Gmail rolls out DRM for email and office documents, calls it "Confidential Mode"

Originally published at: https://boingboing.net/2018/07/20/not-actually-confidential.html

7 Likes

To this day, i continue to see tech nerds who should know better making themselves utterly dependant on Gmail. Hell, even making their businesses utterly dependent on Gmail. Such utter stupidity. For a paltry sum you can buy a domain and an email account from a real ISP (and/or your own server from a colo provider) and have a company that is contractually obliged to provide you with the services you need for your livelihood, that will actually answer the phone when you call them and will be incentivized to fix any problems that arise. Your email will not be data mined for marketing purposes, and you will own your data and be able to securely delete it when that becomes necessary or desirable.

Then again, I’m a lunatic who deleted all of his google, yahoo, facebook, etc, accounts when news of the tech giants’ lapdog cooperation with the NSA’s warrantless spying on everything and everyone in the world broke.

11 Likes

I guess there are some coders out there at work right now on “IRM Defeater” or the like. Possible pseudo code:

-user opens an IRM’d email
-user engages “IRM Defeater” app
-app screenshots the email
–scrolls thru if needed to capture entire message
-app OCR’s the shot
-app takes OCR’d text, reinserts into non-confidential email and forwards back to same user (just for kicks)
–option: forward de-IRM’d email back to sender with message: “In the future, please try to be more discreet with how you use email!”

7 Likes

I often muse how what we call “copyright” and what we call “privacy” are the same thing from a technical point of view. In either case, you’re leaking information into the world (by publishing an album, or by going out in public), and then hoping to control access to it after it’s been leaked. And in either case, there are perfectly good reasons to want that. Except you can’t, because reality. So knock it off.

7 Likes

I wish six months would go by without somebody asking me to make a document readable, but unalterable and uncopyable.

Nowadays I look at them and say “you’ve got a cell phone camera in your pocket, right?” and quite often they still don’t get it.

7 Likes

…if you send someone an email or a document that they can open on their own computer, on their own premises, nothing prevents that person from taking a screenshot or a photo of their screen that can then be forwarded, printed, or otherwise copied.

Wouldn’t that be true of any email?

1 Like

Google was hardly the first to reverse-engineer the old formats, no? And aren’t the newer formats supposed to be open? I seem to recall there was considerable pressure on MS to adopt an open standard that would be readable in the future – suggesting that Google would quickly drive people away if it seemed like one’s information was at risk of being locked-in. Then again, that considerable pressure came at a time when people weren’t quite so enthusiastic about storing things in the cloud.

1 Like

My domain is managed by GMail and has been for over 10 years. But with only a few hours of effort I can pry my domain off Gmail and serve up e-mail and XMPP myself. And store documents in WebDAV, or get more elaborate and use Git or Fossil.

Good for you. Although I don’t carry nearly as much paranoia as you do, so my views are different on this.

It’s not paranoia (the NSA can look into my ISP’s traffic just as easily as they look into Gmail. The only people who have secrets from the spymasters nowadays are actual foreign agents, terrorists, and nerds who go to a lot of trouble to encrypt absolutely everything). it’s refusal to patronize gutless companies that facilitate mass spying and then lie about it to their users.

5 Likes

:+1:that is a very nice summary of the fundamental problem with the very idea of intellectual property and why we’ve had such issues finding solutions that aren’t far worse then not having any solution.

2 Likes

plop that into google translate and switch to corporate speak…

sounds better when they say it…lol. :stuck_out_tongue_winking_eye:

really most of these companies main business is perfecting algorithms that facilitate separating us from our hard earned money for a cut, and shoving as much of that at us as possible with candy on top to lure us in. sure i’ll give away all my privacy for some silly dog ears on my selfies.

The technological equivalent of white panel “candy vans”.
#TechCandyVan

The main predator on this savanna is the same as it has always been, the class system’s money funnel, keeping most everyone poor and working so a few can reap all the benefits disproportionately. The other parties abusing these systems like, russia with facebook, are really secondary feeders taking advantage of a well oiled exploitation machine.

4 Likes

I don’t mean to suggest that people should give up on getting paid for content, or having their privacy respected. Just that they should give up on the easy solution promised by DRM, as it’s a dumb fantasy.

On the copyright side, the solution is to say “please pay a small fee to see this movie”, and make it easy for them to do that, and trust that a good proportion of them will. There is a ton of evidence that this can work fine as a way for creators to get paid. The “problem” is that it doesn’t fit with the rent-seeking plans of financial capitalism.

On the privacy side, the solution is also to trust in people - you can’t stop them recording you on a plane, but together we can/must choose to treat each other better than that. Here, again, the main obstacle is financial capitalism, which leads directly to the desperate attention-farming of social media, where people violate one another for clicks in the remote hope of winning a big prize.

3 Likes

Neither do I. Supporting creators is one area I gladly spend my money as do many, and the more directly I can get money to them the better.

IP laws cost and hurt creators far more often then they help them, but they were never really for them. We are all potential creators and the idea that we have to limit creation and take things from the public domain in order to compensate creators is a tragically flawed assumption whose cost to everyone is so far greater than the benefit it is truly bewildering.

The idea you can own an idea is crazy, once a thought is out, reality is, it is out and can’t be owned or put back in a bottle, and very little arrises in a vacuum, or doesn’t build on other ideas, or arises from a singular source. These laws don’t reflect reality and ended up only really benefiting the corporations that helped craft them. They are the ones that perpetuate the myth of these laws in any way helping the poor content creator, when in reality more often than not they can’t afford to exercise its protections. very seldom are the creators even the “property” holders anymore, and they often don’t even own rights to their own creations.

We can certainly value and compensate creators for their unique performances and takes on these ideas without chopping off the ability of humanity to create at the knees.

4 Likes

Pretty sure this feature exists to allow companies to comply with the European GDPR rules. My employer recently jumped through the flaming GDPR hoops, part of which was implementing the Microsoft equivalent of this so people could encrypt emails containing “Personally Identifying Information”.

This isn’t some nightmarish new way for Google to screw you over, it’s just stupid fallout from government regulation.

2 Likes

You know what? I’m happy for this, the reason being that as a habitual skater (in the military sense) this layer of encryption gives me a new cover to get out of work:

  • Someone (usually tech illiterate) emails me ‘work’ I don’t want to do
  • If encrypted I could wait an hour (that’s how long it takes people to get off email and back to work), bounce it back to them saying that I can’t see it, and by the time they try again it’s probably too late in the work day.
  • If unencrypted I can bounce it back with the concern that it needs to be encrypted, then see last step.
5 Likes

I don’t know about this. Email at any scale is hard and running your own email services is the opposite of fun. Colo isn’t cheap and “real ISPs” are dying out at a rapid pace.

Unless you’re renting colo space and running your own servers (I did this for many years and it sucks) you’re still putting all your eggs in somebody’s basket.

I’ve had both Google or Microsoft run my domain services for the past 10 or so years and I wouldn’t go back to those dark days of being my own IT person. It’s not a perfect solution but it gets the job done with minimal hassle.

4 Likes

I used to date a gal who worked at Google.

They didn’t try to stop people from forwarding internal emails marked clearly “DO NOT FORWARD”.

They just fired the people that did.

I can guess the unseen feature they are selling to companies here.

3 Likes

I was advocating putting your eggs in a basket that you have paid for (and comes with genuine customer service) rather than one that is being paid for by the monetization of your eyeballs (and comes with diddly squat). Colo and running it yourself is an option for the masochistic and/or those with a genuine need to have full control.

It also gives emails an “expiration date” after which they are no longer viewable.
It also allows the sender to revoke access at any time.

Which, again, can be trivially defeated by screenshots (or future apps that OCR your screenshot). On balance, it just seems like a terrible feature: if the communication really is important (or compromising), people will go to the trouble of copying it. if not, then, it’s just an unnecessary hindrance to communication.

Oh, and just how does this protocol conform to the Freedom of Information Act? (It doesn’t.) Imagine the White House, in the name of “security”, setting all their emails to expire on Jan, 20, 2021 (or 2025).

5 Likes

You know, snail mail has its uses.

2 Likes