back to article Google to add extra Gmail security … by building a walled garden

Google is planning to add several new security features to its ubiquitous email service, Gmail, but they will come with a cost – literally and figuratively. Among the new features reportedly under consideration are self-deleting emails and a new "confidentiality mode" that would prevent emails from being printed or forwarded …

  1. israel_hands

    How?

    How can they stop you taking a screen-grab of the e-mail and saving it? Or just grabbing a photo using another device?

    And what company is going to be able to legitimately use self-deleting e-mail? There are all kinds of law regarding audit trails and data retention.

    Not sure how either of these systems are going to appeal to anyone other than the likes of Uber and other scumbags.

    Or rather, the idea may appeal but the reality will prove to be somewhat different to the blurb in the sales brochure.

    1. Anonymous Coward
      Anonymous Coward

      Re: How?

      These are "features" which would be pimped to people who don't ask those types of questions.. such as the board, Service manager or an old school Compliance Manager (passing himself as an Infosec manager, but in fact should have long retired).

      By the time it gets to people in the know, it's already signed off!

    2. JohnFen

      Re: How?

      Yes, if, for some reason, I really had to use this service to read an "email", I'd absolutely make a copy of it for my records, using whatever mechanism works. I'd probably add it to my existing email server so it would get backed up along with the rest of my correspondence.

    3. big_D Silver badge

      Re: How?

      In Germany (and, I believe the EU in general) it is illegal to delete business relevant emails - in fact they have to be stored in unalterable form. So anything that gets past the spam filter and is business related has to be kept, whether sender or receiver think otherwise.

      That was one of the problems with Exchange 2003, you needed additional tools to make it compliant. Post 2008, this was built in.

      This also goes for instant messages and any other written communication medium in business.

      1. Anonymous Coward
        Anonymous Coward

        Re: How?

        In Germany (and, I believe the EU in general) it is illegal to delete business relevant emails

        Need not be a problem. You don't think Google were going to delete ANYTHING do you? All they do is make access chargeable. You either pay the tax on a rolling basis, or a truly eye watering one off access request later. That's how professional, high-security data room services already operate.

    4. Anonymous Coward
      Anonymous Coward

      Re: How?

      Not sure how either of these systems are going to appeal to anyone other than the likes of Uber and other scumbags.

      ... and Politicians, of course (or do they come under 'scumbags'?).

    5. onefang

      Re: How?

      "How can they stop you taking a screen-grab of the e-mail and saving it? Or just grabbing a photo using another device?"

      Ah the age old problem of copy protection, since legitimate users actually need to copy the bits around to actually use their copy protected thing in the way it was meant to be used, all copy protection schemes have a big flaw. You need to be able to copy it to actually use it.

      Eventually the user of the email system needs to be able to copy the email into their head, usually via their eyes, and cameras work just as well as eyes do.

    6. Anonymous Coward
      Anonymous Coward

      Re: How?

      "Strangely though, there is one thing that the company continues to not offer, even though many of its users have made it plain they want it and would even pay for it: end-to-end encryption."

      But that would stop The Borg from slurping it!

  2. Yes Me Silver badge
    WTF?

    Bug, not a feature

    The self-destruction "feature" is familiar to poor sods using Lotus Notes for email; indeed screen grabs may be the only way to keep an email indefinitely, since no-copy also means no-print. In practice it becomes a bug when somebody sends a self-destroying email that contains information that is needed for future reference or subject to a legal retention requirement. I'm not sure that the "GMAIL ate my homework" argument is going to work in court.

    I think that old email from Google about "don't be evil" has self-destructed.

    1. iron Silver badge

      Re: Bug, not a feature

      They removed the first word from that corporate motto a long, long time ago.

  3. JohnFen

    Nope

    "But if you pull email into a different email program, you will instead be presented with a link to the Gmail message."

    Which is the same as not using email. I might respond to such a notification, but it would be to tell the sender "I can't see your message." Or, more likely, I'd just ignore it.

    1. big_D Silver badge

      Re: Nope

      Don't a lot of spam filters filter out emails with no content other than a hyperlink?

  4. jelabarre59

    Break

    So you can PAY Google to break established internet standards for you...

    Yeah, really gonna go for that one.

  5. fluffybunnyuk

    The obvious solution seems to me to allow a browser window to open in what i use as a plain text viewer, and on completion of load , store the windowed document as a jpeg.

    1. GnuTzu

      JavaScript

      @fluffybunnyuk, Sadly, this will almost surely require JavaScript compliant browsers. I wonder how this will look in F12 Developer Tools. It'll be interesting to see if they can code around that.

  6. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    Ouch - This won't rapidly become really annoying

    Instead of receiving actual emails, more people will defer to sending links back to Google HQ (Mothership of Analytics Slurp). Compelling more Non-Users to effectively 'soft log-in'. Reminds me of Facebook's hugely abused 'Tag' property, which lets idiots tag you in their posts compelling you into viewing them (posts that you don't appear in or have anything to do with etc). This will be a 'dopamine like', as you can't view the email, not even a summary, without visiting Googhoul!

    1. Anonymous Coward
      Anonymous Coward

      Watchout Facebook is trying the same scam

      Before killing Facebook recently I used the Download-Your-Data option. Even though FB includes photos, the HTML files no longer link to the downloaded versions, but instead back to Facebook-com.

      WTF???

      Personally, I've begun to actively write less to people with @gmail, @yahoo, @outlook/hotmail accounts. What's hilarious, is that many of the same people get free email anyway from their non-US Big-Tech ISP. So why opt to be slurped like a data slave?

      People usually state that flawed / deceptive tired old line - 'But I've nothing to hide'. Yeah, well wait till enough behavioral data corporations 'Weaponize' your data against you. Akin to: Quotes: 'If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged'...

      People are too trusting: 'You've been living in a dream world Neo'!

      1. CanadianMacFan

        Re: Watchout Facebook is trying the same scam

        Yes, many people get a free account with their ISP but it becomes a pain if you move and have to switch providers or you just switch ISPs in order to save money. Then you have to tell everyone to update their contacts with your new email address and you need to update all the companies that may send you something important (such as a bill). There would also be the issue of moving the mail from the old ISP to the new ISP (unless I used POP instead of IMAP but many non-technical people might not think to retrieve the messages before closing the account).

        It's much easier to have an email account that doesn't change no matter how you access the Internet. However, Google, Microsoft, and those companies are not the only companies out there that offer free accounts. Others out there offer accounts as a way to try their services with the hope that you will need more than 5GB (or whatever limit they have) or would like to upgrade to other services. The company I'm with is aiming their services at small to medium business but lets individuals have free accounts, with a few restrictions. I even use my own domain with them. When someone asks I give them a good reference because their service has been great. Whenever I have changed ISPs in the past I've never had to worry about losing contact with anyone because my email address has stayed the same.

        1. Anonymous Coward
          Anonymous Coward

          "to have an email account that doesn't change"

          Register your domain, most registrar will also offer a service to send your email to a different address, and it won't cost you more than $10-20 per year.

          You get far better personalized email addresses which are not subject to any changes the fee provider could apply, and are also usable on systems which refuses free email addresses - some start to do it.

          If you're too cheap for that, well, keep on feeding the Moloch...

          1. JohnFen

            Re: "to have an email account that doesn't change"

            "Register your domain, most registrar will also offer a service to send your email to a different address, and it won't cost you more than $10-20 per year."

            This is what I do, but my registrar does the email forward for free. I also run my own mailserver which is where the email gets forwarded to. These days, there are even prebuilt mailserver images available, so doing it yourself is easy if you're a "power user".

      2. Voland's right hand Silver badge

        Re: Watchout Facebook is trying the same scam

        What's hilarious, is that many of the same people get free email anyway from their non-US Big-Tech ISP.

        Those are still run by Google or MSFT in nearly all cases. We have reached the point where 99% of ISPs do not have the competence to run a mail system.

      3. Anonymous Coward
        Anonymous Coward

        Re: Watchout Facebook is trying the same scam

        What's hilarious, is that many of the same people get free email anyway from their non-US Big-Tech ISP. So why opt to be slurped like a data slave?

        In some instances the ISP mail offering is (or has been) an ISP rebadge of Gmail or Yahoo etc. And the problem of relying on your ISP for your email is that if you swap ISP then you're back to relying on a local archive only, which is really the crux of the problem here.

        1. Anonymous Coward
          Anonymous Coward

          "you swap ISP then you're back to relying on a local archive only"

          With IMAP you can easily copy your emails from one mail system to another.

      4. Anonymous Coward
        Anonymous Coward

        Re: Watchout Facebook is trying the same scam

        Problem......

        If you change ISP, you then have you change email address - okay, yes, you could get a domain and do a re-dir....but, google, yahoo and the lot are all "free"....plus with android, you pretty much MUST have a google account....

        I use gmail, I understand the trade off, up until recently, it officially read all my emails - they probably still do it unofficially....

        Do I care that they know my real name if they read my emails? They dont know my address, my real country I live in, etc, etc....

        Any confidential stuff is sent via work accounts....so, only the IT blokes here can have a giggle about my extortionate rent bill....

        1. JohnFen

          Re: Watchout Facebook is trying the same scam

          ".plus with android, you pretty much MUST have a google account."

          No, you really don't. It's only important if you're going to be using Google's services.

          1. This post has been deleted by its author

            1. JohnFen

              Re: 'plus with android, you pretty much MUST have a google account.'

              "That means you must have a 'Google Account' if you want to add any Apps at all... No?"

              No. There are multiple app stores for Android aside from Google's, and there are many repositories where APKs of established apps are available for download that you can side load.

              If you really need to use the Play store, you can also get a Google account and simply not tie it to your phone. Instead, download the apk through a web browser and side load it.

              Using the Play store is entirely optional.

              1. This post has been deleted by its author

                1. onefang

                  Re: 'There are multiple app stores for Android aside from Google's'

                  "Which ones???

                  Name some that aren't infested with Malware etc..."

                  F-droid. Dunno about the others, I don't use them.

                  1. This post has been deleted by its author

                    1. onefang

                      Re: 'Dunno about the others, I don't use them.'

                      "You use F-droid regularly and its totally clear of Malware?"

                      Yes.

                      1. Anonymous Coward
                        Anonymous Coward

                        Re: 'Dunno about the others, I don't use them.'

                        @onefang - Thanks!

        2. Anonymous Coward
          Anonymous Coward

          Re: Watchout Facebook is trying the same scam

          Unless you are doing hairy VPN tricks then they certainly do know the country where your IP address is, and if you use a phone they know much more than that about your location, including almost certainly your home and work addresses and how you commute.

  8. Anonymous Coward
    Anonymous Coward

    Just when you thought Google had hit evil(MAX)

    They found a way to go to 11.

    1. Charlie Clark Silver badge

      Re: Just when you thought Google had hit evil(MAX)

      Possibly, but let's wait to see what's actually available. Sounds like the usual kind of shit you find in "groupware". As it's not interoperable it doesn't stand any chance of wide adoption but that might not matter for those planning to move from, say, MS Exchange, to G Suite and want the ability to recall those e-mails sent in error, because learning to double-check is just too hard.

      1. Anonymous Coward
        Anonymous Coward

        Re: Just when you thought Google had hit evil(MAX)

        The evil part in my mind is sending people a gmail link when email is forwarded. So if someone forwards me an email Google can track when and how many times I read it...why the hell should they be allowed to do that when I don't even use gmail - I go out of my way to use their services as little as possible, in fact.

  9. Christoph
    Facepalm

    "But if you pull email into a different email program, you will instead be presented with a link to the Gmail message."

    "You have just been sent an email, click on this link to read it"

    What could possibly go wrong with that?

    1. Anonymous Coward
      Anonymous Coward

      Quite clearly this is a gsuite feature and everyone will be using Gmail, if someone includes an external email address, clearly that compromises the whole thing.

      I actually think this sounds like a reasonable idea, and it's not like existing corporate email hasn't already added extras like this when working inside a walked garden. Lotus Notes and Outlook already have "broken"things with similar features.

    2. Anonymous Coward
      Anonymous Coward

      re: What could possibly go wrong with that?

      but look here, we ARE a GONUINE GOOGL SPORT SERVICE!!!! In order to verify this, PLEAS CLICK. GOOGL LOGO below to enjoy further benefits!

  10. JohnFen

    What could go wrong?

    "if you pull email into a different email program, you will instead be presented with a link to the Gmail message."

    There's certainly no possible way that this requirement could be used as cover for spam or phishing attacks.

  11. Barry Rueger

    Sayonora

    Yup. It's time to finally extract myself from Gmail. The one positive, ubiquity across multiple platforms, just isn't enough any more.

    I truly dread the prospect. I'm sure that moving my Gmail archive will be a nightmare, but the time has come.

    Oh well, it could be worse: Facebook could offer email.

    1. Anonymous Coward
      Anonymous Coward

      Re: Sayonora

      So you are making a change that means rather than it just working, you will now have to clickbait link to view a message, all because you don't like the idea of clicking a link to view a message!!!

