Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gmail Now Lets You Send Self-Destructing 'Confidential Mode' Emails From Your Phone (zdnet.com)

Posted by msmash on from the out-now dept.

Google has rolled out its 'confidential mode' for setting a self-destruct date on email to mobile devices. From a report: Confidential mode came with the search company's big redesign of Gmail announced earlier this year and became the default for consumer Gmail users in July, while G Suite business customers still have a few months to make the switch. The data-protection feature is now available on mobile devices, Google announced via a tweet. Google promotes the Gmail feature as a way to protect sensitive information by allowing users to set an expiration date for individual messages or revoke access to messages already sent. The feature also prevents recipients from forwarding, copying, printing or downloading its content and allows users to require recipients to enter a one-time code sent via SMS to view the email. The authentication feature is intended to protect information in the event of the recipient's email account being hijacked. Further reading: Does Gmail's 'Confidential Mode' Go Far Enough?

49 of 95 comments (clear)

  1. a bit like Lotus Notes did by MancunianMaskMan · · Score: 1

    ...back in about 2001 when I worked with that.

  2. "prevents forwarding, copying, printing" by Anonymous Coward · · Score: 1

    The feature also prevents recipients from forwarding, copying, printing or downloading its content

    Like fucking hell it does.

    You show the content to someone else on their computer, and they have the content. For as long as they want.

    1. Re:"prevents forwarding, copying, printing" by Jane+Q.+Public · · Score: 1

      Everybody seems to be forgetting that Google has that email, too, whether you delete it or not.

  3. How does it... by Anonymous Coward · · Score: 5, Insightful

    ... prevent one from (eg) photographing the screen?

    1. Re:How does it... by Anonymous Coward · · Score: 1

      It's against the EULA to take a picture of the screen.

    2. Re:How does it... by Mr.+Dollar+Ton · · Score: 1

      It disables the right click... Oh, wait.

    3. Re:How does it... by SeaFox · · Score: 1

      ... prevent one from (eg) photographing the screen?

      Is a photograph of an email on a monitor admissible as evidence?

    4. Re:How does it... by nine-times · · Score: 1

      That assumes that the purpose is to prevent the recipient from having continued access to the information. Like, "I'm going to send confidential information to Joe, but after 30 seconds, I want the information completely destroyed and wiped from Joe's memory so that Joe can't access it anymore."

      I think the purpose is instead, "I want to send Joe some confidential information, and I might expect that he'll file the information away someplace for his own use, but I don't want it to be in his inbox 3 years from now when he falls prey to a phishing attack and his email is compromised."

  4. Guess what, there's an effective way around this! by bogaboga · · Score: 4, Insightful

    . Google promotes the Gmail feature as a way to protect sensitive information by allowing users to set an expiration date for individual messages or revoke access to messages already sent. The feature also prevents recipients from forwarding, copying, printing or downloading its content and allows users to require recipients to enter a one-time code sent via SMS to view the email. The authentication feature is intended to protect information in the event of the recipient's email account being hijacked.

    What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway? Instead of improving Gmail's default interface, Google decides to "waste time" on features that don't really matter.

  5. Questionable simplicity by del_diablo · · Score: 1

    Okay, so i don't know a lot about this tech. But since email is email, how exactly is this going to work?
    You are essentially sending a formatted text file, so how will you actually do this? The mail is no longer on your server once you send it.
    So that leaves the mandatory questions from people like me who doesn't know: Gmail only? Bully Mozilla/Microsoft into complying? A forgotten standard feature used to create destructive emails?
    And again, the same with
    >The feature also prevents recipients from forwarding, copying, printing or downloading its content
    To view content, you need to download it, otherwise you can't access it. Are we talking about gimping Gmail, or simply posting links to content ala dropbox or a online image hoster service?
    The same with forwarding, copy, etc.
    HOW?

    1. Re:Questionable simplicity by mysidia · · Score: 2

      The mail is no longer on your server once you send it.

      Like everyone with something similar has done it.

