by Anonymous Coward · 2018-08-19 04:32 · Score: 1

>google
>confidential
right, and facebook values your privacy, too
Only prevents phone thiefs by Anonymous Coward · 2018-08-19 04:34 · Score: 1

The "confidential" mode only prevent someone who stole your unlocked phone from reading those particular messages.
The contents of your messages is available to Google and U.S. intelligence services for years, and the metrics collected from the messages will be stored and available forever.
This doesn't apply to just your gmail account, but every single account added to the GMail app, because that's how it's built, to collect information on you.
Don't think for second that you have private communication when you use Google's apps or services.
1. Re:Only prevents phone thiefs by jimbo · 2018-08-19 05:07 · Score: 1
  
  Indeed, this is for somebody trying to prevent their nosy spouse from discovering they are having an affair, nothing more.
2. Re:Only prevents phone thiefs by shanen · 2018-08-19 07:09 · Score: 2
  
  Interesting that the only comments that so far have struck me as substantive are from the senior citizens. I've been searching for any HINT of a good reason for this new feature. You [jimbo] mentioned another of the bad "reasons", but there are LOTS of them. I already addressed your focus more substantively in my longer comment above, but I'm just going to repeat my proposed solution here:
  If anyone EVER sends me a confidential-mode email, then the first thing I will do is take a picture of it. If the email is amusing enough, I will republish it in the most public and most embarrassing places I can find. Therefore, you should NEVER send me any confidential-mode email.
  If enough people take similar pledges, then this feature will die the dog's death it deserves. Which is what led me to the realization that the spammers' are going to be the most enthusiastic abusers of confidential mode. (No insult intended to dogs, nor am I suggesting that they deserve bad deaths. It's just an idiom (and I wish I could think of a stronger one).)
  
  --
  Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Who cares? by ArchieBunker · 2018-08-19 04:34 · Score: 1

How are you going to complain about a fee service? Don't use it if you have a problem with the features.

--
Only the State obtains its revenue by coercion. - Murray Rothbard
1. Re:Who cares? by Actually,+I+do+RTFA · 2018-08-19 04:50 · Score: 1
  
  Well, it's going to get my phone number into Google's hands, together with my email. That's going to let them link a lot more data to me.
  
  --
  Your ad here. Ask me how!
2. Re:Who cares? by Anonymous Coward · 2018-08-19 04:53 · Score: 0
  
  Archie you're a moron, go fuck yourself and stop complaining about a free comment on slashdot.
3. Re:Who cares? by Desler · 2018-08-19 05:57 · Score: 1
  
  How are you going to complain about a fee service?
  I'd do so by typing up a complaint about the service. Being free, or "fee" in this case, does not stop me in any way from doing so.
4. Re:Who cares? by shanen · 2018-08-19 07:21 · Score: 2
  
  If I ever got a mod point, I think I'd give you a funny for the typo. Or was it?
  The problem with this confidential-mode service is NOT that I will never use it. The problem is that OTHER people will use it so they can accuse me of being a liar. If you can think of any legitimate use of confidential-mode email, then I'd be interested in hearing it. I think there are justifications for secrecy, but all of the legitimate ones (that I know of) go back to prior secrecy and I haven't found any pretense of justification in google's blather (or here on Slashdot).
  The deeper topic barely touched by your comment, assuming that you meant "free", not "fee", is the network effect. The value of Gmail to the google is due to the number of users, which is why Gmail is "free" in a TANSTAAFL sense. However this confidential mode is such a bad feature that it really creates an opportunity for one of the other major players to attack the google by adding an anti-feature to their free email system.
  If anyone knows an email system that has an option to REJECT all confidential-mode email, then please let me know about it. I would seriously consider moving my primary email off of Gmail to one of the lesser cancers such as Outlook or Apple. Will no one rid me of this meddlesome gmail?
  
  --
  Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
5. Re:Who cares? by Anonymous Coward · 2018-08-19 13:53 · Score: 0
  
  It is super cheap now to buy your own domain and have a company host your email. That's what I do, anyways.
6. Re:Who cares? by Anonymous Coward · 2018-08-19 13:56 · Score: 0
  
  If anyone knows an email system that has an option to REJECT all confidential-mode email, then please let me know about it.
  Simple. Get your MTA to reject emails which have the X-Gm-Locker custom header, which was added to the test confidential email I sent from my Gmail spam account to my real personal mailbox but not to a normal email.
  The confidential email did exactly what you'd expect - it contained a link to Google's service to display the message. It's even in a form that would work as a screenshot for public shaming.
  Gotta laugh when Slashdot's captcha for posting is so relevant - "trusty" (trusty like my ass).
Private server by ravenspear · 2018-08-19 04:35 · Score: 2

There are real tangible benefits to running a private email server if you are looking for more privacy for your email.
That is, unless you are in a government job.
1. Re:Private server by geekmux · 2018-08-19 04:57 · Score: 2
  
  There are real tangible benefits to running a private email server if you are looking for more privacy for your email.
  Very true, but today's generation gets really offended when you ask them to pay for services like email and social media. It's against their religion or something.
  