      I really fail to understand your logic there

    2. onefang

      Re: Sayonora

      "I'm sure that moving my Gmail archive will be a nightmare,"

      1) Use a real email client.

      b) Use IMAP or POP to download all of your gmail.

      III) ???

      Four) PROFIT!!

      Simples really. You can even skip the last two steps. Step b even works for spam if you are so inclined.

    3. bobblestiltskin

      Re: Sayonora

      I opened a protonmail account for the self-same reasons. There is an android client too ...

  12. MrDamage Silver badge

    Whatever Google is smoking, I'll take a kilo

    What could go wrong? After years of telling our users not to click on random links in emails, Google is now trying to convince us it's a good thing?

    And even if they recipient does use Gmail, how do they plan to stop people from using snipping tool, or the printscreen key, or even a convoluted setup of a screen-reader having its output sent to a speech to text function?

    1. jelabarre59

      Re: Whatever Google is smoking, I'll take a kilo

      And even if they recipient does use Gmail, how do they plan to stop people from using snipping tool, or the printscreen key, or even a convoluted setup of a screen-reader having its output sent to a speech to text function?

      There's just the thing; in order to comply with ADA/accessibility regulations, Google would *have* to provide a way to read text for the sight-impaired. Which automatically turns it into a data stream which can b saved to a text file. Already subverted before they even release it.

  13. Nick Kew
    Devil

    Embrace and Extend

    Back in the '90s, the previously-dominant players (like Compuserve and AOL) had to move away from walled gardens to survive, and Microsoft abandoned its walled-garden plan in favour of a 'net presence with soft-walls ("embrace-and-extend"). MS's captive market crumbled over time leaving them to compete on more-or-less equal terms.

    What has google learned from history that has led them to an embrace-and-extend plan?

    1. Anonymous Coward
      Anonymous Coward

      Re: Embrace and Extend

      I think what they may have learned is that you can't do this unless you really are a dominant player and you aren't frightened of anti-trust people. MS were dominant enough but were frightened of anti-trust, computserve and AOL were not dominant enough. Google are dominant enough and aren't frightened of anti-trust, so ... away they go.

  14. amanfromMars 1 Silver badge

    Deep AIMinded Mining .... of Rare Earth Raw Source Core Ore for Virtual Processing

    That report almost confirms, Kieren McCarthy in San Francisco, Google is stuck in thinking of re-inventing the wheel because they have nothing novel and revolutionary to offer. Or nothing new that authorities policing and phishing them would allow as acceptable and to be controllable and controlled by them.

    The abiding problem for such policing and phishing authorities though is, their thoughts are not a valid and viable block against a unilateral universal action which does not require permission from competition or opposition?

    Yes .... and that creates a self-destructive conflict in the lesser systems of policing and phishing which can easily be defaulted to try and server Government Surveillance in a Total Information Awareness State of Greater IntelAIgent Games Play.

    And you can be sure that the West does not lead in the East where Not Dissimilar Parallels in AI Programming also exercise and reward the SMARTR and Deeper AIMinded with Remote Virtual Control Leverage for Export and Import/Lend-Lease and Phantom Purchase.

  15. Pointer2null

    But it remembers your login

    So much for security - Gmail remembers your login so the next person to access you machines finds themselves already logged in.

    Also - try using firefox's session restore - pops a logged in gmail window right back for you.

    1. Anonymous Coward
      Anonymous Coward

      Re: But it remembers your login

      "So much for security - Gmail remembers your login so the next person to access you machines finds themselves already logged in.

      Also - try using firefox's session restore - pops a logged in gmail window right back for you."

      Not if you nuke your computer with Bleachbit after you're done looking through your email.

    2. Anonymous Coward
      Anonymous Coward

      Re: But it remembers your login

      Using a shared machine with a shared account and not using the browser in privacy mode (clearing the cache, etc.) is looking for trouble regardless of what service you're using.

    3. LochNessMonster

      Re: But it remembers your login

      "So much for security - Gmail remembers your login so the next person to access you machines finds themselves already logged in."

      Only because YOU told it to. You're asked if you want it to remember the password the first time you log in on a new device (even warning it's not a good idea on shared devices). If you click "no" then it remembers nothing and you're required to enter your creds each time you access the service (provided you're not dumb enough to simply walk away still logged in, of course).

