
Google is testing expiring emails in the new Gmail - antoinec
https://techcrunch.com/2018/04/13/google-is-testing-self-destructing-emails-in-new-gmail/
======
twhb
Gmail intentionally deviates from the IMAP spec, forcing email clients to
either become Gmail clients or work poorly with Gmail. They refuse to support
IMAP push, instead saving push for the Gmail API. Recently they introduced AMP
for Email, which happens to work via emails that only Gmail can read. Now they
introduce another feature which happens to work via emails that only Gmail can
read.

I think it's pretty clear what's going on here.

By the way, FastMail's work at the protocol level -
[http://jmap.io/](http://jmap.io/) \- is open source, and being standardized
by the IETF.

~~~
paxys
That's because Push-IMAP was abandoned a long time ago and isn't even part of
the standard. Every provider out there (Microsoft with Exchange ActiveSync,
Apple's MobileMe and iCloud push, Yahoo, and others) has their own push
mechanism.

FastMail itself is using something non-standard, and saying it is open source
and "being standardized" means nothing. See
[https://xkcd.com/927](https://xkcd.com/927).

~~~
iforgotpassword
At least they're trying to be as transparent as possible, and working with the
ietf certainly gives it some additional legitimacy. Google as usual just goes
the "we're big enough, so accept it or go fuck yourself" way. They're the new
Microsoft of the 90s, only much worse.

------
harshulpandav
"On the recipient’s side, the person was using the existing version of Gmail
and received a link to view the confidential email. The recipient had to log
into their Google account once again to view the content."

IMO this is an open invitation to phishers.

~~~
kbsletten
I think the genie's out of the bottle on that one, I can already do the same
with a million other services.

~~~
croshan
Well, this gives a plausible reason for having to log back into an account
you're already logged into. And normalizes the behavior.

So the next time you get an email from "google", you won't think twice about
why you have to log back in.

~~~
kbsletten
Yeah, but I think the battle is lost. _All_ users should _always_ double-check
why they need to enter credentials on _any_ page from _any_ website. I think
that the simple act of logging into a site to use it has already "normalized"
the need to re-enter credentials to a point beyond saving.

------
simplicio
Seems annoying. No one would rely on this to keep actual sensitive info
private, since you can just screen shot it.

On the other hand, part of the point of Gmail is that it makes your emails
easily searchable, so you can quickly dig up info from old mail rather than
have to make a note of said info in some sepearate program/notebook/whatever.
But if emails are going to randomly be disappearing, it could really cripple
that utility.

~~~
matte_black
Why do people keep bringing up screenshots as some kind of evidence of
something that was said? I can easily go into an email, bring up the source
code, edit the email body to have some racist tirade, then screenshot the
edited email and use that as “evidence” against a person.

~~~
ksk
Nobody is actually doing that. You are confusing evidence against someone
versus "I better make a copy of this for myself before it stops working".

~~~
matte_black
Then why not just copy and paste the text....

~~~
HillaryBriss
You'd have to go to some special measure to copy and paste the text because
they disable the standard, easy copy/paste functionality.

But taking a photo is always doable. This is a standard argument. If you can't
trust the recipient to preserve privacy then there isn't a technological way
to defeat this kind of information leak.

~~~
Froyoh
You should be able to copy by disabling JavaScript

~~~
sirclueless
The typical way to avoid this particular problem is only to load the content
via JavaScript while copy/paste are presumed disabled.

~~~
Widdershin
What's to stop you from removing the event listeners disabling copy and paste
through the console/dev tools?

~~~
matte_black
You could use that CSS rendered font someone made a while ago to make it into
an uncopyable text.

~~~
boombip
This whole argument about copying is rather silly, at some point the text must
be transmitted in a human readable form. At which point it can be recorded
either electronically, or in the most difficult case by writing down manually
what must be copied. Everything else is a question of degrees.

~~~
pjmlp
If you happen to be on corporate computer, access to developer tools can be
disabled via group policies.

------
peatmoss
This is only possible if one believes in the capacity to control client
security on the other side. There’s also the problem that something viewable
by the recipient’s eyeballs is also photographable by the recipient’s camera.

Moreover, I worry about the new Gmail feature that undermine the open platform
of email. Email is just about the last unwalled comms platform we have, and I
really worry for its safety if gmail thinks it can start differentiating
network effects on gmail vs network effects on email.

I switched my vanity domain over to Fastmail a while back. I haven’t had any
regrets. New features like this make me even more glad.

