Or screen capture, or inspect element, or taking a picture with your phone, or JS injection, or using an extension, or IMAP...
The only way for this to work is to restrict the user freedom so much it will:
- cost a huge amount of money
- lower the productivity
- kill the mood of everybody
My take on this is that if your industry really needs this kind of feature, either you suck as a human being and I don't want to work for you, or you are doing something amazing and secretive and in this case you don't use gmail.
Well, I tried it out. At least the IMAP is partially mitigated since you basically get a link to a separate web page -- the contents aren't embedded in the email itself.
On the other hand, that means there's no reason to resort to something as complicated as JS injection or dev tools. Screenshots will usually work fine, because messages aren't threaded, so you'll likely get the entire message showing up on one page. They do block Ctrl-S, they use a click handler that prevents it from reaching the browser. Very fiendish, very clever. Except that the save button still works in the menu.
On the plus side, I'm now wondering if that, "go to the top of your menu and hit the file->save button" exploit would make me eligible for a bug bounty, since according to their documentation I should need malicious software to download the message. I guess Chrome falls into that category though?
> Well, I tried it out. At least the IMAP is partially mitigated since you basically get a link to a separate web page -- the contents aren't embedded in the email itself.
Wow, so it kills your offline productivity as well, and of course make back ups and archiving harder. I know it's kinda of the point, but I haven't realized the implications of it until you said so.
