Gmail Confidential Mode is Neither Secure Nor Private (protonmail.com) 67
Even though Google launched confidential mode over a year ago, people are still confused about what it does. Is it actually secure or private? Is it encrypted? From a report: When you turn it on, does it prevent Google from reading your messages? The answer to these questions is 'no.' In fact, the decision to call it "confidential" suggests a level of security and privacy that doesn't exist in Gmail confidential mode. Gmail's confidential mode does not mean your messages are end-to-end encrypted. Google can still read them. Expiring messages aren't erased for good, and the recipient can always take a screenshot of your message.
Gmail's confidential mode does not make emails private because Google can always read them. When you send an email with confidential mode turned on, Google keeps the email contents on its servers. Other Gmail users can read the email in their inbox, but outside users only receive an email notifying them that a sender "has sent you an email via Gmail confidential mode" along with a link to a page on google.com.
Gmail's confidential mode does not make emails private because Google can always read them. When you send an email with confidential mode turned on, Google keeps the email contents on its servers. Other Gmail users can read the email in their inbox, but outside users only receive an email notifying them that a sender "has sent you an email via Gmail confidential mode" along with a link to a page on google.com.
It's also not useful... (Score:1)
A lot of companies use something like SendInc. It's almost identical to Gmail Confidential. It allows you to address a message, attach files, and then send it to another user. The recipient can open the SendInc message, download attachments, and print stuff. When the message expires, the recipient can no longer access it to download attachments or print the message.
It makes it handy for sending things like patient xrays to a new dental office for example. It's an easy way to transfer records without us
Re: (Score:2, Insightful)
It does everything above, except it prevents you from downloading/accessing attachments or printing the message
I bet it doesn't.
I bet it just makes the process to do so a lot more annoying.
Re: (Score:1)
Why use insecure e-mail when you can use secure email instead? My e-mail is secure ... why isn't yours? Oh, because you do not have e-mail ... you have someone else's computer system calling itself e-mail over which you can exercise no control. Got it. I understand perfectly.
You think all e-mail is insecure because YOU have chosen INSECURE E-MAIL for yourself and assume that everyone else did as well.
The pox on you, moron.
Re: (Score:1)
Fuck.
Off.
Re: (Score:1)
except it prevents you from downloading/accessing attachments or printing the message.
This is completely and utterly wrong. If a browser can display information, that means it is downloaded to recipient's computer. Whether the user can use data in a way that was not intended to is depending on his/her personal abilities.
That is also why Anonymous Coward feature in /. is wrong and harmful. No computer professional or a geek or anybody with any claim of technical competency can write a message that wrong this recklessly with their name attached.
Re: (Score:3)
Pegdhcp, your parents were really strange to name you that. I've never seen anybody named pegdhcp before. Is it latin? It doesn't seem Japanese, I took two semesters so I know what a Japanese name sounds like. I suppose it could be Portuguese...
I hope you get my point. AC mode is for the karma system. It has very little to do with actually being anonymous, because unless you actually signed up under your name and post your email in your sig, you're still anonymous on the internet. Nobody knows who the hell
Re: (Score:2)
Re: (Score:2)
Does it prevent google from reading your messages? (Score:2)
Re: (Score:2)
Well, in mobile instant messaging platforms (think Whatsapp/Telegram), the client installed in your device *does* encrypt messages to the recipient device's key — Whatsapp is owned by Facebook. So, yes, it *could* mean it is confidential if a similar arrangement were to be used. Of course, it is not the case.
Re: (Score:2)
Re: (Score:2)
No, you cannot be sure. And no, I don't blindly trust or endorse them (nor Telegram, FWIW) - I'm replying to your previous comment. It _could_ affect the ability to slurp your data. It just _does_ not.
Re: (Score:2)
Re: (Score:2)
It would also be entirely possible for Whatsapp to send themselves the encrypted key as well, and then they'd also have full access to the texts. Seems a bit absurd to me, but definitely within the realm of possibility.
Re: (Score:2)
Some people do not understand how the technology works, hence they may believe such a thing. Lets just say this is not going to happen. The only thing that Google really makes money on is targeted ads. These require data and there is no way to prevent google from seeing things that are on their servers.
So what DOES it do? (Score:3)
Re: (Score:2)
It breaks interoperability.
With confidential mode on, gmail messages the non-gmail-users receive will just be a link to an autogenerated gmail webpage. In order to read the message, you will have to follow the link.
So, goodbye to offline mail reading.
Goodbye to mailing lists (and, of course, their archives).
Goodbye to me being able to archive my mails however I see fit.