  That is, unless you are in a government job.
  I dunno about that. Seems to have worked out just fine for Hillary Clinton. Got away with doing exactly that for years.
2. Re:Private server by kqs · 2018-08-19 05:04 · Score: 1
  
  There are real tangible benefits to running a private email server if you are looking for more privacy for your email.
  Depends on who you want privacy from. Running a secure mail service is very very hard, and almost everyone who claims that they can do it are terribly wrong. I say this as someone who ran private mail servers for decades.
3. Re:Private server by gweihir · 2018-08-19 06:14 · Score: 1
  
  I have been doing that forever. Also prevents creeps from reading my email (well, on my side at least) and putting ads in it.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
4. Re:Private server by Anonymous Coward · 2018-08-19 13:59 · Score: 0
  
  I am of an older generation and pay for GSuite services. I used to run my own private email server when BlackBerry (Research In Motion) used to offer BlackBerry Enterprise Server Express and BlackBerry Internet Service was available from wireless carriers.
Exactly by Artem+S.+Tashkinov · 2018-08-19 04:38 · Score: 4, Insightful

If something can be read with the bare human eyes, it can be copied, pasted, downloaded, printed and forwarded because it can be as easily captured by any digital camera, OCR'ed and reused any way you want. From the look of it Google's implementation and wording are clearly a sham or meant for hillbillies.
Protonmail fares much better in this regard (real encryption and self-destruction beyond the expiration date) and they don't claim your recipient will not able to download or copy your message.
1. Re:Exactly by gweihir · 2018-08-19 06:16 · Score: 2
  
  Self-destructing email is not implementable, unless you have full control over the receiver. Yes, that means they get searched for cameras before they are allowed to read email. But the idea is pervasive in bad spy movies and hence lots of stupid people keep asking for it. That is likely why Google implemented this fake security measure.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I also reject encrypted email by Bruce+Perens · 2018-08-19 04:39 · Score: 1

Every time I've received an encrypted email, I have regretted reading it. In general, the person who was really paranoid about people reading his email was really paranoid in general. So, years ago I made it my personal policy to reject them.

--
Bruce Perens.
1. Re:I also reject encrypted email by 110010001000 · 2018-08-19 04:47 · Score: 5, Funny
  
  No wonder you haven't been replying to my messages regarding the Moon "landings".
2. Re:I also reject encrypted email by novakyu · 2018-08-19 04:52 · Score: 1
  
  Why do you even have a public key posted on a key server, then?
3. Re:I also reject encrypted email by Actually,+I+do+RTFA · 2018-08-19 04:53 · Score: 1
  
  Don't you do a lot of advocacy work that requires coordinating with lawyers? Aren't lawyers using encrypted emails?
  
  --
  Your ad here. Ask me how!
4. Re:I also reject encrypted email by Anonymous Coward · 2018-08-19 05:03 · Score: 0
  
  It's ok, you don't have to post these stupid things anymore. They're no longer watching you and your communications, and in any case nobody listens to you for advice on privacy, security, and how to use the internet.
5. Re:I also reject encrypted email by Mashiki · 2018-08-19 05:12 · Score: 2
  
  Aren't lawyers using encrypted emails?
  Generally no. And I wish I was even kidding about that, in most cases unless it can be all wrapped into one nice little ball most don't want anything to do with it and still prefer dead-drops for anything important.
  
  --
  Om, nomnomnom...
6. Re: I also reject encrypted email by Anonymous Coward · 2018-08-19 05:16 · Score: 0
  
  Public keys are not just useful for encrypting an email. They are also useful for authenticating if the sender really sent the email. Being the sort of semi-well-known figure he is, he's probably attracted a number of trolls who try to impersonate him, but without the digital signature that's a lot more difficult to pull off convincingly.
7. Re:I also reject encrypted email by CronoCloud · 2018-08-19 05:19 · Score: 1
  
  -----BEGIN PGP MESSAGE-----
  owE7HZzEEF25rNJZPTc/T8GpqDQ5VUchL79EIbUstahSIb0gXaG0OLVIIbNYoSCx
  KDEvPzNFT0EhPDGzREchJV+hMr9UISM1sQhI5GQm5xeUpBYV23MBAA==
  =11ux
  -----END PGP MESSAGE-----
8. Re:I also reject encrypted email by CronoCloud · 2018-08-19 05:22 · Score: 1
  
  More seriously, I guess that explains why your gpg keys are all revoked:
  gpg --list-keys perens
  pub 1024R/2C1FBBB2 2014-06-16 [revoked: 2016-08-16]
  uid Bruce Perens
  pub 1024R/F6599E8D 2014-06-16 [revoked: 2016-08-16]
  uid Bruce Perens
  But not all gpg users are paranoid and into conspiracy theories and whatnot.
9. Re:I also reject encrypted email by Actually,+I+do+RTFA · 2018-08-19 05:35 · Score: 1
  
  So it's a simplicity of GUI issue? Or it's a key management issue? I'm just curious what the exact pain points are, and why they aren't solved yet./p.
  
