Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Google

Gmail Now Lets You Send Self-Destructing 'Confidential Mode' Emails From Your Phone (zdnet.com) 95

Google has rolled out its 'confidential mode' for setting a self-destruct date on email to mobile devices. From a report: Confidential mode came with the search company's big redesign of Gmail announced earlier this year and became the default for consumer Gmail users in July, while G Suite business customers still have a few months to make the switch. The data-protection feature is now available on mobile devices, Google announced via a tweet. Google promotes the Gmail feature as a way to protect sensitive information by allowing users to set an expiration date for individual messages or revoke access to messages already sent. The feature also prevents recipients from forwarding, copying, printing or downloading its content and allows users to require recipients to enter a one-time code sent via SMS to view the email. The authentication feature is intended to protect information in the event of the recipient's email account being hijacked. Further reading: Does Gmail's 'Confidential Mode' Go Far Enough?
This discussion has been archived. No new comments can be posted.

Gmail Now Lets You Send Self-Destructing 'Confidential Mode' Emails From Your Phone

Comments Filter:
  • ...back in about 2001 when I worked with that.
  • by Anonymous Coward

    The feature also prevents recipients from forwarding, copying, printing or downloading its content

    Like fucking hell it does.

    You show the content to someone else on their computer, and they have the content. For as long as they want.

  • How does it... (Score:5, Insightful)

    by Anonymous Coward on Monday August 20, 2018 @10:04AM (#57159464)

    ... prevent one from (eg) photographing the screen?

    • by Anonymous Coward

      It's against the EULA to take a picture of the screen.

    • It disables the right click... Oh, wait.

    • by SeaFox ( 739806 )

      ... prevent one from (eg) photographing the screen?

      Is a photograph of an email on a monitor admissible as evidence?

    • That assumes that the purpose is to prevent the recipient from having continued access to the information. Like, "I'm going to send confidential information to Joe, but after 30 seconds, I want the information completely destroyed and wiped from Joe's memory so that Joe can't access it anymore."

      I think the purpose is instead, "I want to send Joe some confidential information, and I might expect that he'll file the information away someplace for his own use, but I don't want it to be in his inbox 3 years f

  • by bogaboga ( 793279 ) on Monday August 20, 2018 @10:06AM (#57159472)

    . Google promotes the Gmail feature as a way to protect sensitive information by allowing users to set an expiration date for individual messages or revoke access to messages already sent. The feature also prevents recipients from forwarding, copying, printing or downloading its content and allows users to require recipients to enter a one-time code sent via SMS to view the email. The authentication feature is intended to protect information in the event of the recipient's email account being hijacked.

    What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway? Instead of improving Gmail's default interface, Google decides to "waste time" on features that don't really matter.

    • What’s to prevent you from accessing Gmail via an IMAP client?

      • by Hentes ( 2461350 )

        Google is aggressively pushing OAuth and as a side effect might disable the IMAP interface of Gmail in the future. I guess the point of this feature is more to prevent someone gaining access to your or the recipient's computer in the future from reading sensitive mail, if you don't trust the recipient you shouldn't send them sensitive stuff to begin with.

        • The second my Gmail account does not work with Mail on my Mac is the moment I stop using it.

          • Comment removed based on user account deletion
            • You are on /. You will have the technical lnowlwdge to have your own domain and can find a cheap provider for your email, including your own server.

              I have had my own domains for decades, and run a couple of my own mail servers. Do'h.

              But the place I work has outsourced email to ... Google, as has a government agency I volunteer with. They're going to be sending email to gmail accounts. Both are based on requirements for archiving email, and neither are going away.

              • Comment removed based on user account deletion
                • If it is the place you work, it is not your email.

                  Yes, it is my email. The fact I don't run the server doesn't make it not my email.

                  So I would not care what happens with it.

                  I know you don't care what happens with it. I care, and I need to care, because that is how I get communications from other departments on campus, including human resources and payroll and purchasing.

                  That does not even mean that they use Gmail.

                  I'm sorry, but just because the email doesn't end in gmail.com doesn't mean they haven't outsourced the service to gmail and all email doesn't go through gmail servers.

                  And the governement agency that has a google account: tell them to run their own servers (Oh, wait. That is how POTUS got power).