~~~
Someone1234
Email is doomed either way. The standard is indefinitely stuck in "IE6" mode,
where there's few if any improvements, updates, or fixes. Everyone time anyone
suggests significant improvements one of the big players (Google, Microsoft,
Yahoo!, etc) says no and it stalls.

If email gets a "HTML5"-like major refresh at some point then I'd be proven
wrong but that hasn't happened yet in my lifetime. Microsoft in particular
between Outlook.com, 365, and Exchange/Outlook Desktop are a major hindrance
to any advancement.

See:
[https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#...](https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#Related_requests_for_comments)

~~~
bad_user
Not having improvements is a feature.

Yes, please leave email the way it is, because it works fine. It’s one of the
few things that does.

The only feature I want is end to end encryption. Google will never make
encryption easy on their own because they’ve got perverse incentives not to.

~~~
paxys
Email does not work fine. There is no standard for encryption or any other
information security mechanism. No server identity verification. No delivery
confirmation. No push standard. No concept of groups or other ways to
categories and manage access between users in a domain. Every provider has
their own implementation of threaded conversations. No major provider supports
non-ASCII addresses. Servers can't even agree on simple message formatting.
Most things that make email actually useful are outside the spec and tacked on
by each individual provider.

Email is one of the last widely used open communication protocols, and it is
sad that people are so resistant to its evolution because that is exactly what
is accelerating its demise in favor of proprietary software.

~~~
yjftsjthsd-h
> There is no standard for encryption or any other information security
> mechanism.

I agree that SSL in transit and GPG could stand to be improved, but they do
exist.

> No server identity verification.

What do you want that SPF+DKIM doesn't cover?

> No delivery confirmation.

Good? That sounds like asking for abuse. And in any event, it's no different
than inline remote images (which of course are blocked for the same reason
that delivery confirmation is a bad idea). Unless you just mean being sure
that the message got to the target server, in which case I agree that the best
we can do is delivering it directly to the target MX and see that it confirmed
that it received the message.

> No push standard.

Temporarily true, pending JMAP (which I suppose strengthens your point about
needing innovation).

> No concept of groups or other ways to categories and manage access between
> users in a domain.

Not quite sure what this means. Do you want something like shared mailboxes
and tags?

> Every provider has their own implementation of threaded conversations.

True, though in a message-centric format I'm not sure that it's a bug.

> No major provider supports non-ASCII addresses.

Not a bug in email, only arbitrary restrictions by certain providers. Also
opens you up to unicode normalization attacks (phishing is easier if you can
fake characters).

> Servers can't even agree on simple message formatting.

I'm not sure what formatting servers even care about (email is just some blobs
of text strung together), but I can't really refute this without knowing what
you refer to more specifically.

> Most things that make email actually useful are outside the spec and tacked
> on by each individual provider.

Email is useful because it lets us send arbitrary stuff (usually a text body
and zero or more attachments) between federated providers. It's a simple-ish
protocol that is stable and just works.

EDIT: In summary, I vastly prefer email as it is: A simple protocol that can
include arbitrary information, which allows people to extend it however they
want. Of course, this means that extensions are arbitrary and at best non-
required, but that keeps it flexible and back-compatible.

------
korginator
Everything I read in the article made me cringe.

It's pretty obvious Google is moving the facebook way. This will evolve into a
proprietary messaging system, basic mail gets demoted to a third-class
service, and people get locked into yet another non-standard ecosystem
controlled by one company.

The only difference is that facebook was blatant about it, and google's taking
the boiling frog approach.

~~~
Boulth
The same happened with GTalk, first completely standard XMPP service then some
extensions to it, then abandoning. Embrace, extend...

------
twotwotwo
The really bad-news thing for me here is Google decided it's good for business
to try DRM for email, doing their best to take away (recipient) user control
and talking about it as a feature. (They've _gone along_ with crummy ideas, of
course, but _promoting_ DRM for email's a whole 'nother thing.)

And they do it even though, as you note, there are tons of ways to really do
confidentiality much better. The Signal protocol has worked great for chat, to
name another example. The problem with that for Google, I guess, is that end-
to-end security is more in line with the Apple model of smarts living on the
user's device, not the Google model that requires the server to read and
understand all of every user's content. (I say that as someone on Android,
Linux, and so on. I'm not super invested in Apple or their ecosystem.)

