Slashdot Mirror
Gmail Now Lets You Send Self-Destructing 'Confidential Mode' Emails From Your Phone (zdnet.com)
Google has rolled out its 'confidential mode' for setting a self-destruct date on email to mobile devices. From a report: Confidential mode came with the search company's big redesign of Gmail announced earlier this year and became the default for consumer Gmail users in July, while G Suite business customers still have a few months to make the switch. The data-protection feature is now available on mobile devices, Google announced via a tweet. Google promotes the Gmail feature as a way to protect sensitive information by allowing users to set an expiration date for individual messages or revoke access to messages already sent. The feature also prevents recipients from forwarding, copying, printing or downloading its content and allows users to require recipients to enter a one-time code sent via SMS to view the email. The authentication feature is intended to protect information in the event of the recipient's email account being hijacked. Further reading: Does Gmail's 'Confidential Mode' Go Far Enough?
This sounds fucking annoying as hell for recipient. Apple's default to delete iMessages voice messages is annoying enough already. You wake up, haven't even had coffee yet, go to listen to it the message in case it's important since they went through all the trouble to record voice, then you go to take a piss and come back and find the fucking thing autodeleted. Bullshit "feature".
...back in about 2001 when I worked with that.
The feature also prevents recipients from forwarding, copying, printing or downloading its content
Like fucking hell it does.
You show the content to someone else on their computer, and they have the content. For as long as they want.
... prevent one from (eg) photographing the screen?
. Google promotes the Gmail feature as a way to protect sensitive information by allowing users to set an expiration date for individual messages or revoke access to messages already sent. The feature also prevents recipients from forwarding, copying, printing or downloading its content and allows users to require recipients to enter a one-time code sent via SMS to view the email. The authentication feature is intended to protect information in the event of the recipient's email account being hijacked.
What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway? Instead of improving Gmail's default interface, Google decides to "waste time" on features that don't really matter.
Okay, so i don't know a lot about this tech. But since email is email, how exactly is this going to work?
You are essentially sending a formatted text file, so how will you actually do this? The mail is no longer on your server once you send it.
So that leaves the mandatory questions from people like me who doesn't know: Gmail only? Bully Mozilla/Microsoft into complying? A forgotten standard feature used to create destructive emails?
And again, the same with
>The feature also prevents recipients from forwarding, copying, printing or downloading its content
To view content, you need to download it, otherwise you can't access it. Are we talking about gimping Gmail, or simply posting links to content ala dropbox or a online image hoster service?
The same with forwarding, copy, etc.
HOW?
The message has been sent, the message has been stored. Hiding it under the guise of "expired" doesn't make it magically safe.
Besides, I use gmail specifically because I can search all my emails since day one. Emails with expiry dates would be counter to this.
No matter what kind of security Google places on this, it will always be possible for the recipient to save a copy for their own records. The brute force approach of simply taking a picture of the email with another phone/camera will always work. And that is before the hackers do their stuff. So don't trust this system to keep your messages truly confidential.
for everyone except Google and the NSA....
If that feature actually worked as advertized, it would be ideal for online threats and stalking.
I'm really curious to see what happens when such a thing lands in my good trusty mbox.
C'm on, folks.
UPDATE emails SET destructed = 1 WHERE emailid = 987236784598695567865645454590987
What’s to prevent you from accessing Gmail via an IMAP client?
#DeleteChrome
So, my thinking is if you need to send something that confidential, why the hell are you doing it via gmail?
The existence of such messages, and who exchanged them, will probably become something discoverable in court, and you should expect the police to be demanding it.
I'm not sure what problem this is a solution to, because the data is still all going to be on Google servers, and the likelihood that it is going to be as secure as claimed is pretty low in my books.
Anything you need this level of security on, you shouldn't be doing via something like gmail ... and since Google has demonstrated they're tracking your location even if you try to disable it, I'm afraid my trust level for them is pretty low these days.
I’m assuming admins can disable it, given records retention policies...
#DeleteChrome
The presence of this option means that anyone with the means to copy it in transit now have an easy way to flag the message as being more likely to be worthwhile to look at.
