Slashdot Mirror
Does Gmail's 'Confidential Mode' Go Far Enough? (engadget.com)
Last month, Gmail's big redesign became default for everyone, changing up the aesthetic appearance of the email service and introducing several new features. One of the key features, Confidential Mode, lets you add an "expiration date" and passcode to emails either in the web interface or via SMS, but not everyone is so trusting of its ability to keep your private data secure. "Recipients of these confidential emails won't be able to copy, paste, download, print or forward the message, and attachments will be disabled," notes Engadget.
The Electronic Frontier Foundation (EFF) doesn't think this new mode is secure at all. It's not encrypted end-to-end, so Google could read your messages in transit, and the expiring messages do not disappear from your Sent mail, which means they are retrievable. What's more is that if you use an SMS passcode, you might need to give Google your recipient's phone number. Because of these reasons, Slashdot reader shanen doesn't believe the new feature goes far enough to secure your data. They write: [M]y initial reaction is that I now need a new feature for Gmail. I want an option to reject incoming email from any person who wants to use confidential mode to communicate with me. Whatever conspiracy you are trying to hide, I'm not interested. So can anyone convince me you have a legitimate need for confidential mode? The main features I still want are completely different. Easiest one to describe would be future delivery of email, preferably combined with a tickler system.
The Electronic Frontier Foundation (EFF) doesn't think this new mode is secure at all. It's not encrypted end-to-end, so Google could read your messages in transit, and the expiring messages do not disappear from your Sent mail, which means they are retrievable. What's more is that if you use an SMS passcode, you might need to give Google your recipient's phone number. Because of these reasons, Slashdot reader shanen doesn't believe the new feature goes far enough to secure your data. They write: [M]y initial reaction is that I now need a new feature for Gmail. I want an option to reject incoming email from any person who wants to use confidential mode to communicate with me. Whatever conspiracy you are trying to hide, I'm not interested. So can anyone convince me you have a legitimate need for confidential mode? The main features I still want are completely different. Easiest one to describe would be future delivery of email, preferably combined with a tickler system.
How does it stop someone from taking a photo of your displayed e-mail with another device? Even if it somehow stops me taking a screenshot, there's no way from keeping me from taking a shot of the screen.
Sounds like privacy-theater to me.
Our reign has gone on long enough. Indeed. Summon the meteors.
Every other secure mail service or add-on of which I am aware, Lavabit, Protonmail, PGP add-ons, etc., regard encryption is the very foundation of private email.
Without that there really is no security that really matters.
Starships were meant to fly, Hands up and touch the sky - Nicky Minaj
This is utterly ridiculous bullshit. As long as you can do a screen capture or simply photograph the screen, the recipient can create a record of the email. "Confidential emails" my ass.
I've fallen off your lawn, and I can't get up.
If something can be read with the bare human eyes, it can be copied, pasted, downloaded, printed and forwarded because it can be as easily captured by any digital camera, OCR'ed and reused any way you want. From the look of it Google's implementation and wording are clearly a sham or meant for hillbillies.
Protonmail fares much better in this regard (real encryption and self-destruction beyond the expiration date) and they don't claim your recipient will not able to download or copy your message.