  --
  Your ad here. Ask me how!
10. Re:I also reject encrypted email by Anonymous Coward · 2018-08-19 06:04 · Score: 1
  
  Why don't they?
  Strong end to end encryption has been available for close to 25 years now as a canned package. It seems like dealing with confidential material would make use of strong encryption the best practice.
11. Re:I also reject encrypted email by gweihir · 2018-08-19 06:17 · Score: 1
  
  It seems some people have more sane friends than you. I never had that problem. Of course, I am not a public figure in any way, and that helps.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
12. Re: I also reject encrypted email by Bruce+Perens · 2018-08-19 07:40 · Score: 1
  
  None of the encrypted emails have come from friends. I have a high profile and sometimes nutcases think I'll be interested.
  
  --
  Bruce Perens.
13. Re:I also reject encrypted email by shanen · 2018-08-19 07:41 · Score: 1
  
  WOW. Are you the famous person with that name? Surprised to discover that I haven't read any of your books, but I'll check the local libraries now... (Too bad. Only one, and not in English.) (But I'm sure I've read some of your articles or stuff on the Web.)
  Mostly reacting in surprise that you reject encrypted email, even though that is what I'm advocating (at least as a user option) for confidential-mode email. I actually think that people who want to send confidential-mode (or encrypted) email should be free to do so, but they should be subject to bounce messages from people who freely choose not to receive such messages.
  Underneath the surface issue is the deeper topic of self-discreditation. For example, I think that by choosing anonymity the ACs discredit themselves and I count it as one of the better features of Slashdot that I can so easily render most of them invisible. If an AC troll wants to get a life and a name for that life, then they can at least start with neutral reputation. I'm interpreting your view of encryption as similar, but based on paranoia as the reason to lower their reputation. (In solution terms, I still think EPR (Earned Public Reputation) would be the best general approach.)
  
  --
  Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
14. Re: I also reject encrypted email by Bruce+Perens · 2018-08-19 07:44 · Score: 2
  
  Lawyers do not generally like to put their communications in a discoverable medium. This is even though they are protected by the attorney-client privilege and the federal rules of civil procedure. Anything important will be in a phone call.
  
  --
  Bruce Perens.
15. Re: I also reject encrypted email by Bruce+Perens · 2018-08-19 08:14 · Score: 1
  
  There's a big difference between digital signature and encryption. Being a public figure, transparency is important. So in general I'd rather sign my name to what I do and publicize it, and putting a digital signature to that wouldn't be bad. It's not the technology of encryption that I object to, just that people who want to hide things are often involved with things that I'd like to stay far away from.
  
  --
  Bruce Perens.
16. Re:I also reject encrypted email by Anonymous Coward · 2018-08-19 08:33 · Score: 0
  
  Key management has not been solved (for the average user that can't even come up with a good password, and does everything via a web form...)
17. Re: I also reject encrypted email by gweihir · 2018-08-19 08:39 · Score: 1
  
  Well, yes. Blocking encrypted emails from _those_ people makes sense. It is not a very common use-case though.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
18. Re:I also reject encrypted email by Bruce+Perens · 2018-08-19 09:08 · Score: 1
  
  I haven't ever taken them seriously enough to do good key management. As hardware tokens become more popular and as they get good hardware (not the case so far) and fully disclosed source code, this problem will be solved for a lot of people.
  
  --
  Bruce Perens.
19. Re:I also reject encrypted email by Bruce+Perens · 2018-08-19 09:10 · Score: 1
  
  It's ok, you don't have to post these stupid things anymore. They're no longer watching you and your communications, and in any case nobody listens to you for advice on privacy, security, and how to use the internet.
  You forgot my protestations against cryptocurrency :-)
  
  --
  Bruce Perens.
20. Re:I also reject encrypted email by asackett · 2018-08-19 12:10 · Score: 1
  
  The law firms who are my clients don't encrypt anything except the occasional PDF. Instead, they add nonsensical boilerplate to their signatures.
  A few days ago I sent a message with some questions in it, and the response came as a scanned image of my message with the attorney's hand-written notes scribbled onto it, embedded in a PDF. On the upside, the nonsensical boilerplate was absent. :-)
  