Also, this idea is salvageable. You could have "request expiration," etc. and
maybe you honor by default but don't suggest you enforce it. And managed work
environments can try any DRMish stuff they like (though it will still be
unreliable!), because the boss is the customer and if they want to make it a
pain for the user to do certain things they can. But as it stands now, false
sense of security for the average user, and an entirely valid feeling for
those parsing the details that companies like Google are more than happy to
erode user control.

I would love to see this idea ridiculed for how broken it is. Maybe it will
even inspire less broken privacy features from competitors.

~~~
mtgx
Not many people are paying attention, but this is just another move from
Google to make email = Gmail.

It's trying to turn email into a proprietary thing that only works between
Gmail addresses. All the Inbox "AI-enhanced" nonsense was also part of this
plan, and I'm glad it hasn't caught on because of that.

The only thing that would make me accept Gmail turning email into a less open
format is if they enabled end-to-end encryption similar to ProtonMail that
wasn't a pain to use like PGP is. At least then there would be a good reason
for killing the old format and breaking compatibility with other providers.

Ideally, it would still be a format that other email providers could at least
adopt later on, and then the email services could remain compatible with each
other. But providing end-to-end encryption at all would be a big deal on its
own.

But this or the AI stuff are a joke in comparison. And we know Google doesn't
care anymore about end-to-end encryption (now that it has become Pentagon's
bestie), as it has already killed its own End-to-End project.

~~~
twotwotwo
> Not many people are paying attention, but this is just another move from
> Google to make email = Gmail.

Agree with that.

And sad and weird. There are plenty of ways to do well in business without
eroding the open nature of email!

~~~
mywittyname
A counter argument is that email wasn't really designed with the security
considerations that we have today. So while I agree with both of you, this is
an eventual and necessary evolution of email.

Self-destructive and encrypted messaging is something many, many email users
have wanted for years. And people who absolutely require these features (such
as hospitals) have long-ago come up with similar solutions.

~~~
twotwotwo
I mean, lots of security improvements that make promises _that they can keep_.
I'm not saying they have to do my pet idea; I'd have zero complaints if they
announced they were pushing 2FA to more people, or a dozen other things.

But "your message will self-destruct in a week" is a flawed promise because a
bad actor can snap a photo of your email, apply a zany photo filter, get it
printed on 11x13" photo paper, buy a colorful frame for it, and hang it on the
wall of their home for visitors to artistically enjoy for years. It's not
meaningfully gone unless all copies of it are gone, and this feature won't
ensure that.

"Request expiration," like I alluded to in my earlier message, makes a promise
that's closer to reality. A feature like that that's honored by default will
help when both sides want messages gone, without overpromising. Importantly,
it doesn't involve trying to take away the recipient's power over data they
possess, or fiddling with the open email ecosystem too much. Trying to take
away users' control over their data is a tendency that has more bad potential
outcomes than good, and so is breaking the remaining openness of email.

(There're also some potential practical issues. It's more of a pain to keep
documentation you were harassed over this kind of email, for instance, though
since the feature is badly broken it's still possible. It breaks recipients'
very-long-standing expectations about how things work, too. Folks mentioned
all that when Facebook talked about support for unsending messages recently.)

The less-bad possibility is that Google just said, "well, folks enjoy Snapchat
and such" and sort of didn't go that deep into the weeds. The bad-bad case is
what mtgx said, that they're conscious of the bugs but consider them features.

------
ocdtrekkie
Relevant blog post on another upcoming Gmail feature:

"Email is your electronic memory":
[https://blog.fastmail.com/2018/02/14/email-is-your-
electroni...](https://blog.fastmail.com/2018/02/14/email-is-your-electronic-
memory/)

------
kome
Please, let's not "disrupt" the email: it's so beautiful because it's so
standard. For example, google's dot rules already (ko.me@gmail.com =
kome@gmail.com) make no sense and break many applications: they need to stop.