After all - someone bothered to put a 'lock' on the mail in a sea of unlocked junk. Chances are whatever's there is more valuable than average.
Email is as visible as a post card.
What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway?
Google have already thought of this. If you take a snapshot, a hatch will open in your device and a boxing glove will strike you between the legs. Contrary to popular belief, this also hurts ladies.
Summation 2
Google is aggressively pushing OAuth and as a side effect might disable the IMAP interface of Gmail in the future. I guess the point of this feature is more to prevent someone gaining access to your or the recipient's computer in the future from reading sensitive mail, if you don't trust the recipient you shouldn't send them sensitive stuff to begin with.
The second my Gmail account does not work with Mail on my Mac is the moment I stop using it.
#DeleteFacebook
https://i.gifer.com/Jezr.gif (SFW)
#DeleteFacebook
What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway?
Nothing, that works fine. I sent an a confidential email to an external account. Got a link to click (annoying) and wasn't able to get a print out as advertised (it printed "printing is not allowed"). I was however, able to take a screenshot using the built in macOS screen shot feature.
I suppose it can prevent the email from being viewed past the expiration date in the event someone gains access to the recipients email, but it doesn't do anything to protect you from the recipient keeping a copy.
And Hillary and the DNC rejoice, and standardize on gmail for their orgs, consultants, etc. ;-)
This tape will self-destruct in five seconds. Good luck.
Why wait? You are on /. You will have the technical lnowlwdge to have your own domain and can find a cheap provider for your email, including your own server.
Don't fight for your country, if your country does not fight for you.
My understanding is that the email is just a link. Snapshotting that just gets you an URL. If you want the content, you load the URL in your web browser and snapshot that, unless you have enabled your web browser's DRM, in which case it might try to prevent you.
The best way to use this "feature" is to never use it. It's just for gmail users, anyway.
Not even GOOG have access to them once they self-destruct.
That doesn't mean no body does...
these emails are not emails just links to a website that "enforces" the restrictions
Just make sure you have solid, encrypted, backups.
So it's not supposed to protect against a malicious recipient spreading snapshots of the email you sent them. It's supposed to protect against a lazy recipient not deleting the email as you requested, and a malicious third party getting access to it in the future when they hack the recipient's email account.
Sure if your ISP lets you run services...
There's an expiration date on private / sensitive emails. Does this mean Google will prioritize these in its queue to make sure it reads and steals all the data from these emails before others?
EFF has a good article describing the problems with Gmail's Confidential Mode.
See: https://www.eff.org/deeplinks/2018/07/between-you-me-and-google-problems-gmails-confidential-mode
. . . you may as well not bother.
You are on /. You will have the technical lnowlwdge to have your own domain and can find a cheap provider for your email, including your own server.
I have had my own domains for decades, and run a couple of my own mail servers. Do'h.
But the place I work has outsourced email to ... Google, as has a government agency I volunteer with. They're going to be sending email to gmail accounts. Both are based on requirements for archiving email, and neither are going away.
Google is aggressively pushing OAuth and as a side effect might disable the IMAP interface of Gmail in the future. I guess the point of this feature is more to prevent someone gaining access to your or the recipient's computer in the future from reading sensitive mail, if you don't trust the recipient you shouldn't send them sensitive stuff to begin with.
Simpler: You shouldn't be sending sensitive stuff though GMail to begin with. Or anyother service funded by spying on the users and has EULAs saying they reserve the right to look into all your emails.
It might also help with 'deniability' so you have a doctored screenshot of and e-mail you 'claim' I sent. But are YOU a credible witness.
âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
Sorry did I say that? You've got an email from me saying that I did? Clicks unsend/delete email. Surely you're mistaken!
When shit hits the fan get some of these https://youtu.be/pY-GncsZ-UE
Rendering text; is it trustworthy
https://www.theregister.co.uk/2013/08/06/xerox_copier_flaw_means_dodgy_numbers_and_dangerous_designs/
Deep packet inspection like that is completely unacceptable here in Germany, and likely all of the EU.