  --
  Warning: This signature may offend some viewers.
21. Re: I also reject encrypted email by aberglas · 2018-08-19 12:39 · Score: 1
  
  The phone calls are all recorded, and voice recognition technology makes them just as searchable as text. Better to have a face to face meeting. In a bunker.
22. Re:I also reject encrypted email by Anonymous Coward · 2018-08-19 13:59 · Score: 0
  
  Many have their emails print out like a fax. Then they'll scan to email the reply.
23. Re: I also reject encrypted email by Bruce+Perens · 2018-08-19 16:34 · Score: 2
  
  Discoverable in court is not the same as discoverable by NSA. In general, they just don't want their conversations to be admitted as evidence in a civil case.
  
  --
  Bruce Perens.
24. Re:I also reject encrypted email by Mashiki · 2018-08-19 22:59 · Score: 1
  
  The AC hit every single point. Hell the company I work for, there was a serious problems with upper level management and executives refusing to do so because "it's too complex." It absolutely has to be to the point of being seemless and not seen for them to use it. Just think on the bit with passwords, it's easier to use a FOB or FOB+biometrics in many cases because these people will use phrases that are easy to crack, or simply write them down.
  One case I remember, and this was a government office for a largish city. The password for the entire payroll and property tax system, that only one person had access to was written on a sticky note and stuck to the cork board. Sometime earlier, someone had broken in and siphoned off not only the entire staffs payroll info, but had also gotten all the tax information for every person in the city.
  
  --
  Om, nomnomnom...
25. Re:I also reject encrypted email by Anonymous Coward · 2018-08-20 02:28 · Score: 0
  
  One case I remember, and this was a government office for a largish city. The password for the entire payroll and property tax system, that only one person had access to was written on a sticky note and stuck to the cork board. Sometime earlier, someone had broken in and siphoned off not only the entire staffs payroll info, but had also gotten all the tax information for every person in the city.
  I know this doesn't matter for your larger point, but in my city (in the US) the property tax records are in a public, searchable database.
How about a screenshot? by devslash0 · 2018-08-19 04:47 · Score: 1

Eh?
1. Re:How about a screenshot? by kqs · 2018-08-19 05:08 · Score: 1
  
  Please describe a secure email system which will not be defeated by a screenshot or camera.
2. Re:How about a screenshot? by gweihir · 2018-08-19 06:23 · Score: 1
  
  Very simple: It includes a big nasty person standing right next to you when you read email. This person also does a strip-search before you are allowed anywhere near your email and takes away all your devices. Unfortunately, this is not fully secure either. Somebody with the right kind of memory could just memorize the email and type it in again later. So that big, nasty person needs to hit you on the head periodically to clear your memory.
  Beyond that, nobody has ever come up with anything that works. Cryptography can certainly not do it.
  We had to explain this to a customer some years back when they though they could make digital information on a screen copy-proof.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Pay attention Republican talking point children : by Anonymous Coward · 2018-08-19 05:02 · Score: 0

Actually? The reason she "got away with it" (wasn't prosecuted) was because hundreds and in fact thousands of other similarly positioned officials also did, including Jeb Bush, Colin Powell, and...
https://www.nytimes.com/2017/09/25/us/politics/private-email-trump-kushner-bannon.html
Wow, geekmux is a fucking moron apparently. by Anonymous Coward · 2018-08-19 05:09 · Score: 0

Geekmux doesn't understand the difference between this and general IP encryption? Wow.
1. Re:Wow, geekmux is a fucking moron apparently. by geekmux · 2018-08-19 05:44 · Score: 1
  
  Geekmux doesn't understand the difference between this and general IP encryption? Wow.
  
  ", there's no way from keeping me from taking a shot of the screen..."
  I was talking about the specific vulnerability identified.
  Read and comprehend next time, moron.
2. Re:Wow, geekmux is a fucking moron apparently. by LordKronos · 2018-08-19 06:45 · Score: 1
  
  Before calling people morons and telling them to read and comprehend, you might first try to read and comprehend what you are writing. Your exact words were
  
  it's rather difficult to classify this as mere "theater" without slapping that label on every other form of email encryption.
  If you meant to say "every other form of self destructing email" or something along those lines, then you are absolutely correct. Every single service that offers a self destructing email is also theater. However, that is NOT the words you chose to use. The words you chose made it appear you couldn't comprehend the difference between ordinary encryption (which is a valid feature which generally performs as advertised) and this stupid self-destructing email.
3. Re:Wow, geekmux is a fucking moron apparently. by geekmux · 2018-08-20 00:42 · Score: 1
  
