Submitted via IRC for TheMightyBuzzard
Google will slowly be rolling out a number of changes for consumer Gmail users and G Suite users. Some of the changes improve usability and productivity, while others are meant to maximize data and user protection. Some of the new security options should help enterprise users meed GDPR compliance needs.
[...] Gmail confidential mode will allow users to:
- Set expiration dates for emails or revoke previously sent messages
- Secure access to the contents of emails by requiring recipients to enter a password
- Restrict the recipients’ ability to forward, copy, download or print emails.
These things will be possible because these emails will not be actually downloaded in the recipients’ inbox, but will be placed on a separate page/window where their content can be viewed, and the email will show that page.
Guess I'll be switching to ProtonMail for my webmail needs, which, granted, are few.
Source: https://www.helpnetsecurity.com/2018/04/26/gmail-self-destructing-emails/
(Score: 4, Insightful) by JoeMerchant on Tuesday May 01 2018, @02:05PM (47 children)
So, they're going to make people take screen-shots of things they want to save. That's.... not evil at all, nope.
🌻🌻 [google.com]
(Score: 5, Insightful) by loonycyborg on Tuesday May 01 2018, @02:14PM (8 children)
Also, nothing stops you from using a modified browser that doesn't honor any restrictions on copy/paste. Hopefully google will at least add an option to opt out of getting such emails in the first place, cause the whole idea is dumb.
(Score: 2) by DannyB on Tuesday May 01 2018, @04:11PM (4 children)
Your browser might not get the message in text format. It could be pixels. I don't know if it is, but just saying.
Of course, you can copy/paste pixels. Take screenshots. Take pictures with a camera that is NOT connected to Google.
Imagine if Google were to recognize that you used a Google device (eg, Android phone) to take a picture of a Gmail Confidential mail, and Google were to delete that photo.
Will Gmail confidential emails allow attachments, such as:
* a video of war crimes?
* the highly anticipated "pee pee" tapes in a Russian hotel?
The lower I set my standards the more accomplishments I have.
(Score: 3, Insightful) by edIII on Tuesday May 01 2018, @07:32PM (3 children)
The whole thing is fucking ludicrous. Only if both parties, sender and receiver, are locked into the Google ecosystem with Google apps, does this even have a chance of working.
Email is Sender -> Sender Mail Server -> Receiving Mail Server -> Recipient. Google at most controls half of it in most situations, and needs 100% for it to actually work. About the same efficacy as read receipts in email.
I've thought of self-destructing messages, but the ONLY way they work is both sender and recipient give up control over their devices and allow a 3rd party complete control. Otherwise, a self-destructing message could be stopped or recovered. That kind of hardware is antithetical to most of us here.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by JoeMerchant on Wednesday May 02 2018, @03:25AM
You can never beat the cellphone picture of the screen, and I see people do that all the time.
🌻🌻 [google.com]
(Score: 2) by TheRaven on Wednesday May 02 2018, @10:06AM (1 child)
sudo mod me up
(Score: 2) by edIII on Wednesday May 02 2018, @07:26PM
LOL, then it's really fucking useless. I understand that on my side of things, I'm just storing an email containing a link. That's no different than some of the file sharing services out there operating professionally, since most mail servers will tell you to fuck off when you try a 250GB attachment.
I don't think people will appreciate it all that much, since a link doesn't remind you about the content. You might not even have a subject line. Which means it's all the more easier to delete it on my end.
As for the obfuscation, anything that makes it more difficult to review, edit, and/or copy the content will just make workflow that much more disrupted. You're correct too, I can still copy and archive the information on my end if I want too. What I predict though, is that this security may prove too disruptive for some users, and they will demand it be resent without protection or the user will opt to not use self-destruct.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by darkfeline on Tuesday May 01 2018, @06:30PM (2 children)
Except your company, who will most likely fire/sue you for willfully violating the GDPR.
Nothing is stopping anyone from taking photos of confidential documents, or someone's health records either (employees have "temporary" access to user data which expires when they leave the company). Except, you know, the law.
Under normal HIPAA rules (and I'm guessing GDPR), it is not allowed to send personally identifiable information (PII) via email because email is considered insecure. This provides a way for companies to actually email you information while complying by any relevant data protection laws.
As an employee that handles PII, you might plausibly claim that you forgot to delete email saved offline on your phone that contains PII, you cannot plausibly claim that you accidentally installed an alternative browser to copy PII out of a confidential email and pasted it into a text file on your personal USB drive.
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Wednesday May 02 2018, @10:04AM
That would be willfully violating the GDPR by sending personal data to Google?
The insecure part is the protocol, not the inbox. Attempting to change what happens after the data lands in the inbox will not change that.
(Score: 0) by Anonymous Coward on Thursday May 03 2018, @09:26PM
> This provides a way for companies to actually email you information while complying by any relevant data protection laws.
No... it doesn't. It's identical to emailing an attachment.
You could "enhance" this by only allowing a single download. But that's not going to stop the first downloader from redistributing, nor guarantees the intended recipient to be the first downloader.
(Score: 5, Insightful) by zocalo on Tuesday May 01 2018, @02:26PM (30 children)
What does bother me about this is that it's ripe for abuse. For recipients on non-Google platforms there's presumably going to be a standard template email that lets them open the Google controlled webpage - which will presumably require scripting be enabled to display the content and try to lock down screen captures, "Save As", etc. for good measure. Yeah, let's have another way to encourage users to click on dodgy links in legitimate looking but fake emails - and one that has time based pressure to respond immediately written right into the spec. Fuck you very much, Google! If we make it though the next week before we see some bad actors starting to emulate these messages to phish, push malware, or just get click-throughs, I'll be very surprised.
UNIX? They're not even circumcised! Savages!
(Score: 3, Informative) by Thexalon on Tuesday May 01 2018, @02:45PM (11 children)
Really? You let your time-critical email links still work after, say, 30 minutes?
The big mistake most people and organizations make with email is thinking that it's a remotely secure communications medium. It isn't, it never has been, and we should not be pretending otherwise.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 3, Interesting) by VLM on Tuesday May 01 2018, @03:21PM (9 children)
My optimistic rose colored glasses interpretation is based on my use of email like a TO DO list and emails (aka to do items) that self destruct when they're no longer useful mean less delete key hitting, which is pretty lame, but emails been around for decades so any attempt to improve is going to be pretty lame little details, so thats appropriate.
In practice, yeah, its going to be annoying and dumb, mostly. Spam for sales that end next Sunday night will have their expiration date set to the year 3000, of course... which might be an interesting auto-deletion flag... hmm.
My wife uses her email like an infinite long historical archive which mostly to me looks cluttered and she likely does not "get" the concept of wanting a password reset email to expunge itself eventually... she'd ask "what if in 2073 I need to know the exact date and time I reset my password as a login security question?"
(Score: 3, Interesting) by JoeMerchant on Tuesday May 01 2018, @03:51PM (8 children)
We're the opposite, my wife gets 10x as much e-mail as I do, but keeps her inbox clean and permanently deletes most e-mail. I presently have 2204 unread messages in Gmail that I bypassed due to uninteresting subject line (I do mass "mark as read" on those every few years), and a 7.9 GB archive going back more than 10 years. If I "had that in an e-mail, somewhere" I can usually find it in my Gmail.
Corporate makes our IT auto-destruct email after 2 years, I'm not actively fighting the policy, but it does occasionally cost the company time/money when I can't find something that would have been valuable if I could have just searched my old messages.
🌻🌻 [google.com]
(Score: 2) by VLM on Tuesday May 01 2018, @04:25PM (5 children)
(Score: 2) by VLM on Tuesday May 01 2018, @04:29PM (4 children)
I was so chill and buzzed I didn't even close my quote tag, huh... F I just got an email from Digikey they're now selling 750 watt RF transistors for 900 MHz ISM apps (or ham apps for me, I guess), clicked thru, damn $315.89 each, I'll get back to you boys on that later, hit delete, ahh, back to inbox-zero chill again
(Score: 2) by JoeMerchant on Tuesday May 01 2018, @05:28PM (2 children)
I generally remember some kind of "seen it before" subject line, and then scan forward from there, opening anything interesting along the way. It used to be that I would scan forward from the last e-mail I opened and if none were interesting I'd open the newest one just to mark it read, but Gmail started this Unread/Important/Everything Else sorting that, sort of, seems to make my un-filtered inbox a little quicker to deal with, if harder to explain the algorithm.
🌻🌻 [google.com]
(Score: 2) by VLM on Tuesday May 01 2018, @05:52PM (1 child)
Well... thats a valid and workable algorithm. But there's a difference between a workable algorithm, and inbox-zero levels of chill that are so chill I don't need legalized marijuana, I just need an empty inbox. Beyond it merely working, is it fun?
With a side dish of I hate seeing a "todo" item sit in there uncontrollably for a long time. On long term average they may be equally enjoyable, although the std-deviation of fun for inbox-zero is almost certainly much higher.
(Score: 2) by JoeMerchant on Tuesday May 01 2018, @07:28PM
My work inbox is currently at 29 unread, and I know that 29 were not really important - just something I thought I might want to circle back to someday.
Then, there are 8 pinned (a MS Office thing), they are usually about future events that I'm too lazy to try to fit into a calendar item. Then there's the calendar - which I was much happier with Google's calendar when I used that at my last company, but they got bought by a big fish and me along with them, so now I use Office 365.
The inbox itself is never "emptied" - I just let them roll out automatically at the end of the 2 year period, and bitch loudly when I'm asked about something that I had in an e-mail 26 months ago.
I find it liberating to be able to accept a non-zero inbox count. A few new ones? Not so different from status-quo, but if status-quo is zero - then it will be perpetually being put into a bad state by trivial junk.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Thursday May 03 2018, @09:28PM
> 750 watt RF transistors for 900 MHz ISM apps (or ham apps for me, I guess),
YES!!!!
> damn $315.89 each
Fuuuuuuck. :(
(Score: 3, Informative) by moondrake on Tuesday May 01 2018, @09:52PM
> If I "had that in an e-mail, somewhere" I can usually find it in my Gmail.
You can?
My biggest complaint against gmail is that it seems to have the most atrocious search functionality that I can think of. I have no idea now to find things in long threads quickly, as the result of a search is the whole thread instead of a message (that thread, in my case, can be 100 mails long). I also have not had much luck with using AND OR or wildcards in searches.
This, ironically, from a company that got big through searches.
I bet they did not improve this functionality though.
(Score: 2) by cmdrklarg on Wednesday May 02 2018, @08:32PM
Man I wish we could do something like that here. Several packrats working here, always complaining about full mailboxes. Even had one fill up a 20Gb archive file. To be fair she does have to deal with a ridiculous amount of email and is pretty diligent about paring it down, but man they keep a ton of history around here. Don't get me started about having to get a microfiche reader working to view some OLLLD pay stubs.
The world is full of kings and queens who blind your eyes and steal your dreams.
(Score: 2) by Wootery on Tuesday May 01 2018, @04:36PM
Agreed. We already have a way of handling this kind of problem: you email a link to a time-limited web page... which, as you say, is exactly what password reset links do.
There is zero value in pretending that my email client works for the sender. It doesn't, it works for me. If it doesn't, it's because it's been vandalised, which appears to be Google's intention here.
There's a whole industry making products that pretend to solve impossible/incoherent problems like this: 'data rooms', intended to enable you to share confidential documents with people you don't trust. Document-oriented file-sharing for the technically incompetent paranoid, with features like 'screenshot prevention' and 'page-level user activity tracking'. Seriously. [datarooms.com]
I hope GDPR doesn't encourage that kind of misguided thinking.
(Score: 0) by Anonymous Coward on Tuesday May 01 2018, @02:46PM
Gmail the new pdf, but with tracking. Facebook have first and sell to highest bidder.
Google, you know the electrons leak information?
(Score: 5, Interesting) by JoeMerchant on Tuesday May 01 2018, @03:38PM (15 children)
One thing I will say for the big red G is that I've never felt the bars of my cage. I've used Gmail as my primary email client since I don't remember when, and I migrated most of my e-mail traffic to my Gmail address a few years later, but... unlike yahoo.com, all the ISPs that want you to use e-mail addresses on their domain, and of course Microsoft, I've never felt locked in to Gmail - there's never been this feeling of "it's going to be a huge pain in the ass to use some other service or tool, because we spiked our service with this poison pill for deserters." The lock-in may be just as real with Gmail, but, as the least locked-in feeling service, they have won my loyalty.
-----
If you love somebody, set them free.
🌻🌻 [google.com]
(Score: 3, Insightful) by DannyB on Tuesday May 01 2018, @04:16PM (6 children)
It's not just the big red G.
Apple loyalists cannot see that from the outside, their "walled garden" looks to everyone else like a prison camp. Complete with barbed wire and machine gun emplacements.
Deliberately incompatible with everything else, except when it is directly in Apple's interest, or need, to be compatible. Like when Apple doesn't really have a choice. Example: in the 1990s you're not going to force iPad users to all use Mac, so you BETTER put iTunes on Windows, reluctantly.
People have long recognized Apple's reality distortion field. Yet nobody says a similar thing about the big red G.
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Tuesday May 01 2018, @06:18PM (1 child)
In the 1990s, Apple's tablet computers weren't called iPad; they were called Newton [wikipedia.org]. They didn't work with iTunes; they worked with the Names and Dates software, which did have Windows versions just as you say.
(Score: 2) by DannyB on Tuesday May 01 2018, @07:01PM
Oh, the difference one letter makes.
I meant to say iPod.
The lower I set my standards the more accomplishments I have.
(Score: 1, Informative) by Anonymous Coward on Tuesday May 01 2018, @07:17PM (2 children)
Have you ever used an apple product? Fairly standard product and works with anything you want to throw at it. Where, exactly, is this "walled garden"? OS X - based on BSD, can compile a bunch of gnu sources to run. Not as proprietary as you state.
(Score: 0) by Anonymous Coward on Wednesday May 02 2018, @10:17AM
What's the official way of installing an app on an iDevice from outside the walled garden[1]?
[1] Includes the App Store, iTunes, Apple developer account, Macs...
(Score: 2) by DannyB on Wednesday May 02 2018, @03:32PM
In the 80's and 90's I was a card carrying Apple fanboy. I owned probably about $15,000 worth of Apple equipment (or more). And that was in 1990's dollars. This was back when Apple was a great company. Innovative. When the rest of the entire computer industry was, as Byte Magazine put it, the history of the microcomputer industry is one big effort to keep up with Apple.
Since OS X, Apple is an entirely different company. I gave it a try. Didn't like. And there was this new Linux toy I became interested in.
A friend offered me a free iPhone in about 2008. Oh, doesn't work with Linux. Must have iTunes and thus Mac or Windows. But I would want to develop for it, so, oh, can only use Mac. And have to pay Apple for the privilege of developing. Have to get blessing from Apple to even install my own code onto my own device. Have to pay Apple annually to put an app into iTunes? No thanks!
Soon I was playing with Android. It used, at the time, and still can, use Eclipse -- which I still use every day. Runs on Linux, Windows, Mac. Uses the same language I already know. In fact a lot of Java technologies and libraries I already know. I don't need anybody's permission to write code. Or to put my code onto my device. Only a one time smaller than Apple fee to put apps into the play store.
As for compatibility. Apple seems, to me, an outsider, to be constantly changing connectors and cables. And the new cables always come with an Apple-high price. Then soon they are obsolete for the next generation of cables and connectors.
Apple systems become obsolete artificially quick. A friend was telling me, some years ago, how the latest Safari browser would suddenly only work on the newest OS X. And the OS X would stop supporting old hardware awfully quick. Before that hardware's time had come. So if you wanted the latest browser, you need the latest OS, and thus new hardware at an accelerated rate. No thanks!
Apple's patent lawsuits didn't put them in my good graces either. Bouncy scrolling. Slide to unlock. You've got to be kidding. In one foreign court Apple argued that Samsung could have chosen not to make their tablet so thin, light, nor with such small bezels. Really? Thin and light weight are now Apple exclusives?
Apple does not play well with others. It seems to me that Apple deliberately introduces incompatibility when possible, when it would not put Apple at a disadvantage.
And why not? Apple fanboys always come back for more abuse! And they seem to love it!
No thanks!
The lower I set my standards the more accomplishments I have.
(Score: 2) by TheRaven on Wednesday May 02 2018, @10:17AM
Apple Mail on both iOS and macOS speaks SMTP, POP3 and IMAP4. There are no features that don't work if you use these. The iOS version sucks, but that's an unrelated issue. Both work fine with any mail server.
Apple's calendar and contact service (which is the back end for their address book and calendar apps on iOS and macOS) speaks CalDAV and CardDAV as their native sync protocol. These are both IETF standards and Apple even released an open source reference implementation. Both my Mac and iPad sync with my Nextcloud install out of the box. Doing the same on Windows or Android requires third-party adaptors (I use DAVDroid on my Android phone).
Apple's Notes app can store notes in any standard IMAP server. The imapnotes2 app on Android interoperates with it, for example.
macOS is certified as compliant with the Single UNIX Specification [opengroup.org] and also implements a number of FreeBSD-compatible extensions (for example, kqueue).
I don't entirely disagree with your assertion, but the caveat 'when it is directly in Apple's interest' to be compatible is a very big loophole: most of the time it is in Apple's interest to be compatible.
sudo mod me up
(Score: 2) by VLM on Tuesday May 01 2018, @04:18PM (1 child)
Also note in the spirit of that story from Best Korea about "only old people use email anymore", email used to be the primary (well, maybe secondary after usenet) form of social media.
But now.. Lets look at my inbox. A kickstarter I signed up for is in spam the interested mode to churn more money, contractor job spam, non-remote employment 300 miles away for less money job spam (LOL as if), one of my mutual funds released a quarterly or a prospectus or some thing similar I should read but probably will not at this time (maybe during rebalancing season, sure). Linkedin told me theres 54000 jobs in my metro area which is about 10% of total employment around here, I bet they send the same spam to literally every member, lame, weak. I got a spam, correctly categorized as spam, for an ICO offer for something that mystifyingly implements KYC banking rules using a blockchain to store the crypto keys for PII in a secure and permanent and confidential manner or something like that. My regional pizza chain is offering a deal on pizza; I eat high carb junk food like once a month so naturally I get three spams from this place per day. Make magazine sent an email with next months printed topics listed today, kinda spoils it, I think, also there's a maker faire a mere 2000 miles away from me that I almost care about, but don't. Elektor magazine is spamming a high end high fi DAC sound card for a raspberry pi for merely ten times the cost of a decent USB sound interface and about the cost of a dedicated small PC, best of luck selling that. Code Academy sent me a spam to learn SQL, would have been interesting in 1994 or so, nothing defines spam quite like poor targeting. Maybe they wanted me to teach the class LOL. USPS sends me, free, daily informed delivery daily digest which is pretty cool feature for snail mail amusingly theres people who STILL claim that someone claiming that the PO takes pix of all mail that pass thru it is a patriot alt-right conspiracy theory retard and I try to tell those dumb asses its not a conspiracy theory because anyone in their delivery area with a valid email address, can sign up for the daily emails with pictures completely for free, which is nice because if its gonna rain when I know I'm getting a package I'll adjust my daily schedule to pick it up before it gets soaked, and heck, its not terribly useful but for what I paid (free) its a good deal, and today the USPS is delivering spam for video service from my local cable company from whom I only get cablemodem service and they're pretty butthurt I'm not watching my USDA recommended dosage of leftist video propaganda or old 1970s shitty reruns or basically in summary they want me to pay for a video signal implementation of manure delivery, so I can enjoy watching it dry or some similar mixed metaphor. Ancestry.com has updated our Privacy Statement with you in mind, whatever the fuck that means, probably they're selling everything they know to everyone except private citizens which is what those things usually mean although perhaps not in this case, who cares.
Now there's some business related stuff in my separate business email account, but everyone on both sides of the discussion knows its all public if there were ever legal issues, and both sides have copies of everything, so we don't document anything "juicy" or interesting. Mostly because most of it is not juicy or interesting, LOL. Wanna see my latest email from Jenkins, its really hot hot hot (no, its not really, unless you think its hot the latest build passed all the unit tests, always nice to see, anyway).
The point of the above text wall being I'm a pretty heavy internet user and there's nothing interesting to secure in my emails, at least not anymore. I would imagine average users have nothing to secure in email anymore. Its just google looking for meaningless feature request bullet points.
(Score: 2) by JoeMerchant on Tuesday May 01 2018, @05:19PM
There's a sliding scale:
company e-mail for least juicy dishes,
company chat or phone system might carry 1 degree warmer topics,
outside company e-mail through company servers +2 degrees,
outside company e-mail through home servers +3,
private phone to private phone SMS +4,
face-to-face in closed office +5,
private phone to private phone while both parties offsite +6,
face-to-face offsite in public place +7,
face-to-face offsite with relative privacy +8.
I don't deal with anything that would require more, but you can start erecting cones of silence, fuzzing windows to thwart IR laser eavesdropping, RF jamming, meeting offshore, etc.
🌻🌻 [google.com]
(Score: 1, Insightful) by Anonymous Coward on Tuesday May 01 2018, @04:55PM (5 children)
You give your loyalty to google?! Ha, ha, ha! And we thought ethonal-fuel was the stupidest one here.
(Score: 2) by JoeMerchant on Tuesday May 01 2018, @05:21PM (4 children)
Using them continuously for 10+ years has to count as some kind of de-facto loyalty. Show me a better, more reliable, convenient and cheaper alternative and I'll be defecting in short order.
🌻🌻 [google.com]
(Score: 2) by c0lo on Tuesday May 01 2018, @10:31PM (3 children)
Get a cheap Web hosting plan and a domain name. Most will come with at least 5 mailboxen on top of which you can POP or IMAP.
Yes, mailing apps on mobile devices will work with mail accounts outside their walls.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by JoeMerchant on Wednesday May 02 2018, @01:13AM (2 children)
I have one, with a domain attached, have had the same one since the 1990s, and I think it comes with 30 e-mail boxes. I used one for years first with Eudora, then Thunderbird, later accessed via Gmail, and eventually I quit using it. I POP3ed with it, IMAPed with it for a while, if you send me an e-mail there I still get it in my gmail inbox, but I think it has dropped to zero traffic by now (still get the occasional wide SPAM barrage that just tries all common names at all domains.com). I gave a few addresses to my wife and a few other relatives, but when Eudora became impractical to continue using my wife moved away from it to Gmail too. I have been overpaying for the website and domain for years, probably could cut my expense in half if I shopped the deal - thought about trying to move it to an AWS free tier node, but... half of almost nothing is still just about almost nothing, and screwing around with it is more hassle than I ever seem to have time for. Thus, Gmail wins - even though I have this "sunk cost" service that I could use instead. Sure, they're skimming value off of reading my messages: newsflash: if I ever want to communicate something over the web that I don't want the powers that be to see... I can do that. I just don't have anything like that that I want to say to anybody who I never see face to face.
🌻🌻 [google.com]
(Score: 2) by c0lo on Wednesday May 02 2018, @04:00AM (1 child)
Well, I haven't properly factored the convenience.
I moved my mother's email account from gmail - it started to ask for a mobile number/device/etc.
My mother continues to not use any of these, she's using thunderbird (and no web ui) anyway, so...
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by JoeMerchant on Wednesday May 02 2018, @01:18PM
Yeah, the effort adds up: after the fourth time I had to install and configure Eudora for my wife, then I did Thunderbird for her which she hated - I think she was already in Gmail before we got phones that really did e-mail (we had some 10 key flip phones that sort of could e-mail for a long time, never used it on them)... So, I never even tried to play POP/IMAP on Android because it comes through Gmail which we were using anyway. That's a lock-in convenience that I can live with.
🌻🌻 [google.com]
(Score: 2) by JoeMerchant on Tuesday May 01 2018, @03:41PM
Yeah, couldn't agree more. I'm hoping this is one of their "fail fast" experiments that's dropped next quarter.
🌻🌻 [google.com]
(Score: 2) by VLM on Tuesday May 01 2018, @03:27PM (6 children)
Google is usually pretty good about infinitely complicated email filtering rules, so I suspect it'll be pretty trivial to create a folder named "emails needing screenshots". Google might do stupid things, but they usually allow it to be automated pretty well.
My main worry is the official Android phone app will probably have some kind of mandatory QR code scanner to prevent me from holding my phone up to my laptop and snapping a pix, to keep the filthy casuals away. More knowledgeable "hard core computer hackers" will stick a post-it note over the QR code or not use the official standard android phone app, or use an iphone to take pix of "protected" google gmail emails. The legacy media and elderly boomers will label this activity as computer hacking and make it a felony of course.
(Score: 3, Funny) by JoeMerchant on Tuesday May 01 2018, @03:43PM
This is actually funded as a marketing effort by 3M to sell more of those little overpriced sticky-notes.
🌻🌻 [google.com]
(Score: 2) by Wootery on Tuesday May 01 2018, @04:39PM (4 children)
I doubt it. Is there any history of Android cameras refusing to do what they're told because Google says 'no'?
(Score: 2) by VLM on Tuesday May 01 2018, @05:29PM (3 children)
Well, I'm not claiming it exists, but it certainly could.
Interesting theory, congress passes a law that its illegal to take a picture of a QR code containing the QR encoded text "Per federal law its illegal to take a picture of this". Plus or minus its illegal to post pix containing that QR code on social media. Its illegal to sell a digital camera that takes pix with that QR code in the frame.
I'm sure it'll all be marketed as "saving the children" like little girls bikinis will have that QR code to keep cheese pizza predators from taking pix. Or it'll be posted over the security scanner at day care centers to stop terrorists from gaining intel on massacres at child care centers. Paint it on the side of nuclear power plant towers, after all only a terrorist would want a picture of that. Or paint it on the side of a federal superfund site dumping industrial waste into the river, why only a terrorist would want to document that LOL.
Of course that QR code will be on legacy paper currency, certified copies of birth certificates, drivers licenses, anything thats occasionally forged or counterfeited.
And of course in exchange for cops wearing body cameras they can shut off, break, or obscure, we'll be told they'd never do that but their uniforms will have a patch containing the "don't record me" QR code. Seems fair, after all the thin blue line and cops never do anything wrong etc etc.
They'll be a centrally controlled wide spread fashion statement to put that QR code on meme tee shirts to normalize the concept and get people used to not being able to record certain things.
I wonder how they'll roll out security cameras, otherwise criminals will walk around with that QR code. Probably something like a NTSC/analog loophole, only banning digital cameras. Obviously it would be tricky for analog film cameras to ban pix, but they're pretty rare in the field of cell phone movies of cops shooting and beating people...
And that QR code will appear on the background in "secure" gmail emails.... And if you access a "secure" email via POP or IMAP you get a placeholder to upgrade (lol upgrade) to the web interface to see secured content, just like DRM was rolled out to "benefit" consumers, LOL.
The only thing I find more amusing than conspiracy theories is homemade hard-ish sci fi, this would make a very believable back story or even plot line for a near future dystopia where all the cell phones are newer than Android 11 and I'm sure the law would have some ridiculous name like "the federal save the children from pedos and sexting law of 2019" or whatever.
(Score: 1) by pTamok on Tuesday May 01 2018, @07:27PM
That anti-copy feature exists and pre-dates widespread use of QR-codes: EURion constellation [wikipedia.org].
There is also commercially available anti-copy paper, which uses the Eurion constellation and other techniques: CopyproofTM [copyproof.eu]. I have no connection with the vendor.
I would not be surprised if clothing is already available with the Eurion constallation printed on it or woven into it.
(Score: 2) by Wootery on Wednesday May 02 2018, @10:22AM (1 child)
But that whole thought-experiment depends on cooperative devices that the authorities control, as opposed to devices that work for the user. Even if you could control the viewing hardware used by untrusted recipient (you could force use of a specific controlled device, the way games consoles do), you still lose: the recipient can still photograph their screen.
DRM can work reasonably well to control the ability to run a program on a games console (in both directions: it can forbid running the game on an arbitrary platform, and forbid running arbitrary code on the controlled platform). DRM doesn't work when you're trying to control read access to confidential documents.
Incidentally, it's also the reason your QR code thought experiment would never work. If a totalitarian idea depends on banning the public use of film-based cameras, well, good luck with that.
(Score: 2) by VLM on Thursday May 03 2018, @01:12PM
Its all about the casuals. Can joe 6 pack copy a cassette tape, back in the old days, sure. Can joe 6 pack copy a blueray, no. Eliminate 99% of the copying etc etc.
Its weaponizing QR codes against joe 6 pack and ida instagram and fanny facebook, not people who can use an IDE to write software.
Just ship phone rom images with the default camera app that shuts down or reports you if it detects the special QR code in a pic, thats all, nothing too elaborate.
99.99% effective is more than good enough to stop random civilians from recording police beatdowns, for example.
(Score: 5, Insightful) by theluggage on Tuesday May 01 2018, @02:10PM (7 children)
Well, I'll definitely use that feature next time I want to send out a ransom demand, blackmail letter, racially/sexually offensive comment, herbal viagra ad... etc.
Oh, wait, I suppose Google will archive a copy should the authorities come knocking? Right, silly me.
Coming next: screen capture utilities banned from ChromeOS.
(Score: 3, Interesting) by KiloByte on Tuesday May 01 2018, @03:06PM
Thanks to their latest spat, at least anything from Huawei won't have this malware then :p
Ceterum censeo systemd esse delendam.
(Score: 2) by JoeMerchant on Tuesday May 01 2018, @03:57PM (1 child)
And, yet, they're equipping every person on the planet with a 12MP digital camera... It's almost like the old MP3 arguments, any system you make, any system at all, can always be end-run by analog recording between the audio output and the listener's ears (or brain in the case of direct neurostim audio) connected to a generic high quality recorder. Unless you think you can control every recording device on the planet (which big media was seriously trying to do for a while), it's game over.
🌻🌻 [google.com]
(Score: 2) by Wootery on Wednesday May 02 2018, @10:30AM
As you say, DRM on audio is particularly comical, as audio invariably boils down to a very simple analogue wave transmitted electrically over copper. Obfuscate and encrypt the storage (Spotify, Audible) and transmission (HDCP, Netflix) all you want, go ahead and make it hard to read from the audio buffer, but that wave is getting generated eventually, or else the user can't listen.
DRM has been more successful in controlling code, than audio or video. It might be possible to jailbreak an iPhone, or clone a PS4 game, but at least it's not trivial.
(Score: 2) by DannyB on Tuesday May 01 2018, @04:25PM (3 children)
Deer user:
Due to resent puspicious activily on you're account is now being suspendid.
Be pleasing to click the following link to reactivate you're account.
The lower I set my standards the more accomplishments I have.
(Score: 0) by Anonymous Coward on Tuesday May 01 2018, @07:43PM (2 children)
Bambi has hard time using a mouse, so I guess she is screwed.
(Score: 1, Informative) by Anonymous Coward on Tuesday May 01 2018, @08:33PM
Despite the number of girls with the name Bambi, the deer in the story was a male.
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by Bot on Tuesday May 01 2018, @09:22PM
Use a rabbit instead. Plenty of rabbits IIRC.
Account abandoned.
(Score: 1, Troll) by realDonaldTrump on Tuesday May 01 2018, @02:17PM
Google did so much for Crooked Hillary. With the very biased search. This very special EMAIL, it would have been great for her. Instead of the illegal server. Maybe it's something she asked for. I don't know. Maybe Anthony Wiener (also a Dem) asked for it. Folks, we're living in the Age of Social Media. I don't do EMAIL. I use Snapchat when I'm sending a very special message. The lady sees my message, then it goes away. PERFECTO!!!!
(Score: 2) by MichaelDavidCrawford on Tuesday May 01 2018, @02:34PM
FTFY
Yes I Have No Bananas. [gofundme.com]
(Score: 0) by Anonymous Coward on Tuesday May 01 2018, @02:36PM (4 children)
“If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."
(Score: 2) by The Mighty Buzzard on Tuesday May 01 2018, @05:24PM (3 children)
Oh? How many times a week do you masturbate then? To the nearest eighth inch or millimeter, how small is your penis? Please include links to every picture you've ever been in that involved nudity. And those are just the lowest hanging fruit.
My rights don't end where your fear begins.
(Score: 2) by VLM on Tuesday May 01 2018, @05:32PM
Add together all the numbers for Anonymous Coward or average? If they don't specify, we might not be able to tell the difference?
(Score: 0) by Anonymous Coward on Wednesday May 02 2018, @05:32AM
Penis length is hard to measure, and definitely not to that accuracy. To know for sure, they'll need to know if the measurement was bone pressed or not. And then the method used to induce the erection (ie. chemical - viagra,etc), hot chick (or bloke), not so hot chick (or bloke), etc. Too much ambiguity.
Ask a chick how long a given dick is, and you'll get wildly different answers. The average erect male penis is between 5.2 and 5.5" long (bone pressed), average girth is 3.9" to 4.5". Ask a chick, and it seems that they've only slept with guys in the top 5th percentile (6.5"+) or above. The elusive 8"+ dick is found in at most 0.1% of the population, yet every second chick seems to have slept with a guy hanging that low.
Masturbation sessions may not be counted high in number, but be less often while lasting for long periods of time - edging, tantric, etc. So these numbers may also not be that reliable.
(Score: 3, Funny) by cmdrklarg on Wednesday May 02 2018, @08:44PM
"They said you was hung!"
"And they were right!"
The world is full of kings and queens who blind your eyes and steal your dreams.
(Score: 2) by Virindi on Tuesday May 01 2018, @02:47PM (1 child)
Cool features. This seems like the kind of stuff that would be better as a 3rd party service though. Obviously the point here is that Google gets to better track who you are sending emails to, to build a better human connection graph. Just like the spooks...
Wait! Hold on a second. Hasn't every teenager on the planet already figured out that no matter the DRM or how locked down the app, you can bypass "self-destructing" pictures and text by just taking a picture of it with a camera? "Self-destructing" content does nothing but give people a false sense of security. How silly. It sounds like some clueless manager tacked this feature on to a list.
(Score: 3, Interesting) by VLM on Tuesday May 01 2018, @03:40PM
It turns out that asking people to tag posts as "Hey spooks here's the good stuff to privacy violate" wasn't terribly successful, but a checkbox labeled "pr0tect a m0r0n lik m3 from elite c0mpu7er hakers" is a pretty good way to get people to self tag messages as being very interesting to the governments and corporations who have open book access to everything we do.
Kinda like credit report information; every government and corporation on the planet has open book access to my data, the only people excluded are my folks like my next door neighbor who don't care anyway so they're not gonna look.
My guess is this is how they (corporations and governments) will roll out anti-customer services. Say you don't want people filing a comment on a EPA or FCC or FTC proposal... well, for "computer security" reasons we need you to create an account using emails that take 6 minutes to deliver but self destruct in 5 minutes and you need to know your special password to open the email which will be mailed to you in snail mail within four to six weeks for this regulatory comment period, the one expiring in two weeks; oh you find this inconvenient? What a pity, now are you saying computer security is a bad thing which is patently stupid or are you claiming you're too lazy or low agency to follow simple procedures despite knowing your responsibilities to interact in a democratic society you sux at being a citizen and should work harder. This is customer anti-service at its best.
A shitty politician or manager bans people from having alcohol at parties in the county park by saying "no" and pissing people off. A smart operator implements customer anti-service by designing a procedure that can't be followed to get a permit. Ironically if you want a case of beer at a tasteful and quiet multi-generational hundred person family reunion then you simply drink one or two beers in front of the park ranger; maybe offer him one if you're feeling generous, because "no drinking in the park" is only enforced against problem visitors like homeless or all night college frat binge drinking parties. Customer anti-service is a valuable new technology that I think we'll see a lot more of in the future via AI and automation and so forth.
(Score: 5, Interesting) by canopic jug on Tuesday May 01 2018, @03:11PM
This has little to no basis on actual privacy and appears all about forcing the last of their users off IMAPS or POP and onto their web-mail client. Once they do that, they have enough of the market that they can re-do the e-mail protocols to their heart's content and no one can push back either as an invidual, a group, or a corporation. Even M$ will have to follow suit.
If you self-host in any way these days, you will already have run into problems with Gmail accepting mail from your SMTP servers, especially if you have decided not to pay Google for the privilege.
This should be a big red warning flag for the world. Google/Alphabet is in a position to finish cornering the market and disposing of it as it sees fit. Note that OpenPGP is pointless in a web-mail client.
Money is not free speech. Elections should not be auctions.
(Score: 5, Funny) by GreatAuntAnesthesia on Tuesday May 01 2018, @03:39PM
This sounds like a fantastic development, well worth registering a gmail account for. However I have a few questions first:
1 - What is the method of self-destruct? I'm assuming some kind of explosive, if so what is the yield?
2 - Is there any way to make sure that the
targetrecipient is actually the intended person?(Score: 0) by Anonymous Coward on Tuesday May 01 2018, @03:56PM (1 child)
Scenario:
A company ("Company") sends out an email with very specific details (an offer, a contract clause, a promise, etc). The email is "self-destructing". The offer/contract clause/promise is accepted by recipient. Thirty days later, the self-destructing email vanishes, along with recipient's proof of the offer/contract clause/promise.
The issue now is beyond a single problem for the recipient. The initial problem, that recipient feels the offer/contract clause/promise has been breached, is one thing. However, recipient now must find proof of the offer/contract clause/promise. The email has self-destructed, so he has none.
Did recipient print a copy? Perhaps, but Company can disclaim this as proof, since the printout is not in the original form. Therefore, using the printout as legal proof may require court action, requiring filing a financially risky lawsuit. What if there was an arbitration clause? Now recipient must risk losing in arbitration court - where there is no jury to consider beyond what the for-hire "judge" accepts as proof - and potentially risking arbitration court costs.
Recipient also has a problem with the "self-destructing" email itself: email messages don't just self-destruct. A server instruction is what would actually delete the message. Which server deleted the message? Probably the recipient's email server or email provider. So, recipient can't make a claim against Company for evidence destruction.
My point here is that the entire justification for "self-destructing" email is an excuse for hiding/destroying written promises, and this will be widely used by companies to further screw consumers, employees, smaller business partners, etc.
Your safest bet is to not use software or services that support self-destructing email and never accept such emails in the first place.
(Score: 0) by Anonymous Coward on Wednesday May 02 2018, @01:04AM
IAAL and this isn't as big of a deal as you think. First is that the email doesn't just disappear, there is other evidence that it existed, such as logs, testimony, the fact you accepted the offer at all. Second is that a party wouldn't be bound to arbitration, as there would probably be a dispute that an arbitration clause applies at all and there are limits to what arbitrators are allowed to do under the law. Third is that given that the recipient's copy was destroyed, let alone due to an act instigated by the sender, other evidence is allowed under the best evidence rule. Fourth is that certain transactions (most in the U.S. and E.U.) require the preservation of terms and are void (or voidable, depending on the exact context) if not preserved at the party's fault.
(Score: 5, Insightful) by DannyB on Tuesday May 01 2018, @04:00PM
Email should be append only. Just like server logs.
Email users:
* Say what you mean, and mean what you say. (Or as Jesus said: let your yes be yes, and your no be no; without needing to debate about what object you should swear by to validate your statement or "cross your fingers behind your back".)
* If you make a mistake, send another email which corrects it.
* If you don't have impulse control or self control, then suffer the consequences -- just like with everything else in life. Like if you say something on TV, Radio, to a reporter, to a court under oath, something you tell your boss, cow-orker, etc.
* Telling someone that you had your fingers crossed when you clicked SEND is about as valid as it was on the playground.
The lower I set my standards the more accomplishments I have.
(Score: 3, Funny) by DannyB on Tuesday May 01 2018, @04:01PM
Penitent: Forgive me father for I have SEND.
Priest: You mean you have sinned?
Penitent: No! I mean I have SEND. I clicked Send on an email!!!
Priest: Sending an email is nothing to worry about, dear child.
Penitent: This was no ordinary email, father.
Priest: I'm sure it'll be alright, dear one.
Penitent: But you don't know what was in this email.
Priest: There, there. If it will make you feel better you can tell me all about it.
The lower I set my standards the more accomplishments I have.
(Score: 5, Insightful) by captain normal on Tuesday May 01 2018, @04:24PM (7 children)
Obviously none of you who've posted by now have bothered to read past the headline or through the summary, much less RTFA. This is for "Enterprise" users and confidential mode has to be switched on. It is not baked into every g-mail account. Google does a lot of stuff that annoys the hell in me, like making bad changes to Google maps and their browser. I use their web e-mail for things like registering at sites like S/N. I also use a few other web based e-mail services for similar reasons. For my on personal real life e-mail I pay for for an web based e-mail from a local provider where I know the people who own it.
Sure the summary is written as "click bait" (it was of course written by a well known fisherman), and everyone likes to rag on Google (and MS and Apple) but there are a lot worse big corps out there...ATT, Comcast, Verizon etc.
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 3, Informative) by Wootery on Tuesday May 01 2018, @04:54PM (4 children)
Fair points, but they're still encouraging 'enterprise' users to think that they can send a document and later withdraw access. If the recipient isn't trusted, it solves nothing, but possibly gives the sender a dangerous false sense of security. If the recipient is trusted, what's the point?
The correct way forward on this front is to educate the non-technical users that it simply isn't possible to do that kind of thing. Access to a digital document can be granted, or not, but 'grant now and revoke later' simply isn't something you can do. No amount of DRM and obfuscation will stop the recipient pointing a smartphone camera at his screen, no matter how strongly some organisations [datarooms.com] wish it were possible (and even pretend that it is).