      When you e-mail someone.... If the recipient is a non-Gmail user or an IMAP or POP3 user:
      It's going to send them a message with an annoying link instead of the actual E-mail content.

      The annoying link will refer back to a "Confidential Message Viewer" hosted on Google's servers.
      It will probably prompt you for the secret code and then use Javascript to render a JPEG of the
      message text on a HTML5 canvas using WebGL GPU rendering in a manner where the Operating System
      won't see the content, or so screenshot shows a black screen generally, and then use Javascript hooks to block access to select or
      access Context Menus; Who knows, maybe they've implemented some special CSS directives in Chrome to allow the
      web page to restrict the browser commands that could otherwise Print a copy of content.

    2. Re:Questionable simplicity by cascadingstylesheet · · Score: 1

      The mail is no longer on your server once you send it.

      Like everyone with something similar has done it.

      When you e-mail someone.... If the recipient is a non-Gmail user or an IMAP or POP3 user: It's going to send them a message with an annoying link instead of the actual E-mail content.

      The annoying link will refer back to a "Confidential Message Viewer" hosted on Google's servers. It will probably prompt you for the secret code and then use Javascript to render a JPEG of the message text on a HTML5 canvas using WebGL GPU rendering in a manner where the Operating System won't see the content, or so screenshot shows a black screen generally, and then use Javascript hooks to block access to select or access Context Menus; Who knows, maybe they've implemented some special CSS directives in Chrome to allow the web page to restrict the browser commands that could otherwise Print a copy of content.

      Dang ... I might sprain my wrist or something taking my phone out of my pocket and taking a shot of the screen.

    3. Re:Questionable simplicity by mysidia · · Score: 1

      Dang ... I might sprain my wrist or something taking my phone out of my pocket and taking a shot of the screen.

      Yes.... Capturing a picture of a short message won't be a problem.
      I'm concerned about what happens when a contact gets "In the habit" of sending
      messages routinely using Confidential Mode to "Protect themselves". It's a small
      annoyance, but it still is an annoyance.

      Also -- one of the problems with a camera picture; is this doesn't include Metadata and
      provably link the content of a specific e-mail message to all the specific metadata that a normal e-mail message has.

      If the sender violates a contract later or breaks the law, or files suit, and the content of the Confidential mode message
      is required in order to defend against the lawsuit: then how do we prove this message metadata goes with this content,
      And, how do we efficiently make sure the Photo gets archived together with the metadata and becomes searchable
      for later investigation and reporting?

      Secondly.... If the e-mail message is long; say a 50-page-long document, then
      snapping with a camera could get to be excessively laborious.

    4. Re:Questionable simplicity by fph+il+quozientatore · · Score: 1

      When you e-mail someone.... If the recipient is a non-Gmail user or an IMAP or POP3 user: It's going to send them a message with an annoying link instead of the actual E-mail content.

      Great --- so I can set up a filter that answers automatically with "dear sender, could you please send me a real e-mail? I'm not going to look at this crap".

      --
      My first program:

      Hell Segmentation fault

    5. Re:Questionable simplicity by d0rp · · Score: 1

      and then use Javascript to render a JPEG of the message text on a HTML5 canvas using WebGL GPU rendering in a manner where the Operating System won't see the content

      So what are visually impaired people that rely on screen readers supposed to do?

  6. If you can read it, you can save it. by treymichaelcook · · Score: 3, Interesting

    No matter what kind of security Google places on this, it will always be possible for the recipient to save a copy for their own records. The brute force approach of simply taking a picture of the email with another phone/camera will always work. And that is before the hackers do their stuff. So don't trust this system to keep your messages truly confidential.

    1. Re:If you can read it, you can save it. by iggymanz · · Score: 1

      I will actively seek ways to bounce such emails at my employer and my own domain servers. It violates record retention and other legal requirements.

    2. Re:If you can read it, you can save it. by Obfuscant · · Score: 1

      Interestingly enough, that is one reason why places outsource their email to gmail -- so they can meet records retention policies for themselves.

