Gmail Now Lets You Send Self-Destructing 'Confidential Mode' Emails From Your Phone

Google has rolled out its 'confidential mode' for setting a self-destruct date on email to mobile devices. From a report: Confidential mode came with the search company's big redesign of Gmail announced earlier this year and became the default for consumer Gmail users in July, while G Suite business customers still have a few months to make the switch. The data-protection feature is now available on mobile devices, Google announced via a tweet. Google promotes the Gmail feature as a way to protect sensitive information by allowing users to set an expiration date for individual messages or revoke access to messages already sent. The feature also prevents recipients from forwarding, copying, printing or downloading its content and allows users to require recipients to enter a one-time code sent via SMS to view the email. The authentication feature is intended to protect information in the event of the recipient's email account being hijacked. Further reading: Does Gmail's 'Confidential Mode' Go Far Enough?

How does it...

... prevent one from (eg) photographing the screen?

Guess what, there's an effective way around this!

[bogaboga]

. Google promotes the Gmail feature as a way to protect sensitive information by allowing users to set an expiration date for individual messages or revoke access to messages already sent. The feature also prevents recipients from forwarding, copying, printing or downloading its content and allows users to require recipients to enter a one-time code sent via SMS to view the email. The authentication feature is intended to protect information in the event of the recipient's email account being hijacked.

What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway? Instead of improving Gmail's default interface, Google decides to "waste time" on features that don't really matter.

If you can read it, you can save it.

[treymichaelcook]

No matter what kind of security Google places on this, it will always be possible for the recipient to save a copy for their own records. The brute force approach of simply taking a picture of the email with another phone/camera will always work. And that is before the hackers do their stuff. So don't trust this system to keep your messages truly confidential.

sure

[cascadingstylesheet]

UPDATE emails SET destructed = 1 WHERE emailid = 987236784598695567865645454590987

Re:sure

[jfdavis668]

Did you really name your son Robert'); DROP TABLE Students; --?

Re:Questionable simplicity

[mysidia]

The mail is no longer on your server once you send it.

Like everyone with something similar has done it.

When you e-mail someone.... If the recipient is a non-Gmail user or an IMAP or POP3 user:
It's going to send them a message with an annoying link instead of the actual E-mail content.

The annoying link will refer back to a "Confidential Message Viewer" hosted on Google's servers.
It will probably prompt you for the secret code and then use Javascript to render a JPEG of the
message text on a HTML5 canvas using WebGL GPU rendering in a manner where the Operating System
won't see the content, or so screenshot shows a black screen generally, and then use Javascript hooks to block access to select or
access Context Menus; Who knows, maybe they've implemented some special CSS directives in Chrome to allow the
web page to restrict the browser commands that could otherwise Print a copy of content.

Re:Guess what, there's an effective way around thi

[Rik+Sweeney]

What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway?

Google have already thought of this. If you take a snapshot, a hatch will open in your device and a boxing glove will strike you between the legs. Contrary to popular belief, this also hurts ladies.

Re:Guess what, there's an effective way around thi

[tk77]

What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway?

Nothing, that works fine. I sent an a confidential email to an external account. Got a link to click (annoying) and wasn't able to get a print out as advertised (it printed "printing is not allowed"). I was however, able to take a screenshot using the built in macOS screen shot feature.

I suppose it can prevent the email from being viewed past the expiration date in the event someone gains access to the recipients email, but it doesn't do anything to protect you from the recipient keeping a copy.

It's not supposed to protect against that

[Solandri]

That was my first thought upon reading this. But the last sentence of the summary gives the purpose:

The authentication feature is intended to protect information in the event of the recipient's email account being hijacked.

So it's not supposed to protect against a malicious recipient spreading snapshots of the email you sent them. It's supposed to protect against a lazy recipient not deleting the email as you requested, and a malicious third party getting access to it in the future when they hack the recipient's email account.

Re:Your mission, if you choose to accept it...

[chubs]

I just wish my phone wouldn't burst into flames along with it.

Samsung Customer?

Re:Guess what, there's an effective way around thi

[fish_in_the_c]

It might also help with 'deniability' so you have a doctored screenshot of and e-mail you 'claim' I sent. But are YOU a credible witness.