Gmail Now Lets You Send Self-Destructing 'Confidential Mode' Emails From Your Phone (zdnet.com) 95
Google has rolled out its 'confidential mode' for setting a self-destruct date on email to mobile devices. From a report: Confidential mode came with the search company's big redesign of Gmail announced earlier this year and became the default for consumer Gmail users in July, while G Suite business customers still have a few months to make the switch. The data-protection feature is now available on mobile devices, Google announced via a tweet. Google promotes the Gmail feature as a way to protect sensitive information by allowing users to set an expiration date for individual messages or revoke access to messages already sent. The feature also prevents recipients from forwarding, copying, printing or downloading its content and allows users to require recipients to enter a one-time code sent via SMS to view the email. The authentication feature is intended to protect information in the event of the recipient's email account being hijacked. Further reading: Does Gmail's 'Confidential Mode' Go Far Enough?
a bit like Lotus Notes did (Score:2)
"prevents forwarding, copying, printing" (Score:1)
The feature also prevents recipients from forwarding, copying, printing or downloading its content
Like fucking hell it does.
You show the content to someone else on their computer, and they have the content. For as long as they want.
Re: (Score:2)
How does it... (Score:5, Insightful)
... prevent one from (eg) photographing the screen?
Re: (Score:1)
It's against the EULA to take a picture of the screen.
Re: (Score:1)
It disables the right click... Oh, wait.
Re: (Score:2)
... prevent one from (eg) photographing the screen?
Is a photograph of an email on a monitor admissible as evidence?
Re: (Score:2)
That assumes that the purpose is to prevent the recipient from having continued access to the information. Like, "I'm going to send confidential information to Joe, but after 30 seconds, I want the information completely destroyed and wiped from Joe's memory so that Joe can't access it anymore."
I think the purpose is instead, "I want to send Joe some confidential information, and I might expect that he'll file the information away someplace for his own use, but I don't want it to be in his inbox 3 years f
Guess what, there's an effective way around this! (Score:5, Insightful)
. Google promotes the Gmail feature as a way to protect sensitive information by allowing users to set an expiration date for individual messages or revoke access to messages already sent. The feature also prevents recipients from forwarding, copying, printing or downloading its content and allows users to require recipients to enter a one-time code sent via SMS to view the email. The authentication feature is intended to protect information in the event of the recipient's email account being hijacked.
What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway? Instead of improving Gmail's default interface, Google decides to "waste time" on features that don't really matter.
Re: (Score:2)
What’s to prevent you from accessing Gmail via an IMAP client?
Re: (Score:2)
Google is aggressively pushing OAuth and as a side effect might disable the IMAP interface of Gmail in the future. I guess the point of this feature is more to prevent someone gaining access to your or the recipient's computer in the future from reading sensitive mail, if you don't trust the recipient you shouldn't send them sensitive stuff to begin with.
Re: (Score:2)
The second my Gmail account does not work with Mail on my Mac is the moment I stop using it.
Re: (Score:2)
Re: (Score:2)
You are on /. You will have the technical lnowlwdge to have your own domain and can find a cheap provider for your email, including your own server.
I have had my own domains for decades, and run a couple of my own mail servers. Do'h.
But the place I work has outsourced email to ... Google, as has a government agency I volunteer with. They're going to be sending email to gmail accounts. Both are based on requirements for archiving email, and neither are going away.
Re: (Score:2)
Re: (Score:2)
If it is the place you work, it is not your email.
Yes, it is my email. The fact I don't run the server doesn't make it not my email.
So I would not care what happens with it.
I know you don't care what happens with it. I care, and I need to care, because that is how I get communications from other departments on campus, including human resources and payroll and purchasing.
That does not even mean that they use Gmail.
I'm sorry, but just because the email doesn't end in gmail.com doesn't mean they haven't outsourced the service to gmail and all email doesn't go through gmail servers.
And the governement agency that has a google account: tell them to run their own servers (Oh, wait. That is how POTUS got power).
Ok, TDS is your shtick and everything is Trump's fault. I can'
Re: (Score:1)
Google is aggressively pushing OAuth and as a side effect might disable the IMAP interface of Gmail in the future. I guess the point of this feature is more to prevent someone gaining access to your or the recipient's computer in the future from reading sensitive mail, if you don't trust the recipient you shouldn't send them sensitive stuff to begin with.
Simpler: You shouldn't be sending sensitive stuff though GMail to begin with. Or anyother service funded by spying on the users and has EULAs saying they reserve the right to look into all your emails.
Re: (Score:2)
Which would include any email system with effective spam protection. You can always switch to non-SMTP systems, or use PGP, but on both cases you are not going to be communicating with arbitrary people.
Or you can run your own domain and email server, which means that Google won't read your mail but other hackers probably can. It's all about tradeoffs and who you want to defend against.
Re: (Score:2)
What's to prevent you from accessing Gmail via an IMAP client?
An interesting question. Here's the result of an experiment.
First, sending "confidential" email is not the default, at least not for any of my accounts. For my main one, I had to ask to be switched to the new gmail. Once I did that, the compose window added a lock icon to turn on sending confidential email. This added a large notice in the compose window telling me that I was sending such an email, and that this would be enabled until Aug. 27. However, the second time I logged in today I had to re-enable
Re:Guess what, there's an effective way around thi (Score:5, Funny)
What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway?
Google have already thought of this. If you take a snapshot, a hatch will open in your device and a boxing glove will strike you between the legs. Contrary to popular belief, this also hurts ladies.
Re: (Score:2)
https://i.gifer.com/Jezr.gif [gifer.com] (SFW)
Re:Guess what, there's an effective way around thi (Score:5, Insightful)
What's to prevent me from taking a snapshot of the entire email and later doing whatever I want anyway?