I like innovation, but to innovate email wouldn't be better to innovate in a
slow and consensual way using RFC after RFC, at least in the case of email?

~~~
TremendousJudge
email was killed by spam, current email is sadly a walking zombie that's
getting eaten by maggots

~~~
caiw
I have very little problem with spam; server-side filtering and client-side
filtering make it nearly a non-issue for me. Email was no more killed by spam
than online discussion threads were.

~~~
jraph
Spam is still an issue. When you set up a new mail server, you are likely to
be filtered by big providers because they will consider you as spam. I've
personally had issues with Microsoft and a local provider. This makes self
hosting or running a small email provider hazardous, which is problematic. I
never had issues with Google and Yahoo though.

I guess spam and spam filters also have an ecological impact even if spams
don't end up in our inbox.

And there are false positives too. Because of spam, we are likely to miss a
legitimate message one day or another.

And I regularly see phishing on my professional inbox.

So spam is still an issue even if it is hidden, for several reasons.

------
zitterbewegung
Honest headline:

Google is allowing you to hide emails from its public interface after a
specific amount of time.

~~~
daveFNbuck
Did you read the article? That's not what they're doing. They're replacing the
contents with a link that eventually stops working. Nothing is being changed
in the recipient's e-mail interface.

~~~
warkdarrior
Did you read the OP's post? They're replacing the contents with a link that
eventually stops working _for you_. Nothing is being changed in Google's
backend, so the original message can be preserved for as long as they desire.

~~~
daveFNbuck
The e-mail does not get hidden. The recipient can still see the e-mail after
the expiration time. The backend has been changed, as this link feature would
require a new backend.

The headline "Google is allowing you to hide emails from its public interface
after a specific amount of time" implies that this is just a change to an
existing interface and would only work for recipients who use gmail.

------
supermdguy
I wonder how "destroyed" an email is is when the NSA/FBI wants to read it a
year later. Google has no incentive to actually protect the content of "self-
destructing" or any other type of emails, so it's dishonest for them to
pretend to provide a private email service.

~~~
ChrisAntaki
Pretty sure Gmail isn't being used for ad targeting anymore
[https://mobile.nytimes.com/2017/06/23/technology/gmail-
ads.h...](https://mobile.nytimes.com/2017/06/23/technology/gmail-ads.html)

~~~
lovetrump
Is it because the NSA pays enough to rentabilize gmail?

~~~
supermdguy
I took out the part about ads

~~~
lovetrump
sometimes I just forget that ads actually exist... (except for junk mail and
billboards)

------
lultimouomo
In my eyes this is clearly not meant as a way to prevent malicious intentional
data exfiltration; what it does is force users who want to retain and forward
the data to do so in a way that leaves no doubt about their intentions, so
that they can be more easily sued.

------
optimalsolver
By "self-destruct" do you mean stored on a Google server somewhere?

------
cs702
No. No. No.

Google, _please_ don't mess with email standards.

~~~
alexkavon
Waaaay too late on that. Just try setting up your own server and sending to a
Gmail address.

~~~
CaptSpify
I do that all the time without any problems. What issues have you seen with
it?

~~~
nunodonato
marked as SPAM. I get that a lot

~~~
squarefoot
Not good at all. This should happen only if one of your servers has been
compromised and spits out spam that gets logged by Google. Does unmarking your
email as spam by the recipient work? If not that would be an indication it's
intentional.

~~~
written
Most of the big providers are shit, I wish I could shame them, but alas, I can
not.

If I'm responding to e-mail from their users, I expect at least my initial
response will get through. You really don't need any fancy crap like
DKIM/SPF/nice IP addresses database/AI/bayes/etc. in this case to make the
decision if e-mail is legitimate.

All my responses contain randomly generated ID of the message I'm responding
to that nobody else than the sender and the intended recipient (me) can know.
If it matches one of the e-mails their user sent me, say within a reasonable
timeframe, and it's a first response or so, it is almost certainly genuine.

It just shows how little they give a crap about their _own users_ , if they
don't make such a simple check to _make sure_ that their users can get
responses to all sent emails.

Instead of making e-mail work, they're inventing bullshit like this new
"expiring email" thing and making redesigns nobody asks for.

------
pasbesoin
Well, this is finally the nudge that broke the camel's back, to leave Gmail.

And it will play havoc in GSuite, where there are needs and requirements for
various entities to maintain business records. (Maybe these deleted emails
remain visible to administrators? Still leaves employees without control over
the messages sent to them, including and especially abusive ones.)

Anyway, feels like more asymmetry in what was designed as a symmetric model --
like much of the Net.

------
stingrae
I feel like people are missing what I think the core reason for this feature,
to limit what is available to opposing attorneys during discovery.

