back to article Google to add extra Gmail security … by building a walled garden

Google is planning to add several new security features to its ubiquitous email service, Gmail, but they will come with a cost – literally and figuratively. Among the new features reportedly under consideration are self-deleting emails and a new "confidentiality mode" that would prevent emails from being printed or forwarded …

Page:

  1. israel_hands

    How?

    How can they stop you taking a screen-grab of the e-mail and saving it? Or just grabbing a photo using another device?

    And what company is going to be able to legitimately use self-deleting e-mail? There are all kinds of law regarding audit trails and data retention.

    Not sure how either of these systems are going to appeal to anyone other than the likes of Uber and other scumbags.

    Or rather, the idea may appeal but the reality will prove to be somewhat different to the blurb in the sales brochure.

    1. Anonymous Coward
      Anonymous Coward

      Re: How?

      These are "features" which would be pimped to people who don't ask those types of questions.. such as the board, Service manager or an old school Compliance Manager (passing himself as an Infosec manager, but in fact should have long retired).

      By the time it gets to people in the know, it's already signed off!

    2. JohnFen Silver badge

      Re: How?

      Yes, if, for some reason, I really had to use this service to read an "email", I'd absolutely make a copy of it for my records, using whatever mechanism works. I'd probably add it to my existing email server so it would get backed up along with the rest of my correspondence.

    3. big_D Silver badge

      Re: How?

      In Germany (and, I believe the EU in general) it is illegal to delete business relevant emails - in fact they have to be stored in unalterable form. So anything that gets past the spam filter and is business related has to be kept, whether sender or receiver think otherwise.

      That was one of the problems with Exchange 2003, you needed additional tools to make it compliant. Post 2008, this was built in.

      This also goes for instant messages and any other written communication medium in business.

      1. Anonymous Coward
        Anonymous Coward

        Re: How?

        In Germany (and, I believe the EU in general) it is illegal to delete business relevant emails

        Need not be a problem. You don't think Google were going to delete ANYTHING do you? All they do is make access chargeable. You either pay the tax on a rolling basis, or a truly eye watering one off access request later. That's how professional, high-security data room services already operate.

    4. revenant Silver badge

      Re: How?

      Not sure how either of these systems are going to appeal to anyone other than the likes of Uber and other scumbags.

      ... and Politicians, of course (or do they come under 'scumbags'?).

    5. onefang

      Re: How?

      "How can they stop you taking a screen-grab of the e-mail and saving it? Or just grabbing a photo using another device?"

      Ah the age old problem of copy protection, since legitimate users actually need to copy the bits around to actually use their copy protected thing in the way it was meant to be used, all copy protection schemes have a big flaw. You need to be able to copy it to actually use it.

      Eventually the user of the email system needs to be able to copy the email into their head, usually via their eyes, and cameras work just as well as eyes do.

    6. Anonymous Coward
      Anonymous Coward

      Re: How?

      "Strangely though, there is one thing that the company continues to not offer, even though many of its users have made it plain they want it and would even pay for it: end-to-end encryption."

      But that would stop The Borg from slurping it!

  2. Yes Me Silver badge
    WTF?

    Bug, not a feature

    The self-destruction "feature" is familiar to poor sods using Lotus Notes for email; indeed screen grabs may be the only way to keep an email indefinitely, since no-copy also means no-print. In practice it becomes a bug when somebody sends a self-destroying email that contains information that is needed for future reference or subject to a legal retention requirement. I'm not sure that the "GMAIL ate my homework" argument is going to work in court.

    I think that old email from Google about "don't be evil" has self-destructed.

    1. iron Silver badge

      Re: Bug, not a feature

      They removed the first word from that corporate motto a long, long time ago.

  3. JohnFen Silver badge

    Nope

    "But if you pull email into a different email program, you will instead be presented with a link to the Gmail message."

    Which is the same as not using email. I might respond to such a notification, but it would be to tell the sender "I can't see your message." Or, more likely, I'd just ignore it.

    1. big_D Silver badge

      Re: Nope

      Don't a lot of spam filters filter out emails with no content other than a hyperlink?

  4. jelabarre59 Silver badge

    Break

    So you can PAY Google to break established internet standards for you...

    Yeah, really gonna go for that one.

  5. fluffybunnyuk

    The obvious solution seems to me to allow a browser window to open in what i use as a plain text viewer, and on completion of load , store the windowed document as a jpeg.

    1. GnuTzu Silver badge

      JavaScript

      @fluffybunnyuk, Sadly, this will almost surely require JavaScript compliant browsers. I wonder how this will look in F12 Developer Tools. It'll be interesting to see if they can code around that.

  6. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    Ouch - This won't rapidly become really annoying

    Instead of receiving actual emails, more people will defer to sending links back to Google HQ (Mothership of Analytics Slurp). Compelling more Non-Users to effectively 'soft log-in'. Reminds me of Facebook's hugely abused 'Tag' property, which lets idiots tag you in their posts compelling you into viewing them (posts that you don't appear in or have anything to do with etc). This will be a 'dopamine like', as you can't view the email, not even a summary, without visiting Googhoul!