(Score: 2) by VLM on Tuesday May 01 2018, @05:43PM (3 children)
As the admin of a paid gmail enterprise account, yes we can certainly do that easily at the account level. And having essentially "root" on the domain at some great mostly manual effort I can delete any individual document I want. Once it leaves our domain by whatever means, its on the loose of course.
What this is doing is giving any individual sender "root" over what they send, without having to bother me to do it for them, I'm not sure your average goofball should be trusted even with something that limited, but here it is...
I can't wait for the support tickets by some goofball who doesn't understand it only works internal to the domain so emailing his sexting noodz to his ex-girlfriend's AOL address doesn't prevent them from getting posted for laughs by her on a fake grindr account with his real contact info. Not that I was ever involved in a support ticket... exactly... like that. Being an admin account isn't unicorns and balloons all day. Ugh. We're talking (admittedly some years ago) about a guy so dumb he thought deleting the email from his sent folder deleted the email from her inbox, like dude, was that a plot line on CSI, maybe I don't even want to know. And my coworkers laughed their asses off at the humor of escalating this critical issue all the way up to me, thanks guys, thanks.
But there are the longer term wider range issues to discuss before they inevitably expand this to all gmail users someday.
(Score: 2) by Arik on Tuesday May 01 2018, @07:53PM
->"As the admin of a paid gmail enterprise account, yes we can certainly do that easily at the account level."
I do understand what you're saying, but you've basically placed it all on that last phrase - "at the account level" which has to be understood exactly as you intend it for this to be true.
Most gmail users would not understand it that way, and even if you exhausted yourself explaining it to them they still wouldn't actually understand that phrase.
So it may be technically true but it's deceptive as hell. In the sense that the vast majority of gmail users would understand it, it's false. You can't send self-destructing emails. Telling people they can, and even giving them a button for that purpose, and rigging it so that certain tests will appear to confirm that it's really a self destructing email - this will only lead to users believing in even more impossible magic.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by Wootery on Wednesday May 02 2018, @09:27AM
No, of course you can't. If I took a permanent copy of that document (i.e. a photo or video on my phone), I'll still have it when you revoke access.
We aren't talking about write-access to a shared file, we're talking about read access to a confidential document. If that is ever granted to an untrusted party, it's game over. They can always find a way to keep a permanent copy. You can play games with DRM and page-view-tracking if you want, but it changes nothing.
I don't really see where the rest of your comment goes.
(Score: 0) by Anonymous Coward on Wednesday May 02 2018, @11:45AM
Allowing an admin to do it is different from allowing any moron to do it in that an admin (hopefully) understands what is possible and what isn't, and can explain to the user "no, removing it from our end will not remove it from their mail server, which I don't have access to".
(Score: 2) by All Your Lawn Are Belong To Us on Tuesday May 01 2018, @07:06PM
Yep, and if they're doing to Enterprise customers, they CAN roll it out to everybody. And will when it is profitable for them to do so. Time to stop this before then as it has implications for everyone else.
(Though now that I think about it I think Exchange has a similar setting to allow mail recalls IIRC).
This sig for rent.
(Score: 2) by takyon on Tuesday May 01 2018, @07:33PM
From what I read and the language used in the summary, these features are for all Gmail users, not just enterprise.
They aren't too bad, but they could definitely give users a false sense of security. A real secure use of Gmail would involve the user encrypting messages with a private key not stored by Google (perhaps accessed from a file on your computer for convenience purposes).
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2, Informative) by whatevs on Tuesday May 01 2018, @05:18PM (1 child)
> Guess I'll be switching to ProtonMail for my webmail needs, which, granted, are few.
ProtonMail supports the message expiration and password encryption, but I dont think it supports that last and most objectionable feature of restriction mentioned.
The real benefit of switching to ProtonMail is having your data in motion and at rest encrypted. I don't know how I feel about the browser doing all the encrypt/decrypt work via javascript, but it prevents casual eavesdropping... until you send it to someone outside of ProtonMail without using the password encryption option.
I guess sending encrypted to non-protonmail users without using the password option is still in beta? https://protonmail.com/support/knowledge-base/how-to-use-pgp/ [protonmail.com]
(Score: 2) by The Mighty Buzzard on Tuesday May 01 2018, @05:28PM
I was thinking more along the lines of nobody I currently interact email-wise with uses Proton Mail, so them trying to send a self-destructing email is not an issue.
My rights don't end where your fear begins.
(Score: 2) by All Your Lawn Are Belong To Us on Tuesday May 01 2018, @06:57PM (2 children)
So, I'd already ruled out swapping to gmail from my current provider. (And I've decided that my current provider has to go after 22 years of being a paying customer.)
But if I hadn't already ruled that out, now as I shop around for an email provider it has to be one that won't respect this.
You send ME an email, it is MINE to decide to do with as I please. Not the senders, and for damn sure not Google's.
This sig for rent.
(Score: 2) by c0lo on Tuesday May 01 2018, @11:19PM (1 child)
Send them an self-destructing email, only increase the power of the destruction payload.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by All Your Lawn Are Belong To Us on Wednesday May 02 2018, @07:42PM
You have now placed the Mission Impossible theme in my head as an earworm. Except the long burning fuse leads straight into my NIC and proceeds along the connection pathway to their server where it explodes into EMail: Impossible.
This sig for rent.
(Score: 3, Insightful) by Bot on Tuesday May 01 2018, @09:17PM
Gmail officially entered the Extend phase.
Account abandoned.
(Score: 2) by corey on Tuesday May 01 2018, @10:57PM (1 child)
An anti-feature I'd like to see removed from gmail is refusal to send encrypted attachments. It explains the reason as being the inability to scan for viruses. What a croc.
(Score: 0) by Anonymous Coward on Wednesday May 02 2018, @03:22AM
Does renaming the file to .jpg still work?
(Score: 2) by Kawumpa on Wednesday May 02 2018, @06:29AM
I think this is great and will auto-reply to people in my address book that these kind of "click this link to read the message"-mail are normally classified as junk by every decent mail system and that they shouldn't expect further communication. This worked great when people still sent chain mails and similar shit, for which we have Facebook now.