~~~
carussell
For anyone in the Northern District of California at least, that's a pretty
awful use case, for the reasons I mention above. You open yourself up to being
culpable for the strongest hypothetical against you (versus just dealing with
the magnitude of the worst thing that you actually did).

------
urda
Unless you locally encrypt your content _before_ shipping it to Google _or any
other mail server_ , you can _never_ be sure that your e-mail is "self
destructing".

This is a dog and pony show.

~~~
dingo_bat
Even then it is not "self-destructing", you need to ship an exe that works
only after it asks your server over the internet.

------
greenail
Assuming gmail and g-suite share technology, I doubt any enterprise customers
would be comfortable with the content of the email actually being purged. I'd
guess there is some backdoor for corporate compliance and auditing reasons.

I also don't see any reason you couldn't build a bot that grabs these for you
to keep via the gmail add on api.

~~~
HillaryBriss
wait. why wouldn't at least _some_ corporate customers be interested in this
sort of thing?

they'd have a standard, non-selective, purely time-based expiration policy
which would be defensible in the face of a government investigation.

"Your honor, we made no attempt to hide specific details about this matter.
Our policy has always been to destroy all messages that are greater than 90
days old."

~~~
walshemj
Then a Judge says that policy is designed to hamper the police and security
services based on "reasons" contempt of court and sends a CEO to jail for a
month.

A retention period in line with SEC requirements (7 years I believe) might fly
but 90 days is to short -also how would you discipline some one for abuse of
the email system if the evidence disappears

~~~
HillaryBriss
yes, right. that's fine. they could make the expiration time 7 years and a
day.

also, when a company finds itself under investigation in court, the judge can
order a temporary halt to the ongoing process of timely email deletion so that
a fair discovery process can occur.

i believe there are existing penalties for abusing the email system if
evidence disappears. that wouldn't change.

------
Digihash
The idea sounds nice, but I would actually like it if any of the big ones like
Microsoft or Google could make an implementation for end-to-end encryption
using a standard like PGP or S/MIME.

If they can add features like the temporary "confidential" mail as what Google
is implementaing in Gmail, that would be a nice extra. But if we can't even do
the basics right, why implement such features that can only be used between
your own users?

Because when you try to use PGP these days using different implementation like
Thunderbird/Enigmail to Outlook/GPGOL or vice versa, half of the times the
e-mail are unreadable, not able to be decrypted or some other mysterious
problem.

------
josteink
So Google is finally admitting they are not at an actual email provider, but
creating their own closed wall service.

Glad I’ve moved to fastmail.

------
augustz
What I'm struck by is how many people don't see value in this. If you work
with sensitive data, this is valuable. A business may already trust google,
but they want to send emails (even internally) that expire. I'd like it if it
just expired the attachments - that's normally where sensitive data lives.

I don't even need to prevent printing etc.

I'd also love a setting, email over 1 year old, you have to jump through some
extra hoops to access it.

~~~
spookylukey
There is no value in it because it is a false promise. If you give someone
access to data, you have lost control over it, especially if it is by email -
because not everyone uses Gmail. Many of those who do do not use the web
client, and email clients are ultimately controlled by end users, even web
based ones.

Only if you have complete end-to-end control over all the devices that
everyone uses, including their brain, can you stop people from copying data.

If I have a file that I want to limit access to, I would never dream of
sending it via e-mail. Some hosted document service which only shows parts of
the file would be far preferable.

~~~
vatueil
There's no way to stop someone from copying the message if they really want
to. That doesn't mean a system that prevents the recipient from accidentally
leaking the message has no use.

There are plenty of scenarios where the sender may be confident that the
recipient will not intentionally betray their trust but may not want to leave
long-term traces behind (say, forwarding confidential documents to a family
member). Rather than reminding them not to forward the email and to delete it
ASAP, you could just use this feature instead.

Just because something doesn't can't cover all scenarios doesn't mean it's
useless. Firefox's Private Browsing can't hide your activity from a determined
eavesdropper, for example, but there are still plenty of ways in which it's
useful.

------
hartator
That’s a bad move. It’s already hard to teach users not to sign in via
suspicious link, so adding a legitimate case will be just confusing.