  7. So this will be the weapen of choice by MrMr · · Score: 1

    If that feature actually worked as advertized, it would be ideal for online threats and stalking.

  8. sure by cascadingstylesheet · · Score: 4, Funny

    UPDATE emails SET destructed = 1 WHERE emailid = 987236784598695567865645454590987

    1. Re:sure by jfdavis668 · · Score: 3, Funny

      Did you really name your son Robert'); DROP TABLE Students; --?

  9. Re:Guess what, there's an effective way around thi by 93+Escort+Wagon · · Score: 1

    What’s to prevent you from accessing Gmail via an IMAP client?

    --
    #DeleteChrome
  10. It’s coming to their business suite? by 93+Escort+Wagon · · Score: 1

    I’m assuming admins can disable it, given records retention policies...

    --
    #DeleteChrome
    1. Re:It’s coming to their business suite? by Oswald+McWeany · · Score: 1

      I’m assuming admins can disable it, given records retention policies...

      Some places I've worked retention policies worked the other way. You were against policy to keep an e-mail for more than X time frame. (3 months one place, 1 year another). When you work at a bank, e-mails are a potential liability.

      --
      "That's the way to do it" - Punch
    2. Re:It’s coming to their business suite? by 93+Escort+Wagon · · Score: 1

      In my case, I work at a public university in a state where emails from state employees are considered public record - so I'm guessing we won't be seeing this "confidential mode" anytime soon.

      In any case, I use IMAP with Google mail because the web interface sucks (compared to a desktop mail program).

      --
      #DeleteChrome
    3. Re:It’s coming to their business suite? by Oswald+McWeany · · Score: 1

      In my case, I work at a public university in a state where emails from state employees are considered public record - so I'm guessing we won't be seeing this "confidential mode" anytime soon.

      In any case, I use IMAP with Google mail because the web interface sucks (compared to a desktop mail program).

      They asked us to delete all our e-mails (and did it for us if over a certain date); but everyone I knew, kept a copy of all their important emails saved to their desktops.

      --
      "That's the way to do it" - Punch
    4. Re:It’s coming to their business suite? by Woeful+Countenance · · Score: 1

      Coincidentally, the governor of Missouri and his staff have been accused of violating the state's open-records law by using a message app that automatically deletes messages, but the state Attorney General says it doesn't appear that any laws were violated. One argument is that the law can't require them to make their records available, because there aren't any records. Any more.

  11. Re:Guess what, there's an effective way around thi by Rik+Sweeney · · Score: 4, Funny

    What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway?

    Google have already thought of this. If you take a snapshot, a hatch will open in your device and a boxing glove will strike you between the legs. Contrary to popular belief, this also hurts ladies.

    --
    Summation 2
  12. Re:Guess what, there's an effective way around thi by Hentes · · Score: 1

    Google is aggressively pushing OAuth and as a side effect might disable the IMAP interface of Gmail in the future. I guess the point of this feature is more to prevent someone gaining access to your or the recipient's computer in the future from reading sensitive mail, if you don't trust the recipient you shouldn't send them sensitive stuff to begin with.

  13. Re:Guess what, there's an effective way around thi by DontBeAMoran · · Score: 1

    The second my Gmail account does not work with Mail on my Mac is the moment I stop using it.

    --
    #DeleteFacebook
  14. Re:Guess what, there's an effective way around thi by DontBeAMoran · · Score: 1

    https://i.gifer.com/Jezr.gif (SFW)

    --
    #DeleteFacebook
  15. Re:Guess what, there's an effective way around thi by tk77 · · Score: 5, Insightful

    What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway?

    Nothing, that works fine. I sent an a confidential email to an external account. Got a link to click (annoying) and wasn't able to get a print out as advertised (it printed "printing is not allowed"). I was however, able to take a screenshot using the built in macOS screen shot feature.

