Internet related News · 2018-07-23

Doubts raised over security provided by Gmail’s ‘Confidential mode’ – News

electronic frontier foundationThe Electronic Frontier Foundation (EFF) has raised doubts over the effectiveness of Gmail’s ‘Confidential Mode.’

It said on its Website that while many of its features had promise, what the Mode provided was not confidentiality. At best, the new mode might create expectations that it failed to meet around security & privacy in Gmail, said the EFF authors.

Each of the “security” features as spelled out by Google for Gmail comes with serious security problems for users, the EFF alleged. With its new Confidential Mode, Gmail allows users to restrict how the emails they send can be viewed & shared: the recipient of your Confidential Mode email will not be able to forward or print it. You can also set an “expiration date” at which time the email will be deleted from your recipient’s Inbox, among other things.

As it is, the Confidential Mode emails are not end-to-end encryptedGoogle can see the contents of your messages & has the technical capability to store them indefinitely, regardless of any “expiration date” you set. In other words, it does nothing for confidentiality with regard to Google.

But despite its lack of end-to-end encryption, Google promises that with Confidential Mode, you’ll be able to send people unprintable, unforwardable, uncopyable emails thanks to something called “Information Rights Management” (IRM), a term coined by Microsoft more than a decade ago.

Here’s how IRM works: companies make a locked-down version of a product that checks documents for flags like “don’t allow printing” or “don’t allow forwarding” &, if it finds these flags, the program disables the corresponding features. To prevent rivals from making their own interoperable products that might simply ignore these restrictions, the program encrypts the user’s documents, & hides the decryption keys where users aren’t supposed to be able to find them.

This, claimed EEF, was “a very brittle” sort of security. For example, said the EFF, if you send someone an email or a document that they can open on their own computer, on their own premises, nothing prevents that person from taking a screenshot or a photo of their screen that can then be forwarded, printed, or otherwise copied.

But that’s only the beginning of the problems with Gmail’s new built-in IRM. For the rest click here.


 

Click here to opt-out of Google Analytics