------
matlk
"In the compose screen, there’s a tiny lock icon called “confidential mode”.
It says that the recipient won’t be able to forward email content, copy and
paste, download or print the email."

I can see how they could prevent this happening for the average user, but do
they really have some way actually stop this?

~~~
on_and_off
I mean .. nothing stops you from taking a picture of your screen

The way I see it, it could be useful for internal emails you don't want
inadvertently shared with the outside.

~~~
hliyan
Hopefully no service will go so far as to blank the screen when a lens is
detected by the webcam...

~~~
gray_-_wolf
1) not everything has a webcam 2) most people I know cover them on laptos with
ducktape anyway

------
megaman22
Well, realistically, unless Microsoft goes along with it and builds the same
implementation into Outlook, this ain't going anywhere. Business runs on
Outlook, and Office 365 is the other huge part of Microsoft's revenue, outside
Azure.

------
mega_behemoth
So from now and on, it's called g-mail, and not e-mail, and they are not
compatible. Also this seems to be a stupid idea, as who'd believe self-
destructing or expiring emails would actually be ever deleted from
g-servers...

------
intrasight
So what? We'll all just have to install a newer version of one of the many
existing browser extensions that saves all our email.

------
throwaway2048
can't wait till this is used as an excuse to break SMTP compatability.

~~~
mikro2nd
First they came for my XMPP, and I did nothing because I didn't use Jabber,
Then they came for my RSS, and I did nothing because I didn't read newsfeeds,
...

> the company is now evolving beyond the simple POP3/IMAP/SMTP protocols

Seems almost as though Google has learned the "Adopt, adapt, decomoditise"
mantra so beloved by Microsoft in days of yore.

------
joering2
About 2 years ago I received a quote in my yahoo email that on the bottom said
"this email will vanish from your mailbox within 48 hours". And sure it did! I
wonder how the author did that. He wasn't working for yahoo or anything like
that; it was a quote not related to technology in any way.

I'm still puzzled by this one. Anyone?

~~~
dingo_bat
I don't think there is any way to do that unless yahoo was in on it.

------
gesman
Someone possibly already building a service to undelete "expired" email.

Automatic local snapshots that you control!

Sort of like deleted tweets that suddenly everyone have elevated interest in
and can read forever.

In fact the more "deleted" the tweet (or email) is - the more attention it
will get.

------
murraylola0
Contact spylink80@keemail.me for all your cyber problems name it whats app,
Facebook snap chat anything you can think off,he is the perfect person you
need when it comes to that .He will surely help you.

------
matthewaveryusa
What a bunch of hype garbage this is. If you send something in plaintext to a
server it's already game over.

If Google was serious about privacy it would pgp-encrypt everything so only
the client, client-side can decrypt it, just like what protonmail does.

pfff, 'self destructing emails', what a heaping pile of razzle dazzle no-ops
that is -- this is more likely subliminal advertisement for the new mission
impossible movie.

~~~
Someone1234
Except in info-sec there's different degrees of information disclosure. You
seem to be focused on mitigating disclosure to government, Google, or a rogue
employee of either one but the scope is significantly larger and more diverse
than that.

The biggest benefit of this is removing the email from archives, so weeks,
months, or years later if the account gets compromised the gains are lower.
For example an email with the subject "HIV Test Results" has a far different
value with and without a body included.

A more down-to-earth example is I just sent my wife a W-2 via email for our
taxes. I asked her to delete the email after downloading the document. But
instead I could have just set an expiration on the contents and poof it is
gone.

~~~
e12e
There's a big difference between "self-destructing _g_ mail" and "self-
destructing _e_ mail".

Even with the first, Google supports forwarding all mail to an arbitrary email
address, which means the "Gmail" becomes a text-file stored on a dovecot
server (or other regular mail server) somewhere.

So unless they break delivery (you can forward only some subset of emails) -
there's no way for the sender to have any better guarantee than "please delete
after reading".

At least the pgp spec has (had?) an "eyes only" flag that, while it didn't
guarantee anything, at least meant compliant software would try hard to not
leave a plain text copy on the filesystem.

~~~
cat199
> So unless they break delivery

Why break delivery when you can break sending?

just store the contents locally, and replace the body with some URL that the
user has to click..

then, when non-gmail users have been desensitized to clicking links in emails
'because gmail', and get viruses constantly, sell them gmail as a way to have
email without risk of viruses.

win win!

~~~
johnchristopher
Isn't that how protonmail works for non protonmail users ?

