Does Gmail's 'Confidential Mode' Go Far Enough? (engadget.com) 160
Last month, Gmail's big redesign became default for everyone, changing up the aesthetic appearance of the email service and introducing several new features. One of the key features, Confidential Mode, lets you add an "expiration date" and passcode to emails either in the web interface or via SMS, but not everyone is so trusting of its ability to keep your private data secure. "Recipients of these confidential emails won't be able to copy, paste, download, print or forward the message, and attachments will be disabled," notes Engadget.
The Electronic Frontier Foundation (EFF) doesn't think this new mode is secure at all. It's not encrypted end-to-end, so Google could read your messages in transit, and the expiring messages do not disappear from your Sent mail, which means they are retrievable. What's more is that if you use an SMS passcode, you might need to give Google your recipient's phone number. Because of these reasons, Slashdot reader shanen doesn't believe the new feature goes far enough to secure your data. They write: [M]y initial reaction is that I now need a new feature for Gmail. I want an option to reject incoming email from any person who wants to use confidential mode to communicate with me. Whatever conspiracy you are trying to hide, I'm not interested. So can anyone convince me you have a legitimate need for confidential mode? The main features I still want are completely different. Easiest one to describe would be future delivery of email, preferably combined with a tickler system.
The Electronic Frontier Foundation (EFF) doesn't think this new mode is secure at all. It's not encrypted end-to-end, so Google could read your messages in transit, and the expiring messages do not disappear from your Sent mail, which means they are retrievable. What's more is that if you use an SMS passcode, you might need to give Google your recipient's phone number. Because of these reasons, Slashdot reader shanen doesn't believe the new feature goes far enough to secure your data. They write: [M]y initial reaction is that I now need a new feature for Gmail. I want an option to reject incoming email from any person who wants to use confidential mode to communicate with me. Whatever conspiracy you are trying to hide, I'm not interested. So can anyone convince me you have a legitimate need for confidential mode? The main features I still want are completely different. Easiest one to describe would be future delivery of email, preferably combined with a tickler system.
Comment removed (Score:5, Insightful)
Re:How does gmail's new "confidential mode" (Score:5, Informative)
Re: (Score:2)
That's why Google is a failing company with terrible ratings! Witch hunt!
Re: (Score:2)
Re: (Score:2)
yeah, this. I posted essentially the same thing. Your post wasn't here when I started typing - but I admit to drinking coffee and didn't get it written very fast. :)
Re: (Score:2)
It's mostly an indulgence. I'm old. :)
Re: (Score:2)
As long as you don't use Google email you do can do anything you want to the message including copying, pasting, forwarding, and pasting.
Re: (Score:2)
That as well. But even if you use Gmail, you can do the same with a bit more effort.
Re: (Score:2)
Maybe I should have said a "tiny bit" more effort, but since I do not use gmail, I can not try it.
Re: (Score:2)
So it doesn't send you to a secure portal if you're not a gmail user? That would be an immediate failure right there. Email contains only a link and instructions but Gmail client interprets and displays it would be so much smarter.
Re: (Score:2)
If I get an email that says I have to go to a secure portal to read the message then I'm deleting the email. It's way too easy for the spammers to copy, especially for initial messages. I also hate using webmail interfaces. That's why I choose to use a mail client application. There is a good solution for sending secure messages that works in many mail applications. No, it doesn't prevent me for copying, pasting, forwarding, or printing but if you want to put DRM on a message to me then don't send me the m
Re: (Score:2)
I'm only describing the type of system that a lot of medical providers use for HIPAA compliance. And it's set up this way specifically because it doesn't require you to set anything up in advance to be able to receive the message.
GMail everywhere (Score:2)
Maybe that is the point. Make this a GMail only feature. Only works to SEND to a known GMail account, perhaps with a bit of encryption and key held by Google.
Most Android users already use GMail. GMail is growing in corporates, together with Microsoft. Google could probably do a deal with Apple.
