
Gmail's confidential mode is not confidential - rahuldottech
https://tutanota.com/blog/posts/gmail-privacy-problem/
======
judge2020
This blog post could be shortened to:

> Gmail's confidential emails are just standard emails with some extra
> features like unprintable, unforwardable, uncopyable, and so on. However,
> this will not stop anyone from taking a screenshot from the unprintable
> email, just to print off the screenshot.

In fact, this is literally the second paragraph in their help article on the
topic[0].

The rest of the blog post is FUD and an advertisement for their E2E email
product (which also doesn't protect against someone taking a screenshot or
taking pictures with their phone).

Yes, Gmail does have access to the email before and after it's encrypted, and
"Google has access to its users emails" is obvious; you'll have to choose who
to trust, and gmail users trust Gmail to not personally go snooping through
their emails. Google says very few employees have production access to
data[1].

0:
[https://support.google.com/mail/answer/7674059](https://support.google.com/mail/answer/7674059)

1: [https://gsuite.google.com/learn-more/security/security-
white...](https://gsuite.google.com/learn-more/security/security-
whitepaper/page-7.html)

~~~
webmobdev
Shame on you for trying to deliberately mislead the readers here.

You are just trying very hard to trivialize and cast aspersions on the very
legitimate concerns raised in the article by very selectively quoting from the
article.

In fact, the actual point of the article is the very real and obvious issues
of privacy concerns raised and described in the beginning of the article
itself:

> Though pretending to offer privacy, Gmail's confidential mode comes with
> three major problems:

> 1\. The emails are not end-to-end encrypted.

> 2\. Google retains full access to the email even when you set a self-
> destruct timer.

> 3\. If you password-protect an email, Google can link your recipient's phone
> number with their email address.

Privacy aware and concerned netizens like me avoid GYM (Google, Yahoo and
Microsoft) email services precisely because we do NOT want to be profiled by
these corporate so that our personal data is not used by them against us.

In fact, I have made it a policy to always send password protected emails
(from services like Tutanota, Protonmail, Mailfence etc.) to users of GYM
email services. I do this to ensure that these services have no access to my
emails and hence cannot collect data on me through it.

When some users of these services complain to me I explain to them while I
have no issues with them using the service or willingly sharing their personal
data with them, I refuse to consent to be profiled when I actively AVOID these
companies.

I highlight this in particular so that more can be aware that "shadow
profiling" of users by GYM and Facebook, all for-profit mega multi-national
monopolist corporates is a genuine privacy concern and should not be lightly
dismissed, and we need to raise more awareness and demand better laws to be
protected against it. Till then, unfortunately, we will have to depend on
valuable services like these.

\-----

More on the extent Google (and others) will go to "shadow profile" someone:
[https://www.forbes.com/sites/joetoscano1/2019/09/03/google-h...](https://www.forbes.com/sites/joetoscano1/2019/09/03/google-
has-my-dead-grandpas-data-and-he-never-used-the-internet/#45652be32b0c)

\-----

The actual context that the quote you highlighted was said to point out
something different:

> Information classified as confidential relates by definition to something
> very personal or top secret. It must be kept from any and every third party
> by all means.

> This form of secrecy can only be achieved with end-to-end encryption.
> Encryption guarantees that only the people holding the key to decrypt the
> information can gain access to it.

> This is why end-to-end encryption is an absolute necessity when
> communicating confidentially.

> When sending an email with Tutanota, you have the option to send a
> 'confidential' email - which refers to an end-to-end encrypted email, or a
> 'not confidential' email - which refers to a standard email.

> With this definition in mind, Gmail's confidential emails are just standard
> emails with some extra features like unprintable, unforwardable, uncopyable,
> and so on. However, this will not stop anyone from taking a screenshot from
> the unprintable email, just to print off the screenshot.

~~~
judge2020
> The actual context that the quote you highlighted was said to point out
> something different:

And I addressed the point the blog post made.

Privacy is a different concern compared to confidentiality. The HN title is
"Gmail's confidential mode is not confidential", while the blog post only
lightly focuses on actual confidentiality (something other email encryption
services don't fix either since there are screenshots) and is largely about
privacy. Sorry for mistaking what the blog post was going to primarily address
based on the HN title.

But, there is a problem with the actual article in terms of what it's saying:

> Gmail as one of the major email services worldwide has realized that privacy
> concerns are rising constantly - and this is happening at a global scale. To
> meet this new demand for private and secure emails, Gmail has introduced a
> new feature: Confidential mode.