A load of software needs incoming ports! I know this is not the rage anymore with the HTML5 browser-is-the-OS iTard crowd (like the What[TheFuck]WG, who have absolutely zero clue of the Internet and confuse it with the WWW/web, but it’s a normal thing for any actual computer *user*. (As opposed to an onto-app-drooltard.)
Hell, my ISP gives me a full /64 IPv6 prefix on top of the IPv4 address! And FritzBoxes (yes, openly configurable by the end user) are standard.
Americans, your "free market" is bullshit! Corporations HATE nothing more, than a free and healthy market. And this here is a good example of that.
Otherwise the plan text MUST still appear in the computer's memory, as does the decryption and rendering algorithm. (With WebAssembly, you'd need a disassembler, if you can't just grep the plain text right out of /dev/mem. Hint: You will be able to grep it.)
And if it renders it on the server, and transfers an image, that image MUST still ... (insert the same paragraph).
So yeah, DRM snake oil, designed by retards that grew up actually believing that there is such a thing as "intellectual property" and never realizing it's purely a crime scheme to steal money from people without working for it (usually to buy and snort massive amounts of cocaine, resulting in over-confidence and paranoia .. leading to more imaginary property fantasies.)
What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway?
Nothing, that works fine. I sent an a confidential email to an external account. Got a link to click (annoying) and wasn't able to get a print out as advertised (it printed "printing is not allowed"). I was however, able to take a screenshot using the built in macOS screen shot feature.
I suppose it can prevent the email from being viewed past the expiration date in the event someone gains access to the recipients email, but it doesn't do anything to protect you from the recipient keeping a copy.
That kind of system is not new. For example, many banks use systems like that to send "secure" emails or attachments to partners.
You get emailed a link with one time password and a short expiration, the server can prove the message was received, and it helps both sides prevent sensitive info sitting in one or both inboxes or file servers for indeterminate amount of time. The access gets removed and information deleted after some time or on access.
Obviously it's assumed the recipient is trusted or they wouldn't be sent the info in the first place. It's a good system, and can be implemented fairly transparently.
. Google promotes the Gmail feature as a way to protect sensitive information by allowing users to set an expiration date for individual messages or revoke access to messages already sent. The feature also prevents recipients from forwarding, copying, printing or downloading its content and allows users to require recipients to enter a one-time code sent via SMS to view the email. The authentication feature is intended to protect information in the event of the recipient's email account being hijacked.
What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway? Instead of improving Gmail's default interface, Google decides to "waste time" on features that don't really matter.
This is like Bob forwarding Alice's message to Eve. It's implied the sender and receiver trust each other, and this is not a system for sending dick pics to strangers with impunity.
It's as rare and precious as water that isn't wet.
Which would include any email system with effective spam protection. You can always switch to non-SMTP systems, or use PGP, but on both cases you are not going to be communicating with arbitrary people.
Or you can run your own domain and email server, which means that Google won't read your mail but other hackers probably can. It's all about tradeoffs and who you want to defend against.
What's to prevent you from accessing Gmail via an IMAP client?
An interesting question. Here's the result of an experiment.
First, sending "confidential" email is not the default, at least not for any of my accounts. For my main one, I had to ask to be switched to the new gmail. Once I did that, the compose window added a lock icon to turn on sending confidential email. This added a large notice in the compose window telling me that I was sending such an email, and that this would be enabled until Aug. 27. However, the second time I logged in today I had to re-enable the secure email.
I sent another of my gmail accounts that I normally access via IMAP a secure message, and I had earlier sent one to a non-gmail address.
In both cases, through IMAP to gmail and IMAP to non-gmail, I was shown an email that told me that "I" had sent "me" "an email via Gmail confidential mode". It showed me the subject, and gave me a link to open the email. I.e., access to the email itself is NOT provided via IMAP, only via a web browser.
The two destinations differ from this point. My non-gmail recipient was shown a page that told me I had gotten a confidential email and I must click on another link that would send me (at the same address) a verification email. If someone had hacked my email and was reading this confidential email, then he's also get the confirmation email. No security there.