I hope they backpedal. They might achieve killing email as a multitenant, interoperable communications medium.
Re: (Score:2)
Ack! replied to wrong post. Sorry, gwolf.
Re: (Score:2)
Interesting. That sounds like they want to essentially lock out non-Gmail-users. If I ever get such a message, I will probably simply ignore it.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
- The email self destructs, a bit like Snapchat.
- You can require the recipient to enter a code that is sent via SMS.
- Copy, Forward, etc... are disabled.
It is not at all the same purpose as end-to-end encryption ala ProtonMain. It won't do much against for big, distant threats (state actors, police, hackers, ...) but it can be effective against small, close threats (significant others, coworkers, friends, family, ...).
Examples:
- "Bob, you are invited, but don't let Eve know". Here, Eve is Bob's girlfriend,
Re: (Score:2)
Do that in the government and you end up in prison.
Too easy. Pass.
Re: (Score:2)
TFS just mentions what it doesn't do. I know I'll get a bunch of "LeTs GoOgLe SeLl YoU aS a PrOdUcT" type responses, but what different does confidential mode make?
https://support.google.com/a/answer/7684332?hl=en [google.com]
Which, BTW, clearly explains what it doesn't do as well as what it does, and quite a bit more succinctly and clearly than the protonmail article.
weasel words (Score:1)
When you talk about what something "suggests" you have long left the realm of fact
But this claim is prefixed with "in fact".
Shocking!!! (Score:1)
It's shocking I tell ya!!!
People saying one thing but doing something else instead... Google has learned from the politicians that this is very possible and a solid game plan.
Politicians have been promising the sheeple for a long time that they will solve their problems if they vote for them, and when they get into office, they turn right around and do the opposite. And the people just keep voting for them... and when you call out these morons they come up with every excuse they can think of for how they a
The Callahan difference (Score:1)
"I can shit in a box, and mark it guaranteed, trust me, I've got time, but until then, why don't you buy a quality product from me?"
Re: (Score:2)
People don't understand how valuable this lesson is. Even when they think they know that a warranty/guarantee/promise is only as good as the company backing it up they still blindly trust the words placed on boxes that are clearly intended to deceive.
Duh... (Score:2)
So essentially a marketing lie? (Score:1)
Does not surprise me. That company has an immoral business model and increasingly (excellent!) a problem justifying it.
Time for a warning label (Score:1)
"Studies have shown that the con part in Gmail confidential, is switched on."
Re: (Score:2)
This is a problem with morons not understanding what words mean.
Confidential is an adjective. Just because you call something confidential does not mean that all of a sudden there is security being performed around the document. It just means it is confidential. If the person or system handling it does not care if it is marked as confidential it means nothing for them.
Confidential mode is just a mode, it is the ignorance of the people themselves to "assume" that it "suggested" that additional security or
Re: (Score:2)
""Confidential" has connotations, you're a derp."
That is a "meaningless" generalization. Everything has a connotation. For example the fact that you posted as AC has a connotation that you already know you are going to post trash as exampled by your post.
The problem here is that I bet the connotations you "want" to be applied to the word are different from the ones that "actually apply" to the definition of the word. This is why google and most politicians have to only expend a small amount of effort to
This is why laws need to change (Score:1)
America (and ideally, other nations in the west) need to pass a law that says the the government can read/copy/use any publicly available data, otherwise, they need a warrant. The means that if you send cl
How to handle this. (Score:3)
If you receive a "Confidential Mode" Gmail notification, read the email and reply to the sender that any further Confidential Mode emails will be ignored and that you only accept regular (i.e., non-Confidential Mode) email.
Personally, I use Thunderbird on my desktop to POP my mail and only log into Gmail periodically to empty the Trash.
Just like phishing (Score:3)
"... but outside users only receive an email notifying them that a sender "has sent you an email via Gmail confidential mode" along with a link to a page on google.com."
That describes a large percentage of the phishing emails that come in to us. "Please review the message on onedrive/dropbox/googledocs and respond." "PersonYouDoNotKnow has sent you a secure email, click here to view it."
Our system has filters to reject the common file sharing sites, including google.
Confidential means don't show me these products... (Score:1)
Bouncy solution to confidential mode (Score:2)
If you do NOT trust me, then why would I want to read your email?
All I want from confidential-mode email is to bounce it. As soon as I've made a permanent copy, of course.
Seems to me like this is a gigantic opportunity for someone else to offer a better email alternative. They don't have to copy all the features of Gmail. The option to bounce confidential-mode email would be worth about 50 trivial features.
By the way, I'm betting this obvious statement is not included in the Slashdot discussion: The obvious