Email is the one that got away. Not controlled by any one centeralized authority, or maybe 3. Maybe this is one step in the move to rail that in. EMail should be single server based and controlled, just like F
Re: (Score:2)
Re: (Score:2)
What it does is raise the stakes. It forces the sender to make "screenshot is photoshopped" accusation.
But then, unless the message is CC'd to multiple people at the time of sending, it's not like there wasn't "email is forged" accusation available already, anyway. (While faking full headers might take more effort, unless the adjudicator has access to the mail servers—highly doubtful—they can't be verified against a third-party record anyway.)
Re: (Score:2)
Then it forces the sender to make "the video is edited" accusation. If you don't think a live-stream can't be edited or otherwise faked, you have not watched news broadcasts.
I mean there's a reason PGP was invented. Once there is a properly signed message, it becomes much harder for the sender to deny that they sent the message (because at that point, the only out is "I am too stupid to keep my secret key secure").
Re: (Score:3, Insightful)
How does it stop someone from taking a photo of your displayed e-mail with another device? Even if it somehow stops me taking a screenshot, there's no way from keeping me from taking a shot of the screen...
Uh, I hate to point out the obvious here, but there's not a single end-to-end encryption solution in the world that would prevent this, so it's rather difficult to classify this as mere "theater" without slapping that label on every other form of email encryption.
Re:How does gmail's new "confidential mode" (Score:5, Informative)
End-to-end email encryption is not "theater". Its security assurances do not include prevention of any use by the intended recipient though.
So any claim to be able to control the intended recipient is a big fat lie ("theater"), but most people creating end-to-end email encryption do not make this claim in the first place.
Re: (Score:2)
End-to-end email encryption is not "theater". Its security assurances do not include prevention of any use by the intended recipient though. So any claim to be able to control the intended recipient is a big fat lie ("theater"), but most people creating end-to-end email encryption do not make this claim in the first place.
Allow me to clarify. The vulnerability identified (taking pictures or recording video of the screen from another device) is a weakness that exists in every security solution today, so it becomes rather pointless to identify it as a weakness in this solution.
Yes, Googles implementation is half-assed shit for multiple reasons, but if you were to exclusively count screen capturing from another device (which the parent did), then every security solution is half-assed shit. That was my point here. It's pointl
Re: (Score:3)
I disagree. _This_ solution claims to fix this problem, but it does not. So it is a vulnerability of this system and it needs to be identified here. Other solutions do not claim to fix this problem, so it is not a vulnerability there, but a known limitation instead.
The problem is, in essence, Google lying to its customers about what its technology can do.
Re: (Score:2)
They may state that, but how many people will read it? And Google will know that most people will not.
This is an expert-feature. Offering it for ordinary folks is inviting them to get hurt.
So technically, you are right. But in its actual effect you are not, since we have decided to allow non-experts to use computers.
You think you got a secret? (Score:2)
Mostly wishing I had a mod point to give you [gweihir], but largely for your signature. So far most of the comments seem to be completely missing the point, make that ANY point, of the topic, but at least the confusion about email security is a real concern. I'm not sure I should confess to being the source of the quote at the top... That would make me largely liable for the misdirection of the discussion?
Let me try to clarify the distinction here. Private communication is fine. I don't think you can convin
Re: (Score:2)
Confidential mode is not about securing the email from third party eyes, as with encryption, but securing it's content's usage from the indended recipient's control, as such comparing it's benefits and shortcomings to encryption is erroneous and irrelevant.
Re: (Score:2)
Confidential mode is not about securing the email from third party eyes, as with encryption, but securing it's content's usage from the indended recipient's control, as such comparing it's benefits and shortcomings to encryption is erroneous and irrelevant.
As is identifying taking pictures of a screen with another device, which was my entire point.
That specific vulnerability exists in every security solution today, so it's pointless to label it as a weakness here. Even Google trying to prevent forwarding or printing of content is defeated by this rather simple tactic, just as Macrovision, DVD/Blu-Ray encryption, and many other types of security measures designed to prevent dissemination have been defeated in the past by recording the playback with a differen
Re: (Score:2)
Why do you think the service disables the ability to copy/paste when using this feature?
It doesn't seem at all pointless to point out that google seems to be trying to implement a feature that we all agree is clearly impossible. Why are they doing this? To mislead their customers, I guess?
A deadbolt disables the ability to enter a secured space. 90% of consumer grade deadbolts are vulnerable to lock picking or bumping, and yet not a single manufacturer warns the consumer of this on the package. Why are they doing this? To mislead their customers, I guess?
Truth in Advertising is probably the biggest lie we've ever been sold. At the end of the day Google doesn't care about the "we" here, because we represent the 1% who care about this. The other 99% of their customers don't care, mainly be
Re: (Score:2)
They're trying to send DRM'ed E-mail. I absolutely despise this idea, because the most likely uses are (1) Extorting or bullying people, Or (2) Attempting to send messages regarding an illegal act and making sure the recipient doesn't keep evidence to use against the sender.
Thus... I want a way to BLOCK confidential mode e-mail and ensure it gets rejected.
Re: (Score:2)
Geekmux doesn't understand the difference between this and general IP encryption? Wow.
", there's no way from keeping me from taking a shot of the screen..."
I was talking about the specific vulnerability identified.
Read and comprehend next time, moron.
Re: (Score:2)
Before calling people morons and telling them to read and comprehend, you might first try to read and comprehend what you are writing. Your exact words were
it's rather difficult to classify this as mere "theater" without slapping that label on every other form of email encryption.
If you meant to say "every other form of self destructing email" or something along those lines, then you are absolutely correct. Every single service that offers a self destructing email is also theater. However, that is NOT the words you chose to use. The words you chose made it appear you couldn't comprehend the difference between ordinary encryption
Re: (Score:2)
Before calling people morons and telling them to read and comprehend, you might first try to read and comprehend what you are writing. Your exact words were
it's rather difficult to classify this as mere "theater" without slapping that label on every other form of email encryption.
If you meant to say "every other form of self destructing email" or something along those lines, then you are absolutely correct. Every single service that offers a self destructing email is also theater. However, that is NOT the words you chose to use. The words you chose made it appear you couldn't comprehend the difference between ordinary encryption (which is a valid feature which generally performs as advertised) and this stupid self-destructing email.
First of all, here is actually what Google claims on this specific vulnerability, confirming they're not really claiming to protect against it either:
"Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
As far as the verbiage, I should have obviously clarified further to avoid the nitpicking. In reality, it doesn't really matter what service we're talking about. Ma
Re: (Score:2)
Wrong. Other forms of encryption only offer to keep you email private in transit from you to the recipient. I'm not aware of any others that suggest they can make the email disappear from existence.
I was referring to the specific vulnerability identified, which was taking pictures of a screen, which is irregardless of the purpose of the security (end-to-end or "confidential" mode).
My point was it's difficult to label THAT as a weakness or "theater" in this solution because every service is vulnerable to it.
And yes, Snapchat tends to advertise their "disappearing" act when it comes to private messages and videos, and yes, even they are vulnerable to this.
Re: (Score:2)
You're being stupid lol. Google is the one claiming it's possible, and it IS theater obviously because there's no real way to stop people from capturing something sent to them. To compare it to general end/end encryption is just obtuse. End/End encryption works as advertised for its role, is not theater. You can admit you misspoke or made a dumb comparison or you can't admit it. I don't care, it's dumb either way, but you have an opportunity for self-correction...
As someone else has already pointed out, this is actually what Google states on this:
"Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
Google is not stupid. The average Google user may be, but Google knew damn well they would get flak from this, hence the above discliaimer.
And yes, every other type of similar service (end-to-end or anything like it) is vulnerable
Re: (Score:2)
Every other service doesn't claim to not be protecting against it. That's why this service, which explicitly has the selling point of "recipients won't be able to read the shit you send them" is security theater. Here's an idea: don't send people you don't trust important data. Problem solved.
Here's another idea. Actually read what Google says about this. You'll find they're really not claiming it either.
""Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
Re: (Score:2)
Irregardless isn't a word. It's a blunder.
Regardless of the blunder, my point still stands. Here is the fine print regarding this specific vulnerability, which tends to confirm they're not really claiming they can protect against this.
"Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
Re: (Score:2)
You're conflating two completely separate deficiencies with Gmail's "Confidential" service.
End-to-end encryption prevents eavesdropping. Many systems do that. Gmail's apparently doesn't, though it certainly could. That is Problem #1.
The screenshot / behavior that OP mentioned is about what the end user (for whom the message is decrypted at the endpoint) can do with the data. Gmail's service can only stop the most rudimentary forms of data preservation - and, you're right, no system in the world can stop screenshots and even screen photos. If the user can see it, the user can persist it.
The point is that *systems should not promise what they cannot deliver*. Gmail's system suggests a form of protection that it does not and cannot offer. That is Problem #2.
Problem #3: The fine print:
"Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
Even Google is not claiming they can protect against this. Google's end goal here is rudimentary, because that is really all it takes to be fairly effective for 99% of their customers. (It's also rudimentary because as you stated Problem #1 exists when it doesn't have to)
As far as misle
Re: (Score:2)
Problem #3: The fine print:
"Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments..."
Even Google is not claiming they can protect against this. Google's end goal here is rudimentary, because that is really all it takes to be fairly effective for 99% of their customers. (It's also rudimentary because as you stated Problem #1 exists when it doesn't have to)
As far as misleading consumers, deadbolts are advertised and sold as a device that prevents theft, and yet 90% of them can be defeated with lock picking or bump keys. Millions are sold every year, and yet there's not a single label on any package that warns the consumer of this vulnerability. This is also an example of rudimentary protection being good enough for the overwhelming majority of consumers. If you were to ask a person if a skilled locksmith could defeat their deadbolt they would say "yes, most likely". If you asked a consumer if a skilled hacker could defeat "Confidential" mode they would probably say the exact same thing. Between this reality and the fine print above, it's hard to label this as deception.
Google also used the lowest form of data classification used by the US Government. If they advertised this as "Top Secret" mode, then it would probably come across as far more deceptive. "Confidential" tends to imply rudimentary or basic protections.
Just because they are able to get away with using fine print to disclaim any and all responsibility, and just because the general public is too stupid/lazy to care about security and will just accept "good enough" rammed down their throats, that doesn't make Google's claims any less deceptive. You consider this acceptable, and THAT is the real "Problem #1".
If you and every other consumer actually sat and read every line of every EULA you've ever been presented, you might have a point about deception. There's a reason every organization buries this kind of shit in the fine print. Again, it's hard to label someone guilty of this kind of "deception" when no one is innocent.
Go ahead. Read the fine print. From anything. I can assure you that you will feel deceived in some way.
And the real Problem #1 in society is the level of ignorance and stupidity among th
Re: (Score:3)
Indeed. The idea of a message that destroys itself is ages old. It cannot be implemented securely though. I have gone so far as making physical screenshots with a digital camera to get around it on a device not under my control. (It was a complicated error message, with no regular way to copy it.) This whole thing is a combination of a rather shameless marketing lie and the stupidity of the customer.
Re: (Score:2)
It's not supposed to be secure. The help page even tells you that: https://support.google.com/mai... [google.com]
The idea is to signal to the recipient that they should not forward or print the message. They can circumvent that with some effort but so can you easily copy documents marked "top secret" and "confidential". This feature prevents casual, thoughtless copying.
DRM subchannel (Score:2)
Your Google(TM) DRM compatible phone-camera would have a "do not record" subchannel which picks up a high frequency signal indicating that it should not record the scene.
The subchannel is inserted by the hardware similar to HDCP. Only signed, compliant software with a guarantee from the hardware would be able to read and render the content.
Well, that's the future anyway. Where nobody has analog cameras, and dedicated digital cameras are barely a thing anymore.
Re: (Score:2)
Encryption is Key (Score:5, Insightful)
Every other secure mail service or add-on of which I am aware, Lavabit, Protonmail, PGP add-ons, etc., regard encryption is the very foundation of private email.
Without that there really is no security that really matters.
Re: (Score:2)
But you need end-to-end encryption. Which means your recipient must have a compatible encryption tool. End-to-ISP or end-to-server is not the same thing. Until Google controls every email user, having encryption only for gmail users is short sighted.
Re: (Score:2)
Google thinks they are the world...
Re: (Score:2)
Sure. But encryption gives you some things and others is does not. In particular, there is no way using encryption to prevent the intended recipient from doing whatever they like with an email. Making that claim is just a shameless lie. What they can see and read, they can copy, store, print, forward, etc.
What end-to-end encryption does give you is confidentiality against 3rd parties and authenticity of the sender and these are both critical to have.
Re: (Score:2)
What end-to-end encryption does give you is confidentiality against 3rd parties and authenticity of the sender and these are both critical to have.
Sorry, to be more precise, encryption does NOT provide you with authenticity of the message at all. Signing your messages does and there is no requirement to encrypt for signing a message. I sign all my emails digitally and anybody can still read them. I sometimes encrypt also.
Encryption is done with the public key of the recipient so it doesn't prove authenticity since anybody has access to the public key. Signing is done with the private key of the sender so it does prove authenticity.
Nonsense (Score:4, Insightful)
This is utterly ridiculous bullshit. As long as you can do a screen capture or simply photograph the screen, the recipient can create a record of the email. "Confidential emails" my ass.
Re: (Score:2)
In addition, you can make screenshots on OS level, and you may even be able to do a direct copy on browser-level, depending on the browser. Browsers are not able to secure things they display. They can just make copying minimally harder.
Re: (Score:2)
They allow IMAP and POP with this feature? That is even more stupid that I excepted from Google. With that, they cannot even prevent accidental copying and forwarding.
Re: (Score:2)
Hillary and her staff ... (Score:3, Funny)
lol (Score:1)
>google
>confidential
right, and facebook values your privacy, too
Only prevents phone thiefs (Score:1)
The "confidential" mode only prevent someone who stole your unlocked phone from reading those particular messages.
The contents of your messages is available to Google and U.S. intelligence services for years, and the metrics collected from the messages will be stored and available forever.
This doesn't apply to just your gmail account, but every single account added to the GMail app, because that's how it's built, to collect information on you.
Don't think for second that you have private communication when y
Re: (Score:2)
Indeed, this is for somebody trying to prevent their nosy spouse from discovering they are having an affair, nothing more.
Re: (Score:3)
Interesting that the only comments that so far have struck me as substantive are from the senior citizens. I've been searching for any HINT of a good reason for this new feature. You [jimbo] mentioned another of the bad "reasons", but there are LOTS of them. I already addressed your focus more substantively in my longer comment above, but I'm just going to repeat my proposed solution here:
If anyone EVER sends me a confidential-mode email, then the first thing I will do is take a picture of it. If the email
Who cares? (Score:2)
How are you going to complain about a fee service? Don't use it if you have a problem with the features.
Re: (Score:2)
Well, it's going to get my phone number into Google's hands, together with my email. That's going to let them link a lot more data to me.
Re: (Score:3)
If I ever got a mod point, I think I'd give you a funny for the typo. Or was it?
The problem with this confidential-mode service is NOT that I will never use it. The problem is that OTHER people will use it so they can accuse me of being a liar. If you can think of any legitimate use of confidential-mode email, then I'd be interested in hearing it. I think there are justifications for secrecy, but all of the legitimate ones (that I know of) go back to prior secrecy and I haven't found any pretense of justifi
Private server (Score:3)
There are real tangible benefits to running a private email server if you are looking for more privacy for your email.
That is, unless you are in a government job.
Re: (Score:3)
There are real tangible benefits to running a private email server if you are looking for more privacy for your email.
Very true, but today's generation gets really offended when you ask them to pay for services like email and social media. It's against their religion or something.
That is, unless you are in a government job.
I dunno about that. Seems to have worked out just fine for Hillary Clinton. Got away with doing exactly that for years.
Re: (Score:3)
Actually? The reason she "got away with it" (wasn't prosecuted) was because hundreds and in fact thousands of other similarly positioned officials also did, including Jeb Bush, Colin Powell, and... https://www.nytimes.com/2017/0... [nytimes.com]
Rules for using a personal email server are well-established, as are the rules for sending classified data.
She got away with it because she destroyed evidence of the latter, which should have been plenty to prosecute.
Also, let's be realistic. She got away with it because Bill "Tarmac" Clinton stepped in.
Re: (Score:2)
There are real tangible benefits to running a private email server if you are looking for more privacy for your email.
Depends on who you want privacy from. Running a secure mail service is very very hard, and almost everyone who claims that they can do it are terribly wrong. I say this as someone who ran private mail servers for decades.
Re: (Score:2)
I have been doing that forever. Also prevents creeps from reading my email (well, on my side at least) and putting ads in it.
Exactly (Score:5, Insightful)
If something can be read with the bare human eyes, it can be copied, pasted, downloaded, printed and forwarded because it can be as easily captured by any digital camera, OCR'ed and reused any way you want. From the look of it Google's implementation and wording are clearly a sham or meant for hillbillies.
Protonmail fares much better in this regard (real encryption and self-destruction beyond the expiration date) and they don't claim your recipient will not able to download or copy your message.
Re: (Score:3)
Self-destructing email is not implementable, unless you have full control over the receiver. Yes, that means they get searched for cameras before they are allowed to read email. But the idea is pervasive in bad spy movies and hence lots of stupid people keep asking for it. That is likely why Google implemented this fake security measure.
Will no one rid me of the meddlesome gmail? (Score:2)
You again? I think I've already addressed some of your points in the longer reply above, but here I want to rehash the problem with the private email thing...
Most people do not want to spend the time required to setup and maintain their own email server. It's actually a different kind of network effect. I've already addressed (though it was in a reply not addressed to you) the network effect of more users, which is why Gmail seems valuable to the google in the first place. However the private email server i
Re: (Score:2)
You again? I still have no clue what you are talking about, so I will ignore you now.
I also reject encrypted email (Score:2)
Every time I've received an encrypted email, I have regretted reading it. In general, the person who was really paranoid about people reading his email was really paranoid in general. So, years ago I made it my personal policy to reject them.
Re:I also reject encrypted email (Score:5, Funny)
Re: (Score:2)
Why do you even have a public key [key-server.io] posted on a key server, then?
Re: (Score:2)
Don't you do a lot of advocacy work that requires coordinating with lawyers? Aren't lawyers using encrypted emails?
Re: (Score:3)
Aren't lawyers using encrypted emails?
Generally no. And I wish I was even kidding about that, in most cases unless it can be all wrapped into one nice little ball most don't want anything to do with it and still prefer dead-drops for anything important.
Re: (Score:2)
So it's a simplicity of GUI issue? Or it's a key management issue? I'm just curious what the exact pain points are, and why they aren't solved yet./p.
Re: (Score:2)
The AC hit every single point. Hell the company I work for, there was a serious problems with upper level management and executives refusing to do so because "it's too complex." It absolutely has to be to the point of being seemless and not seen for them to use it. Just think on the bit with passwords, it's easier to use a FOB or FOB+biometrics in many cases because these people will use phrases that are easy to crack, or simply write them down.
One case I remember, and this was a government office for a
Re: I also reject encrypted email (Score:3)
Re: (Score:2)
The phone calls are all recorded, and voice recognition technology makes them just as searchable as text. Better to have a face to face meeting. In a bunker.
Re: (Score:3)
Re: (Score:2)
The law firms who are my clients don't encrypt anything except the occasional PDF. Instead, they add nonsensical boilerplate to their signatures.
A few days ago I sent a message with some questions in it, and the response came as a scanned image of my message with the attorney's hand-written notes scribbled onto it, embedded in a PDF. On the upside, the nonsensical boilerplate was absent. :-)
Re: (Score:2)
-----BEGIN PGP MESSAGE-----
owE7HZzEEF25rNJZPTc/T8GpqDQ5VUchL79EIbUstahSIb0gXaG0OLVIIbNYoSCx
KDEvPzNFT0EhPDGzREchJV+hMr9UISM1sQhI5GQm5xeUpBYV23MBAA==
=11ux
-----END PGP MESSAGE-----
Re: (Score:2)
More seriously, I guess that explains why your gpg keys are all revoked:
gpg --list-keys perens
pub 1024R/2C1FBBB2 2014-06-16 [revoked: 2016-08-16]
uid Bruce Perens
pub 1024R/F6599E8D 2014-06-16 [revoked: 2016-08-16]
uid Bruce Perens
But not all gpg users are paranoid and into conspiracy theories and whatnot.
Re: (Score:2)
Re: (Score:2)
It seems some people have more sane friends than you. I never had that problem. Of course, I am not a public figure in any way, and that helps.
Re: I also reject encrypted email (Score:2)
Re: (Score:2)
Well, yes. Blocking encrypted emails from _those_ people makes sense. It is not a very common use-case though.
Re: (Score:2)
WOW. Are you the famous person with that name? Surprised to discover that I haven't read any of your books, but I'll check the local libraries now... (Too bad. Only one, and not in English.) (But I'm sure I've read some of your articles or stuff on the Web.)
Mostly reacting in surprise that you reject encrypted email, even though that is what I'm advocating (at least as a user option) for confidential-mode email. I actually think that people who want to send confidential-mode (or encrypted) email should be f
Re: I also reject encrypted email (Score:2)
I'm dreaming of a better email system, just... (Score:2)
Actually in the case of public figures, I'm still advocating for "celebrity" email. I think of it as a kind of mailbot for the dual of the spammer problem. Spam is a horde of fake senders with fake messages, whereas a public figure may face a horde of real people with real messages.
As it might work in your case, the incoming email would be parsed searching for obvious topics and even the sender's sentiments about those topics. That analysis would be bounced back to the sender as a webform for confirmation o
Phishing and Countermeasures (Score:2)
By the way, I'm just finishing the book Phishing and Countermeasures by Jakobsson and Myers. About 30 pages left out of 700, and largely concerned with email and the security thereof. And pretty much obsolete before the ink dried, but I needed some light summer reading. Why mention it? Partly for the cred claim, but upon reflection I think it's mostly to ask for a more up-to-date reference... I think you're still at the leading edge of these things, so...
How do you keep up?
Re: (Score:2)
You forgot my protestations against cryptocurrency :-)
How about a screenshot? (Score:1)
Re: (Score:2)
Please describe a secure email system which will not be defeated by a screenshot or camera.
Re: (Score:2)
Very simple: It includes a big nasty person standing right next to you when you read email. This person also does a strip-search before you are allowed anywhere near your email and takes away all your devices. Unfortunately, this is not fully secure either. Somebody with the right kind of memory could just memorize the email and type it in again later. So that big, nasty person needs to hit you on the head periodically to clear your memory.
Beyond that, nobody has ever come up with anything that works. Crypt
Don't use email for confidential comunication. (Score:2)
Is it that hard to conceive?
Any electronic communication is intrinsically unsuitable.
On either end there needs to be a moment when the information is plain text readable, thus copyable, thus insecure.
If I can gain control of your end device, I can read it.