  Before calling people morons and telling them to read and comprehend, you might first try to read and comprehend what you are writing. Your exact words were
  
  it's rather difficult to classify this as mere "theater" without slapping that label on every other form of email encryption.
  If you meant to say "every other form of self destructing email" or something along those lines, then you are absolutely correct. Every single service that offers a self destructing email is also theater. However, that is NOT the words you chose to use. The words you chose made it appear you couldn't comprehend the difference between ordinary encryption (which is a valid feature which generally performs as advertised) and this stupid self-destructing email.
  First of all, here is actually what Google claims on this specific vulnerability, confirming they're not really claiming to protect against it either:
  "Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
  As far as the verbiage, I should have obviously clarified further to avoid the nitpicking. In reality, it doesn't really matter what service we're talking about. Macrovision, CSS, end-to-end encryption (PGP, etc.), self-destructing solutions (Snapchat, Gmail, etc.), they are ALL vulnerable to screen captures from another device.
  My point stands. It's rather silly to try and call someone guilty when no one is innocent.
4. Re:Wow, geekmux is a fucking moron apparently. by Anonymous Coward · 2018-08-20 03:17 · Score: 0
  
  Read and comprehend next time, moron.
  Says the fool who uses the non-word "irregardless".
Don't use email for confidential comunication. by aglider · 2018-08-19 05:35 · Score: 1

Is it that hard to conceive?
Any electronic communication is intrinsically unsuitable.
On either end there needs to be a moment when the information is plain text readable, thus copyable, thus insecure.
If I can gain control of your end device, I can read it.
Even DHT (and similar) are unsuitable for the same reasons. Maybe you get "in transit" confidentiality. But just that.
You'd better meet your correspondent in a crowded and noisy place, change position frequently and talk by whispers while covering your mouth. And maybe you'll get private communication.

--
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
1. Re:Don't use email for confidential comunication. by Anonymous Coward · 2018-08-19 07:15 · Score: 0
  
  Any electronic communication is intrinsically unsuitable.
  s/electronic/written/
  The intent is not to be foolproof, but to be better (and specifically more explicit) than "ordinary" email. Copying, archiving, forwarding, etc. this message requires explicit circumvention and can't be done accidentally or even under the guise "I didn't know."
2. Re:Don't use email for confidential comunication. by Anonymous Coward · 2018-08-19 09:40 · Score: 0
  
  You'd better meet your correspondent in a crowded and noisy place, change position frequently and talk by whispers while covering your mouth. And maybe you'll get private communication.
  I always use the Cone of Silence (https://en.wikipedia.org/wiki/Cone_of_Silence_(Get_Smart)).
I can't take anyone serious, who uses web mail. by Anonymous Coward · 2018-08-19 05:44 · Score: 0

It's like retrograding from proper OS-integrated IMAPS to ... AOL mail.
Only people who can't tell their browser from the OS, act like that.
(Then again, neither can Google and Mozilla. And Microsoft insisted in front of court, that it was the same thing. So how is the average retard out there supposed to know better?)
Re:Pay attention Republican talking point children by geekmux · 2018-08-19 06:03 · Score: 2

Actually? The reason she "got away with it" (wasn't prosecuted) was because hundreds and in fact thousands of other similarly positioned officials also did, including Jeb Bush, Colin Powell, and... https://www.nytimes.com/2017/0...
Rules for using a personal email server are well-established, as are the rules for sending classified data.
She got away with it because she destroyed evidence of the latter, which should have been plenty to prosecute.
Also, let's be realistic. She got away with it because Bill "Tarmac" Clinton stepped in.
Why are you sending confidential data? by Anonymous Coward · 2018-08-19 06:03 · Score: 1

If you don't trust the recipient, don't send them the data in the first place.
I really don't understand the use case of this retarded thing.
E-Mails are almost by definition ... by Qbertino · 2018-08-19 06:09 · Score: 1

... anything other than confidential.
Wether Googles "confidentiality mode" is sufficient or not is to a larger extent probably a very silly question to ask, IMHO.

--
We suffer more in our imagination than in reality. - Seneca
Stupid insecure security... by Anonymous Coward · 2018-08-19 06:34 · Score: 1

Ahhh i see google is getting ready for the next crop of democrat politicians!
You think you got a secret? by shanen · 2018-08-19 06:56 · Score: 1