                  Ok, TDS is your shtick and everything is Trump's fault. I can'

        • Google is aggressively pushing OAuth and as a side effect might disable the IMAP interface of Gmail in the future. I guess the point of this feature is more to prevent someone gaining access to your or the recipient's computer in the future from reading sensitive mail, if you don't trust the recipient you shouldn't send them sensitive stuff to begin with.

          Simpler: You shouldn't be sending sensitive stuff though GMail to begin with. Or anyother service funded by spying on the users and has EULAs saying they reserve the right to look into all your emails.

          • by kqs ( 1038910 )

            Which would include any email system with effective spam protection. You can always switch to non-SMTP systems, or use PGP, but on both cases you are not going to be communicating with arbitrary people.

            Or you can run your own domain and email server, which means that Google won't read your mail but other hackers probably can. It's all about tradeoffs and who you want to defend against.

      • What's to prevent you from accessing Gmail via an IMAP client?

        An interesting question. Here's the result of an experiment.

        First, sending "confidential" email is not the default, at least not for any of my accounts. For my main one, I had to ask to be switched to the new gmail. Once I did that, the compose window added a lock icon to turn on sending confidential email. This added a large notice in the compose window telling me that I was sending such an email, and that this would be enabled until Aug. 27. However, the second time I logged in today I had to re-enable

    • by Rik Sweeney ( 471717 ) on Monday August 20, 2018 @10:53AM (#57159780) Homepage

      What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway?

      Google have already thought of this. If you take a snapshot, a hatch will open in your device and a boxing glove will strike you between the legs. Contrary to popular belief, this also hurts ladies.

    • by tk77 ( 1774336 ) on Monday August 20, 2018 @11:19AM (#57159928)

      What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway?

      Nothing, that works fine. I sent an a confidential email to an external account. Got a link to click (annoying) and wasn't able to get a print out as advertised (it printed "printing is not allowed"). I was however, able to take a screenshot using the built in macOS screen shot feature.

      I suppose it can prevent the email from being viewed past the expiration date in the event someone gains access to the recipients email, but it doesn't do anything to protect you from the recipient keeping a copy.

      • It might also help with 'deniability' so you have a doctored screenshot of and e-mail you 'claim' I sent. But are YOU a credible witness.

    • by Solandri ( 704621 ) on Monday August 20, 2018 @11:41AM (#57160078)
      That was my first thought upon reading this. But the last sentence of the summary gives the purpose:

      The authentication feature is intended to protect information in the event of the recipient's email account being hijacked.

      So it's not supposed to protect against a malicious recipient spreading snapshots of the email you sent them. It's supposed to protect against a lazy recipient not deleting the email as you requested, and a malicious third party getting access to it in the future when they hack the recipient's email account.

    • I'm sure your Android phone will scan images, look for ones that contain some part of a confidential email by cross-referencing it with your inbox, and delete the picture...

      No, I'm not paranoid. Why do you ask?

  • Okay, so i don't know a lot about this tech. But since email is email, how exactly is this going to work?
    You are essentially sending a formatted text file, so how will you actually do this? The mail is no longer on your server once you send it.
    So that leaves the mandatory questions from people like me who doesn't know: Gmail only? Bully Mozilla/Microsoft into complying? A forgotten standard feature used to create destructive emails?
    And again, the same with
    >The feature also prevents recipients from forwar

    • by mysidia ( 191772 )

      The mail is no longer on your server once you send it.

      Like everyone with something similar has done it.

      When you e-mail someone.... If the recipient is a non-Gmail user or an IMAP or POP3 user:
      It's going to send them a message with an annoying link instead of the actual E-mail content.

      The annoying link will refer back to a "Confidential Message Viewer" hosted on Google's servers.
      It will probably prompt you for the secret code and then use Javascript to render a JPEG of the
      message text on a HTML5 c

      • The mail is no longer on your server once you send it.

        Like everyone with something similar has done it.

        When you e-mail someone.... If the recipient is a non-Gmail user or an IMAP or POP3 user: It's going to send them a message with an annoying link instead of the actual E-mail content.

