Gmail’s “Confidential Mode” – Not so Great for Privacy

Google’s new Gmail Confidential Mode isn’t so great for privacy and can be potentially awful for the open web. Gmail is one of the most prominent online services and has been the most frequently picked webmail service by a billion of people across the world. Google has been constantly evolving and it keeps upgrading its mailing platform with new designs that comprise unique and innovative features. The most trending and yet again ‘Googled’ feature these days is the Confidential Mode of Gmail.

What exactly is the Confidential Mode?

The Confidential Mode is an approach made by Gmail to protect all the sensitive content of the users in their emails by restricting the lifespan of the message with an expiry date and by revoking all of the previously sent emails. In addition to the auto-deletion feature, it also enables message views only after a text message authentication. This is done to protect the email messages if the user account is attacked by a cybercriminal.

The sender can restrict the user’s permission to copy, forward, print, or download the mail content, hence securing all the sensitive data. This seems great, but there are numerous problems attached to Google’s new endeavor to upgrade Gmail and its usability.

Problems with the Confidential Mode

Most notable among the problems associated with the new Gmail feature is the presence of expired emails from the recipients’ inbox in the Sent folder of the creator of the mail. Since expired emails are kept in the sender’s Sent folder, people who use this feature should ensure that they permanently delete the emails kept in their Sent folder.

This is a huge shortcoming since the messages are not purged automatically and their copies exist online.

Copies of expired messages can be preserved by Google for an undisclosed time period. Government or other authorities can ask for a copy of the message, maybe even years later. This can be a surprise to those who are assumed that their emails are secured.

Apart from this, evading the security features of Gmail’s confidential mode to copy, forward, print or download the messages is easy. There’s a loophole that allows all of these activities while the email is still visible on the other side. Screenshots of these messages can be used to preserve message data and details.

Security issues with Gmail’s Confidential Mode

And that’s not all. There are a number of security issues with Gmail’s Confidential Mode. The new permission controls can be turned off by ticking boxes on the Style Editor Tab present on the Firefox Web Console as claimed by a researcher.

There are also legal issues hovering around the weaknesses in the technical protections of Gmail. The confidential mode isn’t as secure as the email DRM system. The DRM system is overlaid by anti-circumvention provisions as drafted in the 2001 Copyright Directive and in the Digital Millennium Copyright Act in the EU and US respectively. Deceiving DRM under these rules can be harsh.

The new Gmail features invoke Section 1201 of the Digital Millennium Copyright Act. The act clearly prohibits avoiding access controls and punishes the traffickers with 5 years of prison and a fine of up to $500,000 when found guilty for the first time.

Bypassing Confidential Mode

You can use Firefox to bypass the Confidential Mode because Google cannot control Firefox. But it can control Chrome so Google makes sure you cannot override this mode on Chrome. Google just might turn off Google Docs and Gmail on Firefox – in the name of “user privacy protection.”

Google threatening Mozilla using DMCA would not be a surprise. If Mozilla tried disabling Firefox’s ability to circumvent Gmail’s controls over its new confidential mode, Google could sue the organization with serious legal cases. Mozilla has been ignoring a major threat that could lead to the organization being bullied by Google. However, Google in the past days has carefully presented its image as a friend rather than a competitor and has supported free software.

Google can opt to not put any compulsion on Mozilla or free software coding agencies or groups who write software patches that imply changes in Mozilla, as an alternative to working in agreeance with the court orders.

Is Confidential Mode a Wise Decision?

Google could be following the extremely injudicious step once taken by Mozilla some years back. Implementing the W3C standard Encrypted Media Extensions (EME) could be a huge mistake for Google. EME is likewise designed to permit DRM in a standardized way. The feature was first implemented to serve the purpose of streaming videos. Google has proposed to adopt the EME scheme to lock the email messages and has been careful enough to not leave any scope that could deter its application to web pages or to its messaging system, Gmail.

If Google continued with its decision to secure its mails, Firefox will stand a silent spectator to not being able to circumvent the security. Both the organizations would equally hold the code with DRM’s EME implementation and will have to oblige to the protection features. However, the analog hole will stay constant.

Supporting the EME approach further could be a turnaround point in Mozilla’s journey. Users will not be able to control the open source software. If unable to circumvent Gmail’s EME-based special feature- the confidential mode, users will also lose their control over Firefox, thereby changing its status from being a free software to a restricted one.

This can lead to some serious implications.

No company but Gmail has proposed implementing the EME approach that applies DRM to most of the web pages. With other messaging companies hesitant to bring in the EME technology into effect, Google has become the first company to imply it on web pages. This can prove to be a big step, converting the web and interfaces into a read-only media.

In a Nutshell

Even though the aforementioned report is a complete hypothetical analysis, it displays how steps taken to improve the security issues in emails can have an extremely contradicting consequence for not only the open sources but also the open Internet. Situations exacerbate even if big names like Google took the EME route. Nothing can deter circumvention of the security features brought in by the Confidential Mode, owing to the ever-expanding analog hole. In simpler terms, the feature brings in more collateral damage than real gain.