    I suppose it can prevent the email from being viewed past the expiration date in the event someone gains access to the recipients email, but it doesn't do anything to protect you from the recipient keeping a copy.

  16. Hillary and the DNC rejoice by drnb · · Score: 1

    And Hillary and the DNC rejoice, and standardize on gmail for their orgs, consultants, etc. ;-)

  17. Your mission, if you choose to accept it... by jfdavis668 · · Score: 1

    This tape will self-destruct in five seconds. Good luck.

    1. Re:Your mission, if you choose to accept it... by PPH · · Score: 1

      I just wish my phone wouldn't burst into flames along with it.

      --
      Have gnu, will travel.
    2. Re:Your mission, if you choose to accept it... by chubs · · Score: 4, Funny

      I just wish my phone wouldn't burst into flames along with it.

      Samsung Customer?

    3. Re:Your mission, if you choose to accept it... by Obfuscant · · Score: 1

      Or Apple.

  18. Re: Guess what, there's an effective way around th by houghi · · Score: 1

    Why wait? You are on /. You will have the technical lnowlwdge to have your own domain and can find a cheap provider for your email, including your own server.

    --
    Don't fight for your country, if your country does not fight for you.
  19. Srsly... dead G bits go to heaven by ElitistWhiner · · Score: 1

    Not even GOOG have access to them once they self-destruct.

    That doesn't mean no body does...

  20. It's not supposed to protect against that by Solandri · · Score: 5, Interesting
    That was my first thought upon reading this. But the last sentence of the summary gives the purpose:

    The authentication feature is intended to protect information in the event of the recipient's email account being hijacked.

    So it's not supposed to protect against a malicious recipient spreading snapshots of the email you sent them. It's supposed to protect against a lazy recipient not deleting the email as you requested, and a malicious third party getting access to it in the future when they hack the recipient's email account.

  21. Priority Queue? by chubs · · Score: 1

    There's an expiration date on private / sensitive emails. Does this mean Google will prioritize these in its queue to make sure it reads and steals all the data from these emails before others?

  22. Re: Guess what, there's an effective way around th by Obfuscant · · Score: 1

    You are on /. You will have the technical lnowlwdge to have your own domain and can find a cheap provider for your email, including your own server.

    I have had my own domains for decades, and run a couple of my own mail servers. Do'h.

    But the place I work has outsourced email to ... Google, as has a government agency I volunteer with. They're going to be sending email to gmail accounts. Both are based on requirements for archiving email, and neither are going away.

  23. Re:Guess what, there's an effective way around thi by fish_in_the_c · · Score: 2

    It might also help with 'deniability' so you have a doctored screenshot of and e-mail you 'claim' I sent. But are YOU a credible witness.

    --
    âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
  24. NYSINYD... by Julz · · Score: 1

    Sorry did I say that? You've got an email from me saying that I did? Clicks unsend/delete email. Surely you're mistaken!

    --
    When shit hits the fan get some of these https://youtu.be/pY-GncsZ-UE
  25. Re:Guess what, there's an effective way around thi by kqs · · Score: 1

    Which would include any email system with effective spam protection. You can always switch to non-SMTP systems, or use PGP, but on both cases you are not going to be communicating with arbitrary people.

    Or you can run your own domain and email server, which means that Google won't read your mail but other hackers probably can. It's all about tradeoffs and who you want to defend against.

  26. Re:Guess what, there's an effective way around thi by Obfuscant · · Score: 1

    What's to prevent you from accessing Gmail via an IMAP client?

    An interesting question. Here's the result of an experiment.

    First, sending "confidential" email is not the default, at least not for any of my accounts. For my main one, I had to ask to be switched to the new gmail. Once I did that, the compose window added a lock icon to turn on sending confidential email. This added a large notice in the compose window telling me that I was sending such an email, and that this would be enabled until Aug. 27. However, the second time I logged in today I had to re-enable the secure email.

    I sent another of my gmail accounts that I normally access via IMAP a secure message, and I had earlier sent one to a non-gmail address.

