Google is testing expiring emails in the new Gmail

Gmail intentionally deviates from the IMAP spec, forcing email clients to either become Gmail clients or work poorly with Gmail. They refuse to support IMAP push, instead saving push for the Gmail API. Recently they introduced AMP for Email, which happens to work via emails that only Gmail can read. Now they introduce another feature which happens to work via emails that only Gmail can read.<p>I think it&#x27;s pretty clear what&#x27;s going on here.<p>By the way, FastMail&#x27;s work at the protocol level - <a href="http:&#x2F;&#x2F;jmap.io&#x2F;" rel="nofollow">http:&#x2F;&#x2F;jmap.io&#x2F;</a> - is open source, and being standardized by the IETF.

&quot;On the recipient’s side, the person was using the existing version of Gmail and received a link to view the confidential email. The recipient had to log into their Google account once again to view the content.&quot;<p>IMO this is an open invitation to phishers.

Seems annoying. No one would rely on this to keep actual sensitive info private, since you can just screen shot it.<p>On the other hand, part of the point of Gmail is that it makes your emails easily searchable, so you can quickly dig up info from old mail rather than have to make a note of said info in some sepearate program&#x2F;notebook&#x2F;whatever. But if emails are going to randomly be disappearing, it could really cripple that utility.

This is only possible if one believes in the capacity to control client security on the other side. There’s also the problem that something viewable by the recipient’s eyeballs is also photographable by the recipient’s camera.<p>Moreover, I worry about the new Gmail feature that undermine the open platform of email. Email is just about the last unwalled comms platform we have, and I really worry for its safety if gmail thinks it can start differentiating network effects on gmail vs network effects on email.<p>I switched my vanity domain over to Fastmail a while back. I haven’t had any regrets. New features like this make me even more glad.

Everything I read in the article made me cringe.<p>It&#x27;s pretty obvious Google is moving the facebook way. This will evolve into a proprietary messaging system, basic mail gets demoted to a third-class service, and people get locked into yet another non-standard ecosystem controlled by one company.<p>The only difference is that facebook was blatant about it, and google&#x27;s taking the boiling frog approach.

The really bad-news thing for me here is Google decided it&#x27;s good for business to try DRM for email, doing their best to take away (recipient) user control and talking about it as a feature. (They&#x27;ve _gone along_ with crummy ideas, of course, but _promoting_ DRM for email&#x27;s a whole &#x27;nother thing.)<p>And they do it even though, as you note, there are tons of ways to really do confidentiality much better. The Signal protocol has worked great for chat, to name another example. The problem with that for Google, I guess, is that end-to-end security is more in line with the Apple model of smarts living on the user&#x27;s device, not the Google model that requires the server to read and understand all of every user&#x27;s content. (I say that as someone on Android, Linux, and so on. I&#x27;m not super invested in Apple or their ecosystem.)<p>Also, this idea is salvageable. You could have &quot;request expiration,&quot; etc. and maybe you honor by default but don&#x27;t suggest you enforce it. And managed work environments can try any DRMish stuff they like (though it will still be unreliable!), because the boss is the customer and if they want to make it a pain for the user to do certain things they can. But as it stands now, false sense of security for the average user, and an entirely valid feeling for those parsing the details that companies like Google are more than happy to erode user control.<p>I would love to see this idea ridiculed for how broken it is. Maybe it will even inspire less broken privacy features from competitors.

Relevant blog post on another upcoming Gmail feature:<p>&quot;Email is your electronic memory&quot;: <a href="https:&#x2F;&#x2F;blog.fastmail.com&#x2F;2018&#x2F;02&#x2F;14&#x2F;email-is-your-electronic-memory&#x2F;" rel="nofollow">https:&#x2F;&#x2F;blog.fastmail.com&#x2F;2018&#x2F;02&#x2F;14&#x2F;email-is-your-electroni...</a>

Please, let&#x27;s not &quot;disrupt&quot; the email: it&#x27;s so beautiful because it&#x27;s so standard. For example, google&#x27;s dot rules already (ko.me@gmail.com = kome@gmail.com) make no sense and break many applications: they need to stop.<p>I like innovation, but to innovate email wouldn&#x27;t be better to innovate in a slow and consensual way using RFC after RFC, at least in the case of email?

Honest headline:<p>Google is allowing you to hide emails from its public interface after a specific amount of time.

I wonder how &quot;destroyed&quot; an email is is when the NSA&#x2F;FBI wants to read it a year later. Google has no incentive to actually protect the content of &quot;self-destructing&quot; or any other type of emails, so it&#x27;s dishonest for them to pretend to provide a private email service.

In my eyes this is clearly not meant as a way to prevent malicious intentional data exfiltration; what it does is force users who want to retain and forward the data to do so in a way that leaves no doubt about their intentions, so that they can be more easily sued.

By &quot;self-destruct&quot; do you mean stored on a Google server somewhere?

No. No. No.<p>Google, <i>please</i> don&#x27;t mess with email standards.

Well, this is finally the nudge that broke the camel&#x27;s back, to leave Gmail.<p>And it will play havoc in GSuite, where there are needs and requirements for various entities to maintain business records. (Maybe these deleted emails remain visible to administrators? Still leaves employees without control over the messages sent to them, including and especially abusive ones.)<p>Anyway, feels like more asymmetry in what was designed as a symmetric model -- like much of the Net.

I feel like people are missing what I think the core reason for this feature, to limit what is available to opposing attorneys during discovery.

Unless you locally encrypt your content <i>before</i> shipping it to Google <i>or any other mail server</i>, you can <i>never</i> be sure that your e-mail is &quot;self destructing&quot;.<p>This is a dog and pony show.

Assuming gmail and g-suite share technology, I doubt any enterprise customers would be comfortable with the content of the email actually being purged. I&#x27;d guess there is some backdoor for corporate compliance and auditing reasons.<p>I also don&#x27;t see any reason you couldn&#x27;t build a bot that grabs these for you to keep via the gmail add on api.

The idea sounds nice, but I would actually like it if any of the big ones like Microsoft or Google could make an implementation for end-to-end encryption using a standard like PGP or S&#x2F;MIME.<p>If they can add features like the temporary &quot;confidential&quot; mail as what Google is implementaing in Gmail, that would be a nice extra. But if we can&#x27;t even do the basics right, why implement such features that can only be used between your own users?<p>Because when you try to use PGP these days using different implementation like Thunderbird&#x2F;Enigmail to Outlook&#x2F;GPGOL or vice versa, half of the times the e-mail are unreadable, not able to be decrypted or some other mysterious problem.

So Google is finally admitting they are not at an actual email provider, but creating their own closed wall service.<p>Glad I’ve moved to fastmail.

What I&#x27;m struck by is how many people don&#x27;t see value in this. If you work with sensitive data, this is valuable. A business may already trust google, but they want to send emails (even internally) that expire. I&#x27;d like it if it just expired the attachments - that&#x27;s normally where sensitive data lives.<p>I don&#x27;t even need to prevent printing etc.<p>I&#x27;d also love a setting, email over 1 year old, you have to jump through some extra hoops to access it.

That’s a bad move. It’s already hard to teach users not to sign in via suspