Gmail's Confidential Mode Will Be On By Default For G Suite Users Starting June 25th

Google's new confidential mode is rolling out to G Suite users and will be turned on by default starting on June 25th. Personal account holders have been able to use this feature since Gmail's mid-2018 redesign, but Gmail users at work have not.

"Confidential mode is a powerful tool that will come in handy at work if you send messages containing sensitive details," reports The Verge. "It lets you set an expiration date for your message, which cuts off access when that day arrives. While the message is available, recipients won't be able to forward your message to others, copy its contents, or download it, and the sender can revoke access at any point. To add another layer of security, you can set the message to only unlock after the recipient types in an SMS verification code that's sent to their phone number." Slashdot reader shanen reacts: Apparently the Google of supreme evil has decided they need to try to force this confidential-mode email down people's throats. I think that's actually a gigantic business opportunity for Outlook, assuming they actually want to offer a superior email system. The fundamental premise of confidential mode is "We want to communicate with you, but we don't trust you," and my fundamental response is GFY. The ONLY thing I want is an option to reject all confidential-mode email. (However, I'm sure Microsoft is too evil to offer that option because they don't trust their own employees and have to eat their own poison dog food.)

(Well, actually there are several other improvements I want from email, such as a bounce for no-reply email.)

Hopefully the NSA will still have a copy though

[0111 1110]

I only use Gmail to send fake emails about fake terrorist plots against US targets just to fuck with the NSA. Surely these 'sensitive' messages will be even more likely to be scrutinized by Google's NSA team. So it's an even better place to talk about your plans for nuking the NSA offices. I start all gmail correspondence with "Dear NSA and others:"

Re:Hopefully the NSA will still have a copy though

[shanen]

That is a real issue (and I'd probably give you an "interesting" if I ever had a mod point to give), but it also applies to any use of encryption. The presumption of the question "What do you have to hide?" is that you're obviously guilty, guilty, GUILTY.

Then again, you can actually turn this presumption on it's head as regards the default use of CM email. What do the senders have to hide?

However, I actually think that the "motives" of most corporate cancers are relatively pure, where pure is defined in terms of making more money. They are soulless machines and they don't care at all, don't even have motives, just employees and wage slaves.

However what is offending me about this is the presumption that the recipients of the email can't be trusted. This is now the fundamental relationship between the corporations and the miserable human beings they hire. If you don't trust me, then I don't trust you and I do not want your email. Ever.

Two more aspects have occurred to me: The attack on human memory and the fundamental flaws of CM email that isn't confidential or secret in any meaningful sense. But rather than append those aspects here, it seems better to search the rest of the discussion...

Hard nope

[fulldecent]

The email Google sends to domain admins explains how to opt out. I did it, it was pretty simple.

Re:

[Anonymous Coward]

The email from Google seems only to indicate how for G-Suite admins. Because other orgs can GFT, perhaps.

Regardless, a smart person over on Reddit found a header X-Gm-Lockout [reddit.com] seems to be added to Conspiracy Mode messages, so it's possible to reject if you want to.

Re:

[phantomfive]

What's wrong with it?

How to confidentialize email!

[shanen]

Are you asking what's wrong with the entire idea of CM email or what's wrong with his decision to opt out of it? Or maybe why he thinks "Hard nope" is the answer?

Just on the first branch, what's wrong is that it isn't confidential. They can't stop you from taking screen shots of the email when you are reading it, so it is NOT confidential. Doesn't matter how much they don't trust you, because if you are not trustworthy, then you are going to act untrustworthy and you know it was worth making a copy since it

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Aighearach]

(Again, Slashdotters usually ignore nuance, so spoiler alert: I'm criticizing a technical argument here, not defending this fucked up private email concept.)

Just on the first branch, what's wrong is that it isn't confidential. They can't stop you from taking screen shots of the email when you are reading it, so it is NOT confidential.

It most certainly is possible for them to stop you from taking screenshots although the technique would limit you to supporting only browsers that support DRM.

blah blah fucking blah

If you knew about the "analog loophole" (aka human eyes) you wouldn't have had to write all that horse shit while pretending it was relevant technical analysis.

Re:

[shanen]

You must be talking to some AC? I addressed the "analog loophole" with the "mallet" in the punchline of the joke.

However the underlying foundation of the joke was important for reaching my conclusion about why the google is trying to push this mal-feature: https://tech.slashdot.org/comm... [slashdot.org]

Re:

[shanen]

No, that is NOT a technical argument. It is a lie. Quite a simpleminded one.

I suppose I could apologize for the ambiguity in the first usage of "screen shots"? There are two possible senses, after all. Were you [squiggleslash] unable to read as far as the next paragraph for some reason?

Whatever. This branch certainly appears to have been terminated.

Re:

[shanen]

Do you feel the google was nudging you one way or the other? Any subtle inducements to impose CM email on all of your users?

Perhaps a more interesting question would be "What percentage of postmasters and admins are opting out?"

Then again, opt-out is already a nudge. Most people tend to assume the default is well considered. Just the fact that the google required action to opt out is likely to insure most systems go the other way.

Re:

[gl4ss]

it's pretty common that small business operators only check their stuff about google once a year and pay for it yearly.

this is going to be a disaster.

furthermore, lol, you want to show me something on my computer but don't want me to be able to make a copy of it? it just doesn't work mate. it just doesn't work.

Re:

[shanen]

Actually it could sort of work if the google could monopolize email. This line of analysis helped me reach my "anti-freedom" conclusion on this topic: https://tech.slashdot.org/comm... [slashdot.org]

Available for the user, if they want it.

[robbak]

Enabling it allows the user sending an email the option of sending a 'confidential email' - which means, and email that requires the person receiving it to jump through hoops to read, before copying all the contents and sending it back to the sender as a reply, so the contents can be properly documented.

Re:

[Aighearach]

Yeah, I already have to tell people, "No, no, you didn't actually tell me anything, I can only hear that you have something to say. You have to email it to me so I can consider what was said, not only today, but also in the future."

Now I'm going to be sending a bunch of, "Your attempt to communicate some restricted message to me has failed. Please include the content in a regular email. If the content is confidential and you're uncomfortable sending an email, please send a registered letter via the Unites S

NOT the worst feature ever?

[shanen]

I feel like I need to clarify that I don't think CM (confidential mode) is the worst feature ever for email, though it does annoy me greatly. I think the worst feature is probably the assumption of good faith in the original RFC for SMTP. That's where the spam comes from.

Having said that, now I wonder if there is some way to force the scamming spammers to use CM email? Combine that with my proposed feature to reject all CM email and the spam problem is solved, too.

P.S. Yes, I'm assuming that you should not be able to send CM email from an email address that can't receive the bounce message for sending CM email.

Or in honor of Alex Trebek of Jeopardy, maybe I should word my answer in the form of a question: "What is the worst feature of email?"

ADA isses with blocking copy its contents

[Joe_Dragon]

ADA isses with blocking copy its contents. They can't block screen readers.

Re:

[shanen]

Another good point. Plus the use of the screen reader defeats my "How to confidentialize email!" reply. Just having cameras watching someone listening to the email can't insure that the screen reader's voice isn't being recorded.

Of course it's easily solved with another Godelian escalation. Strip searches before the blind people start using the special CM email computer. Make sure they aren't wired.

(I'm just waiting for the humorless trolls who can't see the joke... Blinder than the people who need the scre

Re:

[Aighearach]

When your jokes include ribs at the blind, maybe you should just stop foisting your psychopathic humor on people, and stick to the facts?

Re:

[shanen]

I am not attacking the blind. Much of my career was spent helping blind people access the Internet. Confidential-mode email is not confidential in any meaningful sense.

Those are facts. Plus the fact that you appear to be some sort of troll and the fact that this branch of the discussion seems to be terminated.

Re:

[Aighearach]

ADA isses with blocking copy its contents. They can't block screen readers.

With news sites that rely on JS, if you turn off CSS the content will display, because that is how the comply with ADA!

In Firefox that is View->Page Style->No Style.

Turns a blank page into the content you wanted!

Presumably they'll have to do something like that here, too.

No problem

[jabberw0k]

you can set the message to only unlock after the recipient types in an SMS verification code that's sent to their phone number

My Western Electric Model 500 telephone does not receive SMS messages. I was not planning to read your email anyway. Have a nice day!

Re: No problem

[Salvage]

Huh, that is the same model I have. Small world. (I inherited mine from my grandparents.)

Anyway, this looks somewhat like the enterprise exchange setups I dealt with at some places, which, of course, could only provide such features when everyone involved was using the same server collection. They had various add-ons that handled mail with compatible servers at other authorized enterprise setups, and that blocked mail to addresses that they could not be sure would handle it.

The sites I was at were working o

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Sprite_tm]

To be fair, if you're staring at your screen while doing a phone call, you're doing it wrong. (Okay, there's handsfree mode, but still.)

Re:

[93 Escort Wagon]

To be fair, if you're staring at your screen while doing a phone call, you're doing it wrong. (Okay, there's handsfree mode, but still.)

That’s how my mom uses her iPhone. It’s bloody annoying because she tends to accidentally hang up the call by hitting the wrong thing with her thumb, mid-conversation (although she doesn’t seem to do that nearly as much, lately).

What the hell?

[Kaenneth]

Microsoft Exchange allows DRM locked messages for ages.

Submitter doesn't understand the differences between Clients and Servers, or how e-mail works at all.

Troll that up

[shanen]

'Nuff said. I oppose the "troll" mod on principle, but sometimes principle has to be set aside. Congratulations?

"Conversation" terminated.

Conflicts with duty to preserve

[Todd Knarr]

I'd have to avoid this because it permits the sender to block me from preserving messages that I may have a legal, contractual or ethical duty to preserve. That's not even counting ones where I have a personal requirement to preserve (anything related to HR, for instance, because the point when I need it most is almost always the point where the company would most want it to disappear).

Re:Conflicts with duty to preserve [memories]

[shanen]

Aha, good topic, and I agree with your take on the problem, and it's also a good place to raise the general issue of attacking human memory. My old email has actually become an important part of how I can remember things. "I'm not sure of the details, but let me check my old email."

With this new mal-feature, you can never be sure. Maybe I am getting senile after all? Increasingly looming issue as both of us get older.

More number glomming

[Actually, I do RTFA]

The primary business case for this is to get more phone numbers to link to email accounts, since phone numbers tend to be more unique.

Sounds like a good idea

[Waffle Iron]

So when people see a sensitive "expiring message" that they think they'll want for future reference, instead leaving it safely in their work server, they'll pull out their spyware-infested cellphones and snap a photo of the screen. What could possibly go wrong?

Re:

[shanen]

How can we know what could possibly go wrong unless you specify the maker of the smartphone?

I really miss Nokia. I trust the Finns.

Oh. And good point amusingly made. I can only wish I had a mod point for you.

Easier

[Roger W Moore]

For those of us that access GMail through a server it should be even easier - just switch to POP instead of IMAP and then all our email will be on some local, poorly backed-up and badly secured disk.

Re:

[shanen]

Not sure, but this comment might have contributed to reaching my conclusion, though the route is kind of indirect. I know that you were being rhetorical and humorous with your question "What could possibly go wrong?" However one of the possible answers is quite interesting.

The google could detect that your Android phone is taking a photo of the CM email. They could even go as far as linking the usage of the camera to the precise time when the email was displayed on whatever secure platform they are using to

How?

[Trogre]

So what's the SMTP extension that lets messages expire or be revoked? And will any sane MTAs honour them?

Re:How?

[MadMaverick9]

Why would you need some smtp extension ???

Date: Wed, 29 May 2019 XXX
From: Somebody <somebody@gmail.com>
To: Me <me@some.domain>
Cc:
Subject: test
 
[-- Autoview using /usr/bin/lynx -stdin -dump -assume_charset='us-ascii' -force_html -localhost --]
  Somebody has sent you an email via Gmail confidential mode:
  Gmail logo [1]beep
  This message was sent on May 29, 2019 at XXX
  You can open it by clicking the link below. This link will only work
  for me@some.domain
  [2]View the email
  Gmail confidential mode gives you more control over the messages you
  send. Set an expiration time, disable printing or forwarding of a
  message and more. [3]Learn more
  Gmail: Email by Google
  Use is subject to the [4]Google Privacy Policy
  Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  You have received this message because someone sent you an email via
  Gmail confidential mode.
  Google logo
 
References
 
  1. https://confidential-mail.google.com/msg/<what looks like some base64 data>
  2. https://confidential-mail.google.com/msg/<what looks like some base64 data>
  3. https://support.google.com/mail/answer/7674059
  4. https://myaccount.google.com/privacypolicy?hl=en

bash $ lynx -dump "https://confidential-mail.google.com/msg/<what looks like some base64 data>"
  #[1]home
 
  Gmail logo
  Loading...
  [2]Privacy&#226;&#8364;&#162;[3]Terms of service&#226;&#8364;&#162;Send feedback
  Google logo
 
References
 
  1. https://confidential-mail.google.com/?lfhs=2
  2. https://myaccount.google.com/privacypolicy?hl=en-US
  3. https://myaccount.google.com/termsofservice?hl=en-US
bash $

This is heaven for people who send spam / malware.

People will blindly click on links in emails again.

Re:

[Trogre]

Oh, okay, so it never actually sends the message. It just sends a message with a download link. Damn.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Embrace, Extend

[khchung]

Where have we seen this pattern before, eh?

Re:

[shanen]

Obviously you were referring to Microsoft, but now I wonder if your comment might have been important in triggering my conclusion as described in this comment I prepared some hours later: https://tech.slashdot.org/comm... [slashdot.org]

Good idea, bad implementation

[Anonymous Coward]

As usual, another tech company trying to use a good idea to push a BAD agenda. No one is going to argue against more privacy or security is needed in EMail. What Google neglects to mention at least on something other then burried in some fine print, is their implementation does not apply outside Google. It may not even be legal.

Basically Google is trying to add what would be like redaction in pdf documents. It only really worked in Adobe PDF reader, the content was never removed and made headlines a f

Illegal for many?

[RhettLivingston]

In many defense and other government related industries and government offices, it is illegal not to preserve the email record for several years. How many admins of systems with that type of user are going to forget to turn this option off?

The reason why the google is doing this

[shanen]

After reflecting on the topic for a while I think I've reached a conclusion about what is really going on here. It's possible that this discussion was even helpful, though right now I can't point at any part of it that led me to this realization. I'm going to review the discussion more carefully after I finish writing up this conclusion to see if anyone else has followed the same analytic path.

If google's CM email becomes widespread, then it becomes a lock-in that forces people to use Gmail. Though my tone