{"id":269187,"date":"2018-07-21T15:30:41","date_gmt":"2018-07-21T13:30:41","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=269187"},"modified":"2018-07-21T14:40:52","modified_gmt":"2018-07-21T12:40:52","slug":"the-problem-with-new-gmail-confidential-mode","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/software\/269187-the-problem-with-new-gmail-confidential-mode.html","title":{"rendered":"The problem with new Gmail &#8220;confidential&#8221; mode"},"content":{"rendered":"<p><em>By EFF Deeplinks Blog<\/em><\/p>\n<p>With Gmail\u2019s\u00a0<a href=\"https:\/\/www.theverge.com\/2018\/4\/12\/17227974\/google-gmail-design-features-update-2018-redesign\">new design<\/a>\u00a0<a href=\"https:\/\/www.digitaltrends.com\/computing\/gmail-rollout\/\">rolled out<\/a>\u00a0to more and more users, many have had a chance to try out its new \u201c<a href=\"https:\/\/support.google.com\/mail\/answer\/7674059?co=GENIE.Platform%3DDesktop&amp;hl=en\">Confidential Mode.<\/a>\u201d While many of its features sound promising, what \u201cConfidential Mode\u201d provides isn\u2019t confidentiality.<\/p>\n<p>At best,\u00a0the new mode might create\u00a0expectations that it fails to meet around security and privacy in Gmail. We fear that Confidential Mode will make it\u00a0less likely for users to\u00a0find and use other, more secure communication alternatives.<\/p>\n<p>And at worst, Confidential Mode\u00a0will push users further into Google\u2019s own walled garden while giving them what we believe are misleading assurances of privacy and security.<\/p>\n<p>With its new Confidential Mode,\u00a0<a href=\"https:\/\/support.google.com\/mail\/answer\/7674059?co=GENIE.Platform%3DDesktop&amp;hl=en\">Google purports<\/a>\u00a0to allow you to restrict how the emails you send can be viewed and shared: the recipient of your Confidential Mode email will not be able to forward or print it.<\/p>\n<p>You can also set an \u201cexpiration date\u201d at which time the email will be deleted from your recipient\u2019s inbox, and even require a text message code as an added layer of security before the email can be viewed.<\/p>\n<p>Unfortunately, each of these \u201csecurity\u201d features comes with serious security problems for users.<\/p>\n<h3 class=\"my-4\"><b>DRM for Email<\/b><\/h3>\n<p>It\u2019s important to note at the outset that because Confidential Mode emails are\u00a0<em>not<\/em>\u00a0<a href=\"https:\/\/sec.eff.org\/articles\/different-encryption\">end-to-end encrypted<\/a>,\u00a0<a href=\"https:\/\/www.eff.org\/deeplinks\/2018\/03\/thinking-about-what-you-need-secure-messenger#endtoend\">Google can see the contents of your messages<\/a>\u00a0and has the technical capability to store them indefinitely, regardless of\u00a0any\u00a0\u201cexpiration date\u201d you set.<\/p>\n<p>In other words, Confidential Mode\u00a0provides zero confidentiality with regard to Google.<\/p>\n<p>But despite its lack of end-to-end encryption, Google promises that with Confidential Mode, you\u2019ll be able to send people unprintable, unforwardable, uncopyable emails thanks to something called \u201c<a href=\"https:\/\/www.skyhighnetworks.com\/cloud-security-blog\/what-is-information-rights-management-irm\/\">Information Rights Management<\/a>\u201d (IRM), a term\u00a0<a href=\"https:\/\/support.office.com\/en-us\/article\/information-rights-management-in-office-c7a70797-6b1e-493f-acf7-92a39b85e30c\">coined by Microsoft<\/a>more than a decade ago. (Microsoft\u00a0also uses the term \u201c<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/information-protection\/understand-explore\/what-is-information-protection\">Azure Information Protection<\/a>.\u201d)<\/p>\n<p>Here\u2019s how IRM works: companies make a locked-down version of\u00a0a product that checks documents for\u00a0flags like \u201cdon\u2019t allow printing\u201d or \u201cdon\u2019t allow forwarding\u201d and, if it finds these flags, the program disables the corresponding features.<\/p>\n<p>To prevent rivals from making their own interoperable products that might simply ignore these restrictions, the program encrypts the user\u2019s documents, and hides the decryption keys where users aren\u2019t supposed to be able to find them.<\/p>\n<p>This is a very brittle sort of security: if you send someone an email or a document that they can open on their own computer, on their own premises,\u00a0nothing prevents that person from\u00a0<a href=\"https:\/\/www.eff.org\/issues\/analog-hole\">taking a screenshot or a photo of their screen<\/a>\u00a0that can then be forwarded, printed, or otherwise copied.<\/p>\n<p>But that\u2019s only the beginning of the problems with Gmail\u2019s new built-in IRM.<\/p>\n<p>Indeed, the security properties of the system depend not on the tech, but instead on a\u00a0Clinton-era copyright\u00a0statute. Under Section 1201 of the 1998\u00a0<a href=\"https:\/\/www.eff.org\/issues\/dmca\">Digital Millennium Copyright Act<\/a>(\u201cDMCA 1201\u201d), making a commercial product that bypasses IRM is a potential felony, carrying a five-year prison sentence and a $500,000 fine for a first offense. DMCA 1201 is so broad and sloppily drafted that just revealing defects in Google IRM could land you in court.<\/p>\n<p>We think that\u00a0\u201csecurity\u201d products\u00a0shouldn\u2019t have to rely on the courts to enforce their supposed guarantees,\u00a0but rather on technologies such as\u00a0<a href=\"https:\/\/ssd.eff.org\/en\/module\/deep-dive-end-end-encryption-how-do-public-key-encryption-systems-work\">end-to-end encryption<\/a>\u00a0which provide actual mathematical assurances of\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Information_security#Confidentiality\">confidentiality<\/a>. We believe that using the term \u201cConfidential Mode\u201d for a feature that doesn\u2019t provide confidentiality as that term is understood in infosec is misleading.