The gmail destination demands that I log into my gmail account to read the confidential email.
When I go directly to my gmail inbox by logging in and selecting the confidential email, I am shown the same message as what I see in my IMAP inboxes. (I'm told I have received such a message and given a link to read it.) Clicking the link in this last test opens a new window and then displays the message. When I try to print the message, the printout shows "printing is not allowed by the sender", even if I have blocked javascript using noscript.
It is pretty clear that Google stores the notification message in your gmail inbox, and sends the same notification to non-gmail email servers. The only way to access the email is via the special link to a different, web-only server.
I did not try setting the "SMS verification" option for the confidential email. I'm guessing that gmail would ask me for a text-able phone number and gladly tie that to the email address of the recipient. I'm not going to do that just to test this system.
This is a protonmail feature they're trying to compete with. I see that as a good sign for privacy.
I guess the point here is that the proof that Hilary did all that and that those really were Podesta's e-mails was google's certificates.
By doing this they on one hand standardize destroying evidence (instead of a keep by default it changes to a delete by default approach) and on the other hand make it easier to deny the authenticity of eventually leaked emails.
All of that while still being able to read your emails and help TLAs.
Exactly. When Wikileaks published Podesta's emails, Donna Brazile denied their authenticity. The proof was google's signatures.
If it is the place you work, it is not your email. So I would not care what happens with it. That does not even mean that they use Gmail. And if if they did, who cares?
And the governement agency that has a google account: tell them to run their own servers (Oh, wait. That is how POTUS got power).
Yes, still not your email, so not your problem. It is the agencies problem. You could advice them that archiving depending on a single company is a bad idea, especial when they are reading your mails. It is up to them to change that policy or not.
In any case it becomes their problem if things go wrong (that you might be asked to clean.)
If where I work decides to run their email via telnet without a login and for all to see, or to delete each email after 20 seconds, read or not, I would seriously doubt their decision, explain my concerns (verbal and in writing) but it would be their problem to follow up on it. And at this moment I am in a situation what they are doing with email is utterly stupid and will cost them a lot of money in the long run.
Don't fight for your country, if your country does not fight for you.
I'm sure your Android phone will scan images, look for ones that contain some part of a confidential email by cross-referencing it with your inbox, and delete the picture...
No, I'm not paranoid. Why do you ask?
Darryl L. Pierce "What do you care what people think, Mr. Feynman?"
It's flawed and it seems more like a govt honeypot to capture information people think they're sending secretly
If it is the place you work, it is not your email.
Yes, it is my email. The fact I don't run the server doesn't make it not my email.
So I would not care what happens with it.
I know you don't care what happens with it. I care, and I need to care, because that is how I get communications from other departments on campus, including human resources and payroll and purchasing.
That does not even mean that they use Gmail.
I'm sorry, but just because the email doesn't end in gmail.com doesn't mean they haven't outsourced the service to gmail and all email doesn't go through gmail servers.
And the governement agency that has a google account: tell them to run their own servers (Oh, wait. That is how POTUS got power).
Ok, TDS is your shtick and everything is Trump's fault. I can't tell anyone what server they have to run.
Yes, still not your email, so not your problem. It is the agencies problem.
Your naivete is really cute. Someday you'll move out of your parent's basement and get a job in the real world and learn better. When purchasing says they need documentation that something I ordered was received before it will be paid, in the immediate sense it is not my problem. In the long run, when the vendor I want to buy something from again tells me he won't deal with me because he never got paid for the last order, it becomes my problem. Or when the vendor starts tacking on late fees and my boss wants to know why he's wasting money on late fees, it's even more my problem.
So no, the point stands. Just telling someone that they can run their own servers deoesn't mean they can, even if they know how to, and it doesn't solve the gmail confidential mail problem.
Are you one of those sovereign citizen freaks or something? Saying you do not recognise authority does not eliminate that authority. Work email belongs to your employer. The law says so and so it is.
This. If it ain't the real deal it is a fake. Any proof otherwise is obviously a forgery and will not hold up in court.