Mostly wishing I had a mod point to give you [gweihir], but largely for your signature. So far most of the comments seem to be completely missing the point, make that ANY point, of the topic, but at least the confusion about email security is a real concern. I'm not sure I should confess to being the source of the quote at the top... That would make me largely liable for the misdirection of the discussion?
Let me try to clarify the distinction here. Private communication is fine. I don't think you can convince me that the entire world is entitled to know every communication between everyone (though that seems to be where email and smartphones are leading us because of legalized governmental intrusions). To secure those private communications, encryption is quite reasonable as one of the solutions.
This "confidential mode" thing is going farther. It is an attempt (which is already doomed to failure) to allow people to impose (fake) privacy on OTHER people. So far I am unable to imagine a legitimate purpose for this tool. The main goal is to support lies. "I never said that and the email that proves I said it no longer exists." That just led me to realize that spammers will probably be the most enthusiastic users of this mis-feature.
There is an obvious solution: I pledge to take an immediate screen shot of any confidential-mode email that I receive. If it's interesting enough, then I promise to publish that image in the most embarrassing and most public places I can find. If many people adopt similar pledges, then no one should EVER send me any confidential-mode email. Maybe it isn't too late to abort this sickness?
My initial reaction was I don't want it and I do not even want to receive it. I'm still reading this discussion to see if anyone can defend this feature. Hain't seen nothing yet.
I really think this is a big opportunity for one of the less evil players. If they offer me an email system where I can automatically reject all confidential-mode email, that might be a strong enough inducement to get me to abandon Gmail.
Now the larger question is about the dynamics of evil that have driven the google to ram this feature down our throats, but I'm going to reduce that part to "The google has become a corporate cancer dedicated to the worship of the false gawd profit." Your mileage may vary.

--
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
DRM subchannel by Dr.+Evil · 2018-08-19 07:05 · Score: 1

Your Google(TM) DRM compatible phone-camera would have a "do not record" subchannel which picks up a high frequency signal indicating that it should not record the scene.
The subchannel is inserted by the hardware similar to HDCP. Only signed, compliant software with a guarantee from the hardware would be able to read and render the content.
Well, that's the future anyway. Where nobody has analog cameras, and dedicated digital cameras are barely a thing anymore.
Pop3/imap? by Anonymous Coward · 2018-08-19 07:07 · Score: 0

This is a good step in the right direction, but I wouldn't trust it 100%, it only prevents casual users from saving the message. The only real issue afaict, does it prevent the other person from downloading it via pop3/imap
Will no one rid me of the meddlesome gmail? by shanen · 2018-08-19 07:28 · Score: 1

You again? I think I've already addressed some of your points in the longer reply above, but here I want to rehash the problem with the private email thing...
Most people do not want to spend the time required to setup and maintain their own email server. It's actually a different kind of network effect. I've already addressed (though it was in a reply not addressed to you) the network effect of more users, which is why Gmail seems valuable to the google in the first place. However the private email server is a kind of dual of the small network effect having high overhead.
And unless you configure your private email server to reject all confidential-mode email (or unless you take my pledge), then you're still vulnerable to what I perceive as the main threat of this sick and unwanted confidential-mode feature. Strangers can use it to try to ram their secrets down your throat.

--
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
1. Re:Will no one rid me of the meddlesome gmail? by gweihir · 2018-08-19 08:42 · Score: 1
  
  You again? I still have no clue what you are talking about, so I will ignore you now.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Missing feature! by e432776 · 2018-08-19 07:38 · Score: 1

Thanks for all the neat new features, Google! but you missed one: How do I keep my email confidential from you? The only solution I see is to not use your service.

Thanks again!
Proving the negation? by shanen · 2018-08-19 08:05 · Score: 2

As one of one of the instigators of this discussion, I'm kind of disappointed... So let me try to summarize.
There seems to be an extremely strong consensus that confidential mode is a bad idea badly implemented. I would go farther and count it as more evidence of the increasing badness and evil of the google, but there wasn't much discussion along such lines and assigning the blame doesn't matter too much anyway. This is a bad feature that keeps rising from the grave like any good zombie.
I was unable to detect (in this discussion or anywhere else) any good reasons for this feature. Absence of evidence is not proof of absence, but if anyone does have a good reason for confidential mode email, then I hope you will share it. I'll continue searching the discussion (until it expires in a day or two), but obviously I'd be more likely to find your "good reason" if you reply to this comment...
My first suggested solution was a way to reject incoming confidential-mode email. Some people seem to agree that would be good, but no one (whose comments I found here on Slashdot) actually pointed at a way to do it or at a way to persuade the google to give us that option. I would also count it as a solution if someone knew of and told me about a full-featured email system with the option (and I even consider this feature bad enough to justify the large effort of leaving Gmail).
My second proposed solution is a sabotage pledge to subvert the intended confidentiality of any such email I do receive. Again, no local support, but now I wonder if it matters. I've realized that this feature may be doomed to disaster. Some people are going to take those obvious pictures of the confidential-mode email, and at some point the google is going to get dragged into a hefty lawsuit that may help the google realize the error of its ways. Kind of a shame that #PresidentTweety doesn't use Gmail, but I hope this feature persuades him to start. (Since the orange topic came up, I can't resist a link to this hilarious new music video and tribute to Aretha Franklin: https://www.youtube.com/watch?...)