    1. Anonymous Coward
      Anonymous Coward

      Watchout Facebook is trying the same scam

      Before killing Facebook recently I used the Download-Your-Data option. Even though FB includes photos, the HTML files no longer link to the downloaded versions, but instead back to Facebook-com.

      WTF???

      Personally, I've begun to actively write less to people with @gmail, @yahoo, @outlook/hotmail accounts. What's hilarious, is that many of the same people get free email anyway from their non-US Big-Tech ISP. So why opt to be slurped like a data slave?

      People usually state that flawed / deceptive tired old line - 'But I've nothing to hide'. Yeah, well wait till enough behavioral data corporations 'Weaponize' your data against you. Akin to: Quotes: 'If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged'...

      People are too trusting: 'You've been living in a dream world Neo'!

      1. CanadianMacFan

        Re: Watchout Facebook is trying the same scam

        Yes, many people get a free account with their ISP but it becomes a pain if you move and have to switch providers or you just switch ISPs in order to save money. Then you have to tell everyone to update their contacts with your new email address and you need to update all the companies that may send you something important (such as a bill). There would also be the issue of moving the mail from the old ISP to the new ISP (unless I used POP instead of IMAP but many non-technical people might not think to retrieve the messages before closing the account).

        It's much easier to have an email account that doesn't change no matter how you access the Internet. However, Google, Microsoft, and those companies are not the only companies out there that offer free accounts. Others out there offer accounts as a way to try their services with the hope that you will need more than 5GB (or whatever limit they have) or would like to upgrade to other services. The company I'm with is aiming their services at small to medium business but lets individuals have free accounts, with a few restrictions. I even use my own domain with them. When someone asks I give them a good reference because their service has been great. Whenever I have changed ISPs in the past I've never had to worry about losing contact with anyone because my email address has stayed the same.

        1. Anonymous Coward
          Anonymous Coward

          "to have an email account that doesn't change"

          Register your domain, most registrar will also offer a service to send your email to a different address, and it won't cost you more than $10-20 per year.

          You get far better personalized email addresses which are not subject to any changes the fee provider could apply, and are also usable on systems which refuses free email addresses - some start to do it.

          If you're too cheap for that, well, keep on feeding the Moloch...

          1. JohnFen Silver badge

            Re: "to have an email account that doesn't change"

            "Register your domain, most registrar will also offer a service to send your email to a different address, and it won't cost you more than $10-20 per year."

            This is what I do, but my registrar does the email forward for free. I also run my own mailserver which is where the email gets forwarded to. These days, there are even prebuilt mailserver images available, so doing it yourself is easy if you're a "power user".

      2. Voland's right hand Silver badge

        Re: Watchout Facebook is trying the same scam

        What's hilarious, is that many of the same people get free email anyway from their non-US Big-Tech ISP.

        Those are still run by Google or MSFT in nearly all cases. We have reached the point where 99% of ISPs do not have the competence to run a mail system.

      3. Anonymous Coward
        Anonymous Coward

        Re: Watchout Facebook is trying the same scam

        What's hilarious, is that many of the same people get free email anyway from their non-US Big-Tech ISP. So why opt to be slurped like a data slave?

        In some instances the ISP mail offering is (or has been) an ISP rebadge of Gmail or Yahoo etc. And the problem of relying on your ISP for your email is that if you swap ISP then you're back to relying on a local archive only, which is really the crux of the problem here.

        1. Anonymous Coward
          Anonymous Coward

          "you swap ISP then you're back to relying on a local archive only"

          With IMAP you can easily copy your emails from one mail system to another.

      4. Anonymous Coward
        Anonymous Coward

        Re: Watchout Facebook is trying the same scam

        Problem......

        If you change ISP, you then have you change email address - okay, yes, you could get a domain and do a re-dir....but, google, yahoo and the lot are all "free"....plus with android, you pretty much MUST have a google account....

        I use gmail, I understand the trade off, up until recently, it officially read all my emails - they probably still do it unofficially....

        Do I care that they know my real name if they read my emails? They dont know my address, my real country I live in, etc, etc....

        Any confidential stuff is sent via work accounts....so, only the IT blokes here can have a giggle about my extortionate rent bill....

        1. JohnFen Silver badge

          Re: Watchout Facebook is trying the same scam

          ".plus with android, you pretty much MUST have a google account."

          No, you really don't. It's only important if you're going to be using Google's services.

          1. This post has been deleted by its author

            1. JohnFen Silver badge

              Re: 'plus with android, you pretty much MUST have a google account.'

              "That means you must have a 'Google Account' if you want to add any Apps at all... No?"

              No. There are multiple app stores for Android aside from Google's, and there are many repositories where APKs of established apps are available for download that you can side load.

              If you really need to use the Play store, you can also get a Google account and simply not tie it to your phone. Instead, download the apk through a web browser and side load it.

              Using the Play store is entirely optional.

              1. This post has been deleted by its author

                1. onefang

                  Re: 'There are multiple app stores for Android aside from Google's'

                  "Which ones???

                  Name some that aren't infested with Malware etc..."

                  F-droid. Dunno about the others, I don't use them.

