Slashdot Mirror
Does Gmail's 'Confidential Mode' Go Far Enough? (engadget.com)
Last month, Gmail's big redesign became default for everyone, changing up the aesthetic appearance of the email service and introducing several new features. One of the key features, Confidential Mode, lets you add an "expiration date" and passcode to emails either in the web interface or via SMS, but not everyone is so trusting of its ability to keep your private data secure. "Recipients of these confidential emails won't be able to copy, paste, download, print or forward the message, and attachments will be disabled," notes Engadget.
The Electronic Frontier Foundation (EFF) doesn't think this new mode is secure at all. It's not encrypted end-to-end, so Google could read your messages in transit, and the expiring messages do not disappear from your Sent mail, which means they are retrievable. What's more is that if you use an SMS passcode, you might need to give Google your recipient's phone number. Because of these reasons, Slashdot reader shanen doesn't believe the new feature goes far enough to secure your data. They write: [M]y initial reaction is that I now need a new feature for Gmail. I want an option to reject incoming email from any person who wants to use confidential mode to communicate with me. Whatever conspiracy you are trying to hide, I'm not interested. So can anyone convince me you have a legitimate need for confidential mode? The main features I still want are completely different. Easiest one to describe would be future delivery of email, preferably combined with a tickler system.
The Electronic Frontier Foundation (EFF) doesn't think this new mode is secure at all. It's not encrypted end-to-end, so Google could read your messages in transit, and the expiring messages do not disappear from your Sent mail, which means they are retrievable. What's more is that if you use an SMS passcode, you might need to give Google your recipient's phone number. Because of these reasons, Slashdot reader shanen doesn't believe the new feature goes far enough to secure your data. They write: [M]y initial reaction is that I now need a new feature for Gmail. I want an option to reject incoming email from any person who wants to use confidential mode to communicate with me. Whatever conspiracy you are trying to hide, I'm not interested. So can anyone convince me you have a legitimate need for confidential mode? The main features I still want are completely different. Easiest one to describe would be future delivery of email, preferably combined with a tickler system.
How does it stop someone from taking a photo of your displayed e-mail with another device? Even if it somehow stops me taking a screenshot, there's no way from keeping me from taking a shot of the screen.
Sounds like privacy-theater to me.
Our reign has gone on long enough. Indeed. Summon the meteors.
Every other secure mail service or add-on of which I am aware, Lavabit, Protonmail, PGP add-ons, etc., regard encryption is the very foundation of private email.
Without that there really is no security that really matters.
Starships were meant to fly, Hands up and touch the sky - Nicky Minaj
This is utterly ridiculous bullshit. As long as you can do a screen capture or simply photograph the screen, the recipient can create a record of the email. "Confidential emails" my ass.
I've fallen off your lawn, and I can't get up.
Hillary and her staff wish they had that feature. And regarding the sent folder, last I checked you can delete emails in there. And of course wipe you local HD, smash you smartphone.
There are real tangible benefits to running a private email server if you are looking for more privacy for your email.
That is, unless you are in a government job.
If something can be read with the bare human eyes, it can be copied, pasted, downloaded, printed and forwarded because it can be as easily captured by any digital camera, OCR'ed and reused any way you want. From the look of it Google's implementation and wording are clearly a sham or meant for hillbillies.
Protonmail fares much better in this regard (real encryption and self-destruction beyond the expiration date) and they don't claim your recipient will not able to download or copy your message.
No wonder you haven't been replying to my messages regarding the Moon "landings".
Aren't lawyers using encrypted emails?
Generally no. And I wish I was even kidding about that, in most cases unless it can be all wrapped into one nice little ball most don't want anything to do with it and still prefer dead-drops for anything important.
Om, nomnomnom...
Actually? The reason she "got away with it" (wasn't prosecuted) was because hundreds and in fact thousands of other similarly positioned officials also did, including Jeb Bush, Colin Powell, and... https://www.nytimes.com/2017/0...
Rules for using a personal email server are well-established, as are the rules for sending classified data.
She got away with it because she destroyed evidence of the latter, which should have been plenty to prosecute.