--
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
1. Re:Proving the negation? by gweihir · 2018-08-19 08:56 · Score: 1
  
  This is a bad feature that keeps rising from the grave like any good zombie.
  Well, that is something I can agree to. I blame the self-destroying recorders in "Mission Impossible" and the like (they do not work either) for the broken idea that you can make any message be transmissible only over one hop. The reality is that this is against the very nature of data transmission and that any message, even analog, can be copied and passed onward with the right equipment.
  That Google offers this, even with (apparently) a claim in the documentation that this is only to prevent accidental copying or sharing (as email of this type can apparently be read using IMAP or POP, not even that is true), is a problem. It means Google much rather cons its customers into a false sense of security than being honest about what is possible and what is not.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
2. Re:Proving the negation? by _Sharp'r_ · 2018-08-19 13:26 · Score: 2
  
  One excellent use case for this feature is to make it much easier to classify the email you want to read from someone's mailbox using it instead of having to dig through all their email to find the juicy bits.
  So for Google Mail Administrators, for example, they can focus their reading time on people's confidential mode emails and ignore the rest, which is probably mostly spam anyway. See how useful that is?
  
  --
  The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
3. Re:Proving the negation? by Anonymous Coward · 2018-08-19 14:14 · Score: 0
  
  I mentioned this elsewhere, but:
  
  My first suggested solution was a way to reject incoming confidential-mode email. Some people seem to agree that would be good, but no one (whose comments I found here on Slashdot) actually pointed at a way to do it or at a way to persuade the google to give us that option. I would also count it as a solution if someone knew of and told me about a full-featured email system with the option (and I even consider this feature bad enough to justify the large effort of leaving Gmail).
  Configure your MTA, or convince your provider to do so - or at the very least configure some message processing rules on your client, to reject or remove (possibly with a delayed NDR) messages containing the X-Gm-Locker custom header - which appears to be added only to GMail messages marked confidential, and includes the ID of the message.
Pain Points Preventing Adoption of Encrypted Email by Anonymous Coward · 2018-08-19 08:40 · Score: 1

Easy to use GUI:
By easy I mean totally automatic. They literally want an algorithm capable of reading their minds and knowing which should be secure and which do not need it. Clicking the encrypt this button is "too difficult to remember". It will need to be all encrypted all the time and that's a usability/compatibility issue.
Key management:
I have to what? Ain't nobody got time for that. Fuck that shit!
Compatibility:
After a decade, there are still issues with iPhones/(Macs?) unable to read TNEF(win.dat) attachments from Outlook/Exchange/O365 FFS. All the different secure email systems/protocols are a fucking mess and NO ONE is interested in dealing with them. Right now dead drops(email bodies and attachments on a secure web server) seem to offer the greatest compatibility.
Nobody Gives A Fuck: Literally, nobody gives a flying fuck. At least not until they lose actual money from their account. To this day people, lawyers, real estate professionals, large corporations, including Ingram Micro, send and request social security numbers, bank account and credit card numbers via email. They don;t even password protect it in a Word or PDF document, they put it right there in the HTML/TEXT body for all the world to see/scrape and nobody gives a fuck.
So long as nobody cares about encrypted email, nobody will inconvenience themselves to send/read it.
I'm dreaming of a better email system, just... by shanen · 2018-08-19 09:31 · Score: 1

Actually in the case of public figures, I'm still advocating for "celebrity" email. I think of it as a kind of mailbot for the dual of the spammer problem. Spam is a horde of fake senders with fake messages, whereas a public figure may face a horde of real people with real messages.
As it might work in your case, the incoming email would be parsed searching for obvious topics and even the sender's sentiments about those topics. That analysis would be bounced back to the sender as a webform for confirmation of the analysis (and to foil the spammers). What happens next should mostly be under the control of the public figure. For example, one option would be to focus on collecting summary statistics, while another public figure might want to make it easy to escalate the email to human attention. Obvious topics might be routed to FAQs or even Wikipedia.
I think it would be especially interesting to allow options for website publishing of the email. The idea would be to encourage people to share their email with each other based on their shared interest in the public figure and the topic of their email. Essentially leverage their relatively abundant time against each other to conserve the limited time of the public figure... It would also be natural to focus on escalating active discussions to the attention of the public figure.
However these are NOT the features you are looking for (in Gmail). And no one even asked about the tickler feature...

--
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Phishing and Countermeasures by shanen · 2018-08-19 09:38 · Score: 1

By the way, I'm just finishing the book Phishing and Countermeasures by Jakobsson and Myers. About 30 pages left out of 700, and largely concerned with email and the security thereof. And pretty much obsolete before the ink dried, but I needed some light summer reading. Why mention it? Partly for the cred claim, but upon reflection I think it's mostly to ask for a more up-to-date reference... I think you're still at the leading edge of these things, so...
How do you keep up?