                  1. This post has been deleted by its author

                    1. onefang

                      Re: 'Dunno about the others, I don't use them.'

                      "You use F-droid regularly and its totally clear of Malware?"

                      Yes.

                      1. Anonymous Coward
                        Anonymous Coward

                        Re: 'Dunno about the others, I don't use them.'

                        @onefang - Thanks!

        2. tfb Silver badge

          Re: Watchout Facebook is trying the same scam

          Unless you are doing hairy VPN tricks then they certainly do know the country where your IP address is, and if you use a phone they know much more than that about your location, including almost certainly your home and work addresses and how you commute.

  8. Anonymous Coward
    Anonymous Coward

    Just when you thought Google had hit evil(MAX)

    They found a way to go to 11.

    1. Charlie Clark Silver badge

      Re: Just when you thought Google had hit evil(MAX)

      Possibly, but let's wait to see what's actually available. Sounds like the usual kind of shit you find in "groupware". As it's not interoperable it doesn't stand any chance of wide adoption but that might not matter for those planning to move from, say, MS Exchange, to G Suite and want the ability to recall those e-mails sent in error, because learning to double-check is just too hard.

      1. Anonymous Coward
        Anonymous Coward

        Re: Just when you thought Google had hit evil(MAX)

        The evil part in my mind is sending people a gmail link when email is forwarded. So if someone forwards me an email Google can track when and how many times I read it...why the hell should they be allowed to do that when I don't even use gmail - I go out of my way to use their services as little as possible, in fact.

  9. Christoph
    Facepalm

    "But if you pull email into a different email program, you will instead be presented with a link to the Gmail message."

    "You have just been sent an email, click on this link to read it"

    What could possibly go wrong with that?

    1. Anonymous Coward
      Anonymous Coward

      Quite clearly this is a gsuite feature and everyone will be using Gmail, if someone includes an external email address, clearly that compromises the whole thing.

      I actually think this sounds like a reasonable idea, and it's not like existing corporate email hasn't already added extras like this when working inside a walked garden. Lotus Notes and Outlook already have "broken"things with similar features.

    2. Anonymous Coward
      Anonymous Coward

      re: What could possibly go wrong with that?

      but look here, we ARE a GONUINE GOOGL SPORT SERVICE!!!! In order to verify this, PLEAS CLICK. GOOGL LOGO below to enjoy further benefits!

  10. JohnFen Silver badge

    What could go wrong?

    "if you pull email into a different email program, you will instead be presented with a link to the Gmail message."

    There's certainly no possible way that this requirement could be used as cover for spam or phishing attacks.

  11. Barry Rueger

    Sayonora

    Yup. It's time to finally extract myself from Gmail. The one positive, ubiquity across multiple platforms, just isn't enough any more.

    I truly dread the prospect. I'm sure that moving my Gmail archive will be a nightmare, but the time has come.

    Oh well, it could be worse: Facebook could offer email.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sayonora

      So you are making a change that means rather than it just working, you will now have to clickbait link to view a message, all because you don't like the idea of clicking a link to view a message!!!

      I really fail to understand your logic there

    2. onefang

      Re: Sayonora

      "I'm sure that moving my Gmail archive will be a nightmare,"

      1) Use a real email client.

      b) Use IMAP or POP to download all of your gmail.

      III) ???

      Four) PROFIT!!

      Simples really. You can even skip the last two steps. Step b even works for spam if you are so inclined.

    3. bobblestiltskin

      Re: Sayonora

      I opened a protonmail account for the self-same reasons. There is an android client too ...

  12. MrDamage

    Whatever Google is smoking, I'll take a kilo

    What could go wrong? After years of telling our users not to click on random links in emails, Google is now trying to convince us it's a good thing?

    And even if they recipient does use Gmail, how do they plan to stop people from using snipping tool, or the printscreen key, or even a convoluted setup of a screen-reader having its output sent to a speech to text function?

    1. jelabarre59 Silver badge

      Re: Whatever Google is smoking, I'll take a kilo

      And even if they recipient does use Gmail, how do they plan to stop people from using snipping tool, or the printscreen key, or even a convoluted setup of a screen-reader having its output sent to a speech to text function?

      There's just the thing; in order to comply with ADA/accessibility regulations, Google would *have* to provide a way to read text for the sight-impaired. Which automatically turns it into a data stream which can b saved to a text file. Already subverted before they even release it.

  13. Nick Kew
    Devil

    Embrace and Extend

    Back in the '90s, the previously-dominant players (like Compuserve and AOL) had to move away from walled gardens to survive, and Microsoft abandoned its walled-garden plan in favour of a 'net presence with soft-walls ("embrace-and-extend"). MS's captive market crumbled over time leaving them to compete on more-or-less equal terms.

    What has google learned from history that has led them to an embrace-and-extend plan?

    1. tfb Silver badge

      Re: Embrace and Extend

      I think what they may have learned is that you can't do this unless you really are a dominant player and you aren't frightened of anti-trust people. MS were dominant enough but were frightened of anti-trust, computserve and AOL were not dominant enough. Google are dominant enough and aren't frightened of anti-trust, so ... away they go.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020