  16. Anonymous Coward
    Anonymous Coward

    prevent email forward or printing

    and when you take a photo of the screen with your mobile phone, it (the screen) will melt.

    ...

    uh, there's a patent for that?! 17 of them by Apple, 346 by MS, 25893 by Google?! What, no FB?!

    1. onefang

      Re: prevent email forward or printing

      "and when you take a photo of the screen with your mobile phone, it (the screen) will melt."

      Well naturally if it's an Android phone, the entire phone will melt or catch fire. Samsung was prototyping this feature with their Galaxy S7.

  17. Anonymous Coward
    Meh

    Nice to see them copying....again.

    Protonmail been doing this stuff for years.

    And unlike Google, I trust them.

    https://protonmail.com/security-details

    1. Anonymous Coward
      Anonymous Coward

      Re: Nice to see them copying....again.

      It's nothing new DLP (Data Leak Prevention) tools had implemented it well before Google.

      But one thing is when it is used inside a company perimeter, another on the broad internet.

  18. onefang

    Google was already doing this with their Jabber / XMPP system (what ever it's called this year), dropping support for bits of the protocol, to try to lock in users to their walled garden.

    Oh well, I've already setup my own email servers, and was just about to start the process of weaning every one off my gmail addresses.

  19. Flakk
    Trollface

    But if you pull [Gmail] email into a different email program

    ...you will instead be presented with a link to the Gmail message. an opportunity to delete the email and forget all about it.

    Me willingly making a connection to a Google service... that'll be the day.

  20. Anonymous Coward
    Anonymous Coward

    Where's my Netscape Navigator?????????

  21. GnuTzu

    Avoid the Traps

    I think I just up-voted half the comments here. The traps are so transparent. Like others here, I've been using a paid IMAP email service for over a decade; only costs me about $3 a month--for the deluxe package. The features a wonderful. I think I'll write a rule to dump all @gmail addresses into a spam learning folder.

    1. Norman Nescio Silver badge

      Re: Paid-for IMAP service

      <AOL>Me too!</AOL>

      Ancient (net) history aside, one of the benefits of paid for email services is the complete lack of advertising. And there is a very good chance my provider is not telling fibs when they say the only scanning of email content by them is for their anti-virus suite(s), which can be turned off if I wish - i.e. it is very probably not being mined for advertising purposes. If I have a question, I get to contact English-speaking technical support who have more than a clue, I pay less than 2.5 Euro per month, and I don't need to worry about server maintenance and backups of the mail store. Unfortunately, some of the people I need to communicate with use Google's offering exclusively, so I can't simply dump messages originating from Google.

      I'm studiously not saying who it is so I can't be accused of being a shill for their service. I'm just a satisfied customer.

  22. Anonymous Coward
    Anonymous Coward

    lol the phantom downvoter (not me!) strikes again and downvotes all posts by 1...

    except 1 post... my hypothesis is that is the phantom downvoter since he couldnt downvote his own account...

    Check and see starting from the top.

  23. Anonymous Coward
    Anonymous Coward

    Self destructing emails for business - the regulators will love that!

    How to kill your business strategy in one foul swoop......

    Google loves to sell its products to businesses - however, a number are regulated and required to keep all communications for x number of years (often 7).

    How will the regulators deal with emails that self destruct.....>?

  24. Anonymous Coward
    Anonymous Coward

    Automating the fix

    Now I have to figure out how to write a mail client rule for auto-reply requesting a real email message as the non-message has been quarantined as a security measure.

  25. GrapeBunch

    Minority rebort

    Shoot me (downvote with an explanatory message) if I'm being too naive, but isn't google's business model based on them selling targeted advertising based on the data they hoover/slurp? If they sold the data itself, they'd be endangering their source of income. Plus if that came out, it would ruin their reputation, such as it is.

    A company that does not have the targeted advertising gravy train, that company would be more thoroughly tempted to sell your data to crims, to govts, to business--no matter what their privacy policy might say.

    I'm not praising google, just saying that they have reason$ to respect your identity, reasons that a lot of other companies lack.

    NSA and its ilk have unlimited access to your online activity, google or no google, especially if you are not a USA citizen. You might think that SSL and encryption protect you, but if they're bothered to find you, neither of those will be any help.

  26. Adrian Midgley 1

    Point mail.

    Is what I called a prototype I made last century, aimed at not emailing file attachments, and counting how many times they had been downloaded.

    The people who emailed Word files didn't want to know.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like