Um... no, it was neither created for the purpose of privacy nor security.
Nowhere on the support article does it mention the words "private" or
"secure", save the actual Privacy Policy footer. Privacy (in terms of Google
knowing x and y about me or what's in this email) is not the same as
confidentiality (preventing someone from quickly and easily forwarding the
email to their friend).

Your privacy concerns are valid in every sense, but attacking confidential
mode is effectively clickbait intended to get readers to buy into the
encrypted email product and drop Gmail.

------
Steven_Vellon
Is confidential mode actually trying to sell itself as an encrypted email
service? Google's articles about confidential mode doesn't mention encryption
[1], so I'm not sure why tutanota is focusing so much on the lack of
encryption. It seems to me that confidential mode is more about providing
proof of receipt via SMS, and making it slightly harder for employees to
forward emails to people not meant to receive it.

If wanted to send an encrypted email, I'd do my encryption and decryption
client side in my own terminal. Don't ever let the service's email client get
access to the plaintext.

1\.
[https://support.google.com/a/answer/7684332?hl=en](https://support.google.com/a/answer/7684332?hl=en)

~~~
rndgermandude
Google advertises this stuff as "confidential". You don't get "confidential"
without encryption.

This is like a company advertising "our product will make your car use less
fuel", and all they give you is a sticker that says "less fuel!" to attach to
your car. But that's OK because they didn't say "our product uses
'technology'"?

------
yannyu
I like the idea of someone tearing down Gmail's confidential email feature,
but this article isn't terribly thoughtful. It mostly just repeats the same 2
or 3 points over and over (confidential mode isn't, end-to-end encryption is
important, our product does end-to-end encryption). It feels like it was
rushed out to get ahead of others who might write the same thing, rather than
trying to educate people about what these terms mean to them and why they
should be important.

~~~
jsnell
It's not even rushing out to get ahead of others. Protonmail wrote basically
the same blog post, point for point, three months ago[0].

[0][https://news.ycombinator.com/item?id=20242637](https://news.ycombinator.com/item?id=20242637)

------
sg0
Since Google has named it 'confidential mode' and not 'secured mode', it is
evident (to me at least, the word `confidential` means `me, you and anyone
else you tell`) that there is no encryption. I won't use Gmail anyway if I am
paranoid about security. I like this feature, hopefully this mode will also
give options to decide longevity of incoming emails.

------
thrwn_frthr_awy
I a major problem for most people (even in tech circles) is the lack of
ownership over their email address. E-mail address portability is a real
problem.

Edit: Is there a reason for the down votes? Lack of portability/ownership
allows Google to change policies with less repercussions. It is because my
account is new?

------
edmoffo
There is no such thing as confidentiality, as long as you let someone transfer
your data, be it Google, your local network provider, or a mobile operator.
The only solution is end-to-end encryption, which obviously Gmail won't allow,
since they need our data for their AdWords to target ads better.

------
eikenberry
IMO this is more about audits and lawsuits than about security. Many companies
have policies about email retention and this skirts those enabling electronic
communications that automatically shred themselves.

------
agentdrtran
Exchange/Outlook has had this feature for years.

------
helpPeople
"However, this feature is neither confidential nor private as Google still has
unlimited access to its users' emails, even when they use confidential mode."

Yes, that's how databases work.

If we use this same logic, is Apple not being private with your data?

~~~
eridius
Apple uses end-to-end encryption for iMessage, which is the only Apple-related
confidential communication I can think of (well I have no idea what the
guarantees around FaceTime are).

~~~
izacus
Uhm, Apple also holds emails, calendars, contacts and notes on their servers
via iCloud.

~~~
eridius
Beyond explicitly using secure notes (which are encrypted), I don't recall
Apple promising "confidentiality" of those things. I mean, I don't expect
Apple to give that data to others, but I also don't assume Apple has no way of
accessing that given a court order.

------
nixpulvis
There's a gap in the way we talk about security in the industry it seems.

On one hand, we have the tools to build cryptographically secure information
systems, and on the other hand there's features that simply make most users
more secure.

For example, as mentioned in the article, Gmail will allow you to send an
email where the recipient can't forward it. Practically this may help protect
against careless adversaries, but a motivated user can obviously copy and
paste somehow.

Cryptography tends to rely on computationally hard problems, meanwhile this
kind of security seems to rely on problems that are seen as cumbersome or
impractical from a UX perspective.

The problem I have is masquerading "UX security" (for lack of a better term)
as cryptographic security.