<\/p>\n<h3 class=\"my-4\"><b>\u201cExpiring\u201d Messages<\/b><\/h3>\n<p>Similarly, we believe that Confidential Mode\u2019s option to set an \u201cexpiration date\u201d for sensitive emails\u00a0could\u00a0lead users to believe that their messages will completely disappear or self-destruct after\u00a0the date they set.<\/p>\n<p>But the reality is more complicated. Also sometimes called\u00a0<a href=\"https:\/\/www.eff.org\/deeplinks\/2018\/03\/thinking-about-what-you-need-secure-messenger#ephemeral\">\u201cephemeral\u201d or \u201cdisappearing\u201d messages<\/a>, features like Confidential Mode\u2019s \u201cexpiring\u201d messages are not a privacy panacea. From a technical perspective, there are plenty of ways to get around expiring messages: a recipient could screenshot the message or take a picture of it before it expires.<\/p>\n<p>But Google\u2019s implementation has a further flaw. Contrary to what the \u201cexpiring\u201d name might suggest, these messages actually continue to hang around long after their expiration date for instance,\u00a0<a href=\"https:\/\/mashable.com\/2018\/04\/27\/new-gmail-expiring-emails-confidential-mode\/\">in your Sent folder<\/a>.<\/p>\n<p>This Google\u00a0\u201cfeature\u201d\u00a0eliminates one of the key\u00a0security properties\u00a0of ephemeral messaging: an\u00a0<a href=\"https:\/\/signal.org\/blog\/disappearing-messages\/\">assurance<\/a>\u00a0that in the normal course of business, an expired message will be irretrievable by either party. Because messages sent with Confidential Mode\u00a0are still retrievable\u2014by the sender\u00a0<em>and\u00a0<\/em>by Google\u2014after the \u201cexpiration date,\u201d we think that calling them expired is misleading.<\/p>\n<h3 class=\"my-4\"><b>Exposing Phone Numbers<\/b><\/h3>\n<p>If you choose the \u201cSMS passcode\u201d option, your recipient will need a\u00a0<a href=\"https:\/\/www.eff.org\/deeplinks\/2016\/12\/12-days-2fa-how-enable-two-factor-authentication-your-online-accounts\">two-factor authentication<\/a>-like code to read your email. Google generates and texts this code to your recipient, which means you might need to tell Google your recipient\u2019s phone number\u2014potentially without your recipient\u2019s consent.<\/p>\n<p>If Google doesn\u2019t already have that information, using the SMS passcode option effectively gives Google a new way to link two pieces of potentially identifying information: an email address and a phone number.<\/p>\n<p>This \u201cprivacy\u201d feature can be harmful to users with a need for private and secure communications, and could lead to unpleasant surprises for recipients who may\u00a0<a href=\"https:\/\/www.eff.org\/deeplinks\/2018\/03\/thinking-about-what-you-need-secure-messenger#alias\">not want their phone number exposed<\/a>.<\/p>\n<h3 class=\"my-4\"><b>Not So Confidential<\/b><\/h3>\n<p>Ultimately, for the reasons we outlined above, in EFF\u2019s opinion calling this new Gmail mode \u201cconfidential\u201d is misleading. There is nothing confidential about unencrypted email in general and about Gmail\u2019s new\u00a0\u201cConfidential Mode\u201d\u00a0in particular.<\/p>\n<p>While the new mode might make sense in narrow enterprise or company settings, it lacks the privacy\u00a0<a href=\"https:\/\/ssd.eff.org\/en\/glossary\/end-end-encryption\">guarantees<\/a>\u00a0and\u00a0<a href=\"https:\/\/www.eff.org\/deeplinks\/2018\/03\/thinking-about-what-you-need-secure-messenger\">features<\/a>\u00a0to be considered a\u00a0<a href=\"https:\/\/www.eff.org\/deeplinks\/2018\/03\/building-secure-messenger\">reliable secure communications<\/a>\u00a0option for most users.<\/p>\n<p><a href=\"https:\/\/www.eff.org\/deeplinks\/2018\/07\/between-you-me-and-google-problems-gmails-confidential-mode\" target=\"_blank\" rel=\"noopener\">EFF<\/a><\/p>\n<h3 class=\"my-4\">Now read:\u00a0<a href=\"https:\/\/mybroadband.co.za\/news\/it-services\/269163-google-microsoft-facebook-and-twitter-partner-on-data-transfer-project.html\" rel=\"bookmark\">Google, Microsoft, Facebook, and Twitter partner on Data Transfer Project<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>What \u201cConfidential Mode\u201d provides isn\u2019t confidentiality &#8211; EFF.<\/p>\n","protected":false},"author":23,"featured_media":257799,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sma_x_autopost_status":"idle","_sma_x_autopost_error":"","_sma_x_post_id":"","_sma_x_attempts":0,"footnotes":""},"categories":[16],"tags":[407,167,35],"class_list":["post-269187","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software","tag-gmail","tag-google","tag-headline"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/269187"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=269187"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/269187\/revisions"}],"predecessor-version":[{"id":269189,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/269187\/revisions\/269189"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/257799"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=269187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=269187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=269187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}