--
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Simple by Anonymous Coward · 2018-08-19 09:43 · Score: 0

If it doesn't protect you from Google themselves, then no, no it does not.
O RLY? by Anonymous Coward · 2018-08-19 09:45 · Score: 0

Since when did CenturyLink change it's name to Google?
Irony by asackett · 2018-08-19 12:03 · Score: 1

This could only be more ironic if it were Yayhoo doing it.

--
Warning: This signature may offend some viewers.
So basically it doesn't go far enough by cloud.pt · 2018-08-19 12:28 · Score: 1

... or better put - doesn't even come close to the stuff that ensures privacy and anonymity, as opposed to, say, the many good suggestions in the great Intercept's tutorial for anonymous sources.
This makes you wonder if Google purposely created such a feature at the request of US authorities, in order to trick unsuspecting whistleblowers (and yes, criminals too) into a system that is already compromised and gagged by default. The OP does raise a relevant problem - we need a feature to prevent retieval, hell, even sending of such emails, because we might simply not want people to expose themselves trying to tell us something relevant. For now it seems that option is not using your gmail address at all as a public contact...
GMail everywhere by aberglas · 2018-08-19 12:45 · Score: 1

Maybe that is the point. Make this a GMail only feature. Only works to SEND to a known GMail account, perhaps with a bit of encryption and key held by Google.
Most Android users already use GMail. GMail is growing in corporates, together with Microsoft. Google could probably do a deal with Apple.
Email is the one that got away. Not controlled by any one centeralized authority, or maybe 3. Maybe this is one step in the move to rail that in. EMail should be single server based and controlled, just like Facebook Messenger.
1. Re: GMail everywhere by Anonymous Coward · 2018-08-20 21:21 · Score: 0
  
  Facebook messenger used to support jabber, they dont anymore so that they can support end to end encryption. Which is sad, since gaim is the original client that had user supplied encryption pads.
2. Re:GMail everywhere by RockDoctor · 2018-08-24 04:06 · Score: 1
  
  Sounds like you've read Micro$oft's "Embrace, Extend, Extinguish" manual. And so have Goggle.
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
ROFLMAO by Anonymous Coward · 2018-08-19 13:34 · Score: 0

"Gmail" and "confidential" are in the same sentence. LOL. That's funny.
That's a great idea for the FBI by shanen · 2018-08-19 14:09 · Score: 1

I know you're being tongue in cheek and I might even give you the funny mod point if I ever got one to give, but you managed to hit another interesting note...
If I were a nosy and intrusive government agency with a FISA court to appeal to, I would go for a blanket warrant on this feature, starting with a less intrusive meta-information version. "We don't wont to look at their email yet, but we just want to know who is using this feature so we can check the names against our other lists to see if any of them merit special attention. By the way, we want the google to be required to keep copies of all of the confidential-mode email until we decide whether or not we need to see it. Think of the children and the terrorists!"

--
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
If I get a 'confidential e-mail'... by Anonymous Coward · 2018-08-19 14:36 · Score: 0

...it will be deleted without being read.
If you are trying to threaten me using this, I'll take a photo of the screen and give it to the police.
Stupid, ultra-retarded idea.
I won't use Gmail until I'm not the product by Shatahn · 2018-08-19 22:53 · Score: 1

After 8 years of using Gmail for everything I'm finally sucking up the pain and moving to a new provider. It's got nothing to do with confidential mode but more to do with the fact that if I look at my Google account activity I can see pretty much everything I've been doing at home, work, and on my mobile.
Call me a luddite but I don't want to trust a single company, it's employees,and the people it sells data to with my whole life. Google has a company culture of "don't be evil" but twice within the last year the Googlers have revolted against shady decisions taken by upper management. Google started assisting the American government build weapons and also started to build a "pro-censorship anti-human-rights" search engine in China. I'm not convinced that the insanely rich people at the top of Google really care about my well-being.
Until Google offers Gmail as something where I'm not the product that they're selling on to the highest bidder (on Adwords or wherever) then I'm not prepared to use it. If they offered something in the same price range as Protonmail where Google didn't collect my personal information and add it to my profile that they then share with the American drone program and equally evil faceless corporates I'm going to suck up the pain and migrate.
Confidential mode crap by SeriousTube · 2018-08-19 23:08 · Score: 2

Anyone sending me so called confidential mode email gets their mail dropped. If your server (mine is fastmail) supports sieve code - if exists "X-Gm-Locker" {reject "Google confidential mode emails are automatically rejected at this email address"; }