        The annoying link will refer back to a "Confidential Message Viewer" hosted on Google's servers. It will probably prompt you for the secret code and then use Javascript to render a JPEG of the message text on a HTML5 canvas using WebGL GPU rendering in a manner where the Operating System won't see the content, or so screenshot shows a black screen generally, and then use Javascript hooks to block access to select or access Context Menus; Who knows, maybe they've implemented some special CSS directives in Chrome to allow the web page to restrict the browser commands that could otherwise Print a copy of content.

        Dang ... I might sprain my wrist or something taking my phone out of my pocket and taking a shot of the screen.

        • by mysidia ( 191772 )

          Dang ... I might sprain my wrist or something taking my phone out of my pocket and taking a shot of the screen.

          Yes.... Capturing a picture of a short message won't be a problem.
          I'm concerned about what happens when a contact gets "In the habit" of sending
          messages routinely using Confidential Mode to "Protect themselves". It's a small
          annoyance, but it still is an annoyance.

          Also -- one of the problems with a camera picture; is this doesn't include Metadata and
          provably link the content of a speci

      • When you e-mail someone.... If the recipient is a non-Gmail user or an IMAP or POP3 user: It's going to send them a message with an annoying link instead of the actual E-mail content.

        Great --- so I can set up a filter that answers automatically with "dear sender, could you please send me a real e-mail? I'm not going to look at this crap".

      • by d0rp ( 888607 )

        and then use Javascript to render a JPEG of the message text on a HTML5 canvas using WebGL GPU rendering in a manner where the Operating System won't see the content

        So what are visually impaired people that rely on screen readers supposed to do?

  • by Dread Cthulhu ( 5435800 ) on Monday August 20, 2018 @10:10AM (#57159498)
    No matter what kind of security Google places on this, it will always be possible for the recipient to save a copy for their own records. The brute force approach of simply taking a picture of the email with another phone/camera will always work. And that is before the hackers do their stuff. So don't trust this system to keep your messages truly confidential.
    • I will actively seek ways to bounce such emails at my employer and my own domain servers. It violates record retention and other legal requirements.

      • Interestingly enough, that is one reason why places outsource their email to gmail -- so they can meet records retention policies for themselves.
  • If that feature actually worked as advertized, it would be ideal for online threats and stalking.
  • sure (Score:5, Funny)

    by cascadingstylesheet ( 140919 ) on Monday August 20, 2018 @10:19AM (#57159560) Journal
    UPDATE emails SET destructed = 1 WHERE emailid = 987236784598695567865645454590987
  • I’m assuming admins can disable it, given records retention policies...

    • I’m assuming admins can disable it, given records retention policies...

      Some places I've worked retention policies worked the other way. You were against policy to keep an e-mail for more than X time frame. (3 months one place, 1 year another). When you work at a bank, e-mails are a potential liability.

      • In my case, I work at a public university in a state where emails from state employees are considered public record - so I'm guessing we won't be seeing this "confidential mode" anytime soon.

        In any case, I use IMAP with Google mail because the web interface sucks (compared to a desktop mail program).

        • In my case, I work at a public university in a state where emails from state employees are considered public record - so I'm guessing we won't be seeing this "confidential mode" anytime soon.

          In any case, I use IMAP with Google mail because the web interface sucks (compared to a desktop mail program).

          They asked us to delete all our e-mails (and did it for us if over a certain date); but everyone I knew, kept a copy of all their important emails saved to their desktops.

        • Coincidentally, the governor of Missouri and his staff have been accused of violating the state's open-records law by using a message app that automatically deletes messages, but the state Attorney General says it doesn't appear that any laws were violated [thehill.com]. One argument is that the law can't require them to make their records available, because there aren't any records. Any more.
  • And Hillary and the DNC rejoice, and standardize on gmail for their orgs, consultants, etc. ;-)
  • This tape will self-destruct in five seconds. Good luck.
  • Not even GOOG have access to them once they self-destruct.

    That doesn't mean no body does...

  • There's an expiration date on private / sensitive emails. Does this mean Google will prioritize these in its queue to make sure it reads and steals all the data from these emails before others?
  • Sorry did I say that? You've got an email from me saying that I did? Clicks unsend/delete email. Surely you're mistaken!

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...