Nothing, that works fine. I sent an a confidential email to an external account. Got a link to click (annoying) and wasn't able to get a print out as advertised (it printed "printing is not allowed"). I was however, able to take a screenshot using the built in macOS screen shot feature.
I suppose it can prevent the email from being viewed past the expiration date in the event someone gains access to the recipients email, but it doesn't do anything to protect you from the recipient keeping a copy.
Re: (Score:3)
It might also help with 'deniability' so you have a doctored screenshot of and e-mail you 'claim' I sent. But are YOU a credible witness.
It's not supposed to protect against that (Score:5, Interesting)
So it's not supposed to protect against a malicious recipient spreading snapshots of the email you sent them. It's supposed to protect against a lazy recipient not deleting the email as you requested, and a malicious third party getting access to it in the future when they hack the recipient's email account.
Re: (Score:1)
I'm sure your Android phone will scan images, look for ones that contain some part of a confidential email by cross-referencing it with your inbox, and delete the picture...
No, I'm not paranoid. Why do you ask?
Questionable simplicity (Score:2)
Okay, so i don't know a lot about this tech. But since email is email, how exactly is this going to work?
You are essentially sending a formatted text file, so how will you actually do this? The mail is no longer on your server once you send it.
So that leaves the mandatory questions from people like me who doesn't know: Gmail only? Bully Mozilla/Microsoft into complying? A forgotten standard feature used to create destructive emails?
And again, the same with
>The feature also prevents recipients from forwar
Re: (Score:3)
The mail is no longer on your server once you send it.
Like everyone with something similar has done it.
When you e-mail someone.... If the recipient is a non-Gmail user or an IMAP or POP3 user:
It's going to send them a message with an annoying link instead of the actual E-mail content.
The annoying link will refer back to a "Confidential Message Viewer" hosted on Google's servers.
It will probably prompt you for the secret code and then use Javascript to render a JPEG of the
message text on a HTML5 c
Re: (Score:2)
The mail is no longer on your server once you send it.
Like everyone with something similar has done it.
When you e-mail someone.... If the recipient is a non-Gmail user or an IMAP or POP3 user: It's going to send them a message with an annoying link instead of the actual E-mail content.
The annoying link will refer back to a "Confidential Message Viewer" hosted on Google's servers. It will probably prompt you for the secret code and then use Javascript to render a JPEG of the message text on a HTML5 canvas using WebGL GPU rendering in a manner where the Operating System won't see the content, or so screenshot shows a black screen generally, and then use Javascript hooks to block access to select or access Context Menus; Who knows, maybe they've implemented some special CSS directives in Chrome to allow the web page to restrict the browser commands that could otherwise Print a copy of content.
Dang ... I might sprain my wrist or something taking my phone out of my pocket and taking a shot of the screen.
Re: (Score:2)
Dang ... I might sprain my wrist or something taking my phone out of my pocket and taking a shot of the screen.
Yes.... Capturing a picture of a short message won't be a problem.
I'm concerned about what happens when a contact gets "In the habit" of sending
messages routinely using Confidential Mode to "Protect themselves". It's a small
annoyance, but it still is an annoyance.
Also -- one of the problems with a camera picture; is this doesn't include Metadata and
provably link the content of a speci
Re: (Score:2)
Great --- so I can set up a filter that answers automatically with "dear sender, could you please send me a real e-mail? I'm not going to look at this crap".
Re: (Score:2)
and then use Javascript to render a JPEG of the message text on a HTML5 canvas using WebGL GPU rendering in a manner where the Operating System won't see the content
So what are visually impaired people that rely on screen readers supposed to do?
If you can read it, you can save it. (Score:3, Interesting)
Re: (Score:2)
I will actively seek ways to bounce such emails at my employer and my own domain servers. It violates record retention and other legal requirements.
Re: (Score:2)
So this will be the weapen of choice (Score:2)
sure (Score:5, Funny)
Re:sure (Score:4, Funny)
It’s coming to their business suite? (Score:2)
I’m assuming admins can disable it, given records retention policies...
Re: (Score:2)
I’m assuming admins can disable it, given records retention policies...
Some places I've worked retention policies worked the other way. You were against policy to keep an e-mail for more than X time frame. (3 months one place, 1 year another). When you work at a bank, e-mails are a potential liability.
Re: (Score:2)
In my case, I work at a public university in a state where emails from state employees are considered public record - so I'm guessing we won't be seeing this "confidential mode" anytime soon.
In any case, I use IMAP with Google mail because the web interface sucks (compared to a desktop mail program).
Re: (Score:2)
In my case, I work at a public university in a state where emails from state employees are considered public record - so I'm guessing we won't be seeing this "confidential mode" anytime soon.
In any case, I use IMAP with Google mail because the web interface sucks (compared to a desktop mail program).
They asked us to delete all our e-mails (and did it for us if over a certain date); but everyone I knew, kept a copy of all their important emails saved to their desktops.
Re: (Score:1)
Hillary and the DNC rejoice (Score:2)
Your mission, if you choose to accept it... (Score:2)
Re: (Score:2)
I just wish my phone wouldn't burst into flames along with it.
Re:Your mission, if you choose to accept it... (Score:5, Funny)
I just wish my phone wouldn't burst into flames along with it.
Samsung Customer?
Re: (Score:2)
Srsly... dead G bits go to heaven (Score:2)
Not even GOOG have access to them once they self-destruct.
That doesn't mean no body does...
Priority Queue? (Score:2)
NYSINYD... (Score:1)
Sorry did I say that? You've got an email from me saying that I did? Clicks unsend/delete email. Surely you're mistaken!