Also, let's be realistic. She got away with it because Bill "Tarmac" Clinton stepped in.
Interesting that the only comments that so far have struck me as substantive are from the senior citizens. I've been searching for any HINT of a good reason for this new feature. You [jimbo] mentioned another of the bad "reasons", but there are LOTS of them. I already addressed your focus more substantively in my longer comment above, but I'm just going to repeat my proposed solution here:
If anyone EVER sends me a confidential-mode email, then the first thing I will do is take a picture of it. If the email is amusing enough, I will republish it in the most public and most embarrassing places I can find. Therefore, you should NEVER send me any confidential-mode email.
If enough people take similar pledges, then this feature will die the dog's death it deserves. Which is what led me to the realization that the spammers' are going to be the most enthusiastic abusers of confidential mode. (No insult intended to dogs, nor am I suggesting that they deserve bad deaths. It's just an idiom (and I wish I could think of a stronger one).)
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
If I ever got a mod point, I think I'd give you a funny for the typo. Or was it?
The problem with this confidential-mode service is NOT that I will never use it. The problem is that OTHER people will use it so they can accuse me of being a liar. If you can think of any legitimate use of confidential-mode email, then I'd be interested in hearing it. I think there are justifications for secrecy, but all of the legitimate ones (that I know of) go back to prior secrecy and I haven't found any pretense of justification in google's blather (or here on Slashdot).
The deeper topic barely touched by your comment, assuming that you meant "free", not "fee", is the network effect. The value of Gmail to the google is due to the number of users, which is why Gmail is "free" in a TANSTAAFL sense. However this confidential mode is such a bad feature that it really creates an opportunity for one of the other major players to attack the google by adding an anti-feature to their free email system.
If anyone knows an email system that has an option to REJECT all confidential-mode email, then please let me know about it. I would seriously consider moving my primary email off of Gmail to one of the lesser cancers such as Outlook or Apple. Will no one rid me of this meddlesome gmail?
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Lawyers do not generally like to put their communications in a discoverable medium. This is even though they are protected by the attorney-client privilege and the federal rules of civil procedure. Anything important will be in a phone call.
Bruce Perens.
As one of one of the instigators of this discussion, I'm kind of disappointed... So let me try to summarize.
There seems to be an extremely strong consensus that confidential mode is a bad idea badly implemented. I would go farther and count it as more evidence of the increasing badness and evil of the google, but there wasn't much discussion along such lines and assigning the blame doesn't matter too much anyway. This is a bad feature that keeps rising from the grave like any good zombie.
I was unable to detect (in this discussion or anywhere else) any good reasons for this feature. Absence of evidence is not proof of absence, but if anyone does have a good reason for confidential mode email, then I hope you will share it. I'll continue searching the discussion (until it expires in a day or two), but obviously I'd be more likely to find your "good reason" if you reply to this comment...
My first suggested solution was a way to reject incoming confidential-mode email. Some people seem to agree that would be good, but no one (whose comments I found here on Slashdot) actually pointed at a way to do it or at a way to persuade the google to give us that option. I would also count it as a solution if someone knew of and told me about a full-featured email system with the option (and I even consider this feature bad enough to justify the large effort of leaving Gmail).
My second proposed solution is a sabotage pledge to subvert the intended confidentiality of any such email I do receive. Again, no local support, but now I wonder if it matters. I've realized that this feature may be doomed to disaster. Some people are going to take those obvious pictures of the confidential-mode email, and at some point the google is going to get dragged into a hefty lawsuit that may help the google realize the error of its ways. Kind of a shame that #PresidentTweety doesn't use Gmail, but I hope this feature persuades him to start. (Since the orange topic came up, I can't resist a link to this hilarious new music video and tribute to Aretha Franklin: https://www.youtube.com/watch?...)
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Discoverable in court is not the same as discoverable by NSA. In general, they just don't want their conversations to be admitted as evidence in a civil case.
Bruce Perens.
Anyone sending me so called confidential mode email gets their mail dropped. If your server (mine is fastmail) supports sieve code - if exists "X-Gm-Locker" {reject "Google confidential mode emails are automatically rejected at this email address"; }