~~~
e12e
Yeah, and it's not really email either. Facebook started doing something
similar for its "email notifications" a good while back. At one point, they
sent the comment body in the email notification alerting you to a new comment
- so you didn't have to use the (Web) app just to read a couple of lines of
text. So they used to have email _integration_. These days they've settled for
email _annoyance_.

------
yssrn
This would be great... if taking (and faking) screenshots wasn't possible.

------
godelski
So it isn't encrypted? That doesn't seem substantially more secure.

------
CamperBob2
I wish Dropbox would do something like this as well -- let me specify that
files in a certain directory will auto-delete themselves after a set period of
time, or immediately after being retrieved.

------
yoavm
This is how the end of e-mail as we know it looks like. Self destructing
messages, expired attachments, disabled forwarding. Heck, they took the mail
out of the e-mail.

------
rdlecler1
Slack has a feature to delete posts after a certain period of time. We use
this internally so that we can have unfiltered frank discussions.

~~~
mlrtime
it's still on the server

------
m3kw9
Looks like privacy is making a big come back and fuk all these companies that
gives free service in exchange to use your personal info

------
harshulpandav
A better solution could be to convert the email into an image with "VOID"
watermark all over the image after its expiration.

------
outsidetheparty
smells like “embrace, extend, and extinguish”

------
akhatri_aus
If you can take a picture with your phone or a screenshot of the email, what's
the point?

------
tyingq
Great. So now I have forward every email I get to some non-google email as a
backup.

------
gsich
Not possible with POP3 I guess.

~~~
Spivak
Yes possible with anything. Instead of sending the content of the message they
send an expiring link which is transparent when viewed in GMail.

You can save the message contents with effort, that's not really the threat
model this is feature is addressing. But neither POP nor OfflineIMAP will help
you by default.

~~~
gsich
Sounds like a shitty way to do it. I know that principle, otherd have tried
it.

------
anonu
Wouldn't self destructing emails only work if both sides use Gmail?

~~~
Someone1234
No, the article covers this.

The recipient receives a link instead to the content.

~~~
eikenberry
But the link requires you to have a google account, and every google account
is also a gmail account...

~~~
danans
Actually, you can sign up for an account without GMail:

[https://accounts.google.com/SignUpWithoutGmail](https://accounts.google.com/SignUpWithoutGmail)

Disclosure: Googler, but not on GMail.

~~~
eikenberry
Learn something new every day... Thanks.

------
siculars
That’s not how email works. That’s not how any of this works.

------
azinman2
This is terrible for forensic evidence. Many an illegal activity is captured
and busted because of email records — just think of the Enron dataset for
example.

------
snvzz
As to how bad I find this is: It's more than enough to close the account.

If in the receiver end I can't disable this, this is it.

------
akrasuski1
Uhmm... screenshot the mail; self-destruction circumvented.

~~~
BenoitP
It wouldn't prevent humans from remembering the mails, too.

But screenshots are easily faked, and IMHO might (and should) not hold up in
court. This is the equivalent of hearsay.

~~~
kafquaesque
If it was a high-profile case and the screenshot was evidence of a crime, I’m
assuming they have people that could weigh in as an expert on doctoring
images?

~~~
jamiethompson
How would you differentiate between a screenshot of an email in gmail and a
screenshot of an email in gmail where someone had inspected the source and
changed the text before screenshotting?

~~~
kafquaesque
Good point. If it was the only evidence and didn’t connect with anything else
it would not be substantial proof. I would think it could add to a story but
not be definitive proof? You are describing the defense against the screenshot
which could be backed up by “expert” testimony. Here is something I found on
e-mails being edited in outlook even:
[https://community.spiceworks.com/topic/1135234-can-i-
protect...](https://community.spiceworks.com/topic/1135234-can-i-protect-an-
email-i-am-sending-from-being-edited-by-the-recipient) (questionable source)

------
lovetrump
> It says that the recipient won’t be able to forward email content, copy and
> paste, download or print the email.

DRM for email? that worked so great for the media industry... No thanks.

~~~
ceejayoz
Seems like people will figure out the screenshot approach pretty quickly here.

~~~
garaetjjte
But what if it uses Widevine and HDCP? /s