Even DHT (and similar) are unsuitable for the same reasons. Maybe you get "in transit" confidentiality. But just that.
You'd better meet your correspondent in a crowded and noisy place, change position frequently and talk by whispers while covering your mou
E-Mails are almost by definition ... (Score:2)
... anything other than confidential.
Wether Googles "confidentiality mode" is sufficient or not is to a larger extent probably a very silly question to ask, IMHO.
Missing feature! (Score:2)
Thanks again!
Proving the negation? (Score:3)
As one of one of the instigators of this discussion, I'm kind of disappointed... So let me try to summarize.
There seems to be an extremely strong consensus that confidential mode is a bad idea badly implemented. I would go farther and count it as more evidence of the increasing badness and evil of the google, but there wasn't much discussion along such lines and assigning the blame doesn't matter too much anyway. This is a bad feature that keeps rising from the grave like any good zombie.
I was unable to detect (in this discussion or anywhere else) any good reasons for this feature. Absence of evidence is not proof of absence, but if anyone does have a good reason for confidential mode email, then I hope you will share it. I'll continue searching the discussion (until it expires in a day or two), but obviously I'd be more likely to find your "good reason" if you reply to this comment...
My first suggested solution was a way to reject incoming confidential-mode email. Some people seem to agree that would be good, but no one (whose comments I found here on Slashdot) actually pointed at a way to do it or at a way to persuade the google to give us that option. I would also count it as a solution if someone knew of and told me about a full-featured email system with the option (and I even consider this feature bad enough to justify the large effort of leaving Gmail).
My second proposed solution is a sabotage pledge to subvert the intended confidentiality of any such email I do receive. Again, no local support, but now I wonder if it matters. I've realized that this feature may be doomed to disaster. Some people are going to take those obvious pictures of the confidential-mode email, and at some point the google is going to get dragged into a hefty lawsuit that may help the google realize the error of its ways. Kind of a shame that #PresidentTweety doesn't use Gmail, but I hope this feature persuades him to start. (Since the orange topic came up, I can't resist a link to this hilarious new music video and tribute to Aretha Franklin: https://www.youtube.com/watch?... [youtube.com])
Re: (Score:2)
This is a bad feature that keeps rising from the grave like any good zombie.
Well, that is something I can agree to. I blame the self-destroying recorders in "Mission Impossible" and the like (they do not work either) for the broken idea that you can make any message be transmissible only over one hop. The reality is that this is against the very nature of data transmission and that any message, even analog, can be copied and passed onward with the right equipment.
That Google offers this, even with (apparently) a claim in the documentation that this is only to prevent accidental co
Re: (Score:3)
One excellent use case for this feature is to make it much easier to classify the email you want to read from someone's mailbox using it instead of having to dig through all their email to find the juicy bits.
So for Google Mail Administrators, for example, they can focus their reading time on people's confidential mode emails and ignore the rest, which is probably mostly spam anyway. See how useful that is?
That's a great idea for the FBI (Score:2)
I know you're being tongue in cheek and I might even give you the funny mod point if I ever got one to give, but you managed to hit another interesting note...
If I were a nosy and intrusive government agency with a FISA court to appeal to, I would go for a blanket warrant on this feature, starting with a less intrusive meta-information version. "We don't wont to look at their email yet, but we just want to know who is using this feature so we can check the names against our other lists to see if any of them
Irony (Score:2)
This could only be more ironic if it were Yayhoo doing it.
So basically it doesn't go far enough (Score:2)
... or better put - doesn't even come close to the stuff that ensures privacy and anonymity, as opposed to, say, the many good suggestions in the great Intercept's tutorial for anonymous sources [theintercept.com].
This makes you wonder if Google purposely created such a feature at the request of US authorities, in order to trick unsuspecting whistleblowers (and yes, criminals too) into a system that is already compromised and gagged by default. The OP does raise a relevant problem - we need a feature to prevent retieval, hell
Confidential mode crap (Score:3)