    In both cases, through IMAP to gmail and IMAP to non-gmail, I was shown an email that told me that "I" had sent "me" "an email via Gmail confidential mode". It showed me the subject, and gave me a link to open the email. I.e., access to the email itself is NOT provided via IMAP, only via a web browser.

    The two destinations differ from this point. My non-gmail recipient was shown a page that told me I had gotten a confidential email and I must click on another link that would send me (at the same address) a verification email. If someone had hacked my email and was reading this confidential email, then he's also get the confirmation email. No security there.

    The gmail destination demands that I log into my gmail account to read the confidential email.

    When I go directly to my gmail inbox by logging in and selecting the confidential email, I am shown the same message as what I see in my IMAP inboxes. (I'm told I have received such a message and given a link to read it.) Clicking the link in this last test opens a new window and then displays the message. When I try to print the message, the printout shows "printing is not allowed by the sender", even if I have blocked javascript using noscript.

    It is pretty clear that Google stores the notification message in your gmail inbox, and sends the same notification to non-gmail email servers. The only way to access the email is via the special link to a different, web-only server.

    I did not try setting the "SMS verification" option for the confidential email. I'm guessing that gmail would ask me for a text-able phone number and gladly tie that to the email address of the recipient. I'm not going to do that just to test this system.

  27. Re: Guess what, there's an effective way around th by houghi · · Score: 1

    If it is the place you work, it is not your email. So I would not care what happens with it. That does not even mean that they use Gmail. And if if they did, who cares?

    And the governement agency that has a google account: tell them to run their own servers (Oh, wait. That is how POTUS got power).
    Yes, still not your email, so not your problem. It is the agencies problem. You could advice them that archiving depending on a single company is a bad idea, especial when they are reading your mails. It is up to them to change that policy or not.
    In any case it becomes their problem if things go wrong (that you might be asked to clean.)

    If where I work decides to run their email via telnet without a login and for all to see, or to delete each email after 20 seconds, read or not, I would seriously doubt their decision, explain my concerns (verbal and in writing) but it would be their problem to follow up on it. And at this moment I am in a situation what they are doing with email is utterly stupid and will cost them a lot of money in the long run.

    --
    Don't fight for your country, if your country does not fight for you.
  28. Re:Guess what, there's an effective way around thi by McPierce · · Score: 1

    I'm sure your Android phone will scan images, look for ones that contain some part of a confidential email by cross-referencing it with your inbox, and delete the picture...

    No, I'm not paranoid. Why do you ask?

    --
    Darryl L. Pierce "What do you care what people think, Mr. Feynman?"
  29. Re: Guess what, there's an effective way around th by Obfuscant · · Score: 1

    If it is the place you work, it is not your email.

    Yes, it is my email. The fact I don't run the server doesn't make it not my email.

    So I would not care what happens with it.

    I know you don't care what happens with it. I care, and I need to care, because that is how I get communications from other departments on campus, including human resources and payroll and purchasing.

    That does not even mean that they use Gmail.

    I'm sorry, but just because the email doesn't end in gmail.com doesn't mean they haven't outsourced the service to gmail and all email doesn't go through gmail servers.

    And the governement agency that has a google account: tell them to run their own servers (Oh, wait. That is how POTUS got power).

    Ok, TDS is your shtick and everything is Trump's fault. I can't tell anyone what server they have to run.

    Yes, still not your email, so not your problem. It is the agencies problem.

    Your naivete is really cute. Someday you'll move out of your parent's basement and get a job in the real world and learn better. When purchasing says they need documentation that something I ordered was received before it will be paid, in the immediate sense it is not my problem. In the long run, when the vendor I want to buy something from again tells me he won't deal with me because he never got paid for the last order, it becomes my problem. Or when the vendor starts tacking on late fees and my boss wants to know why he's wasting money on late fees, it's even more my problem.

    So no, the point stands. Just telling someone that they can run their own servers deoesn't mean they can, even if they know how to, and it doesn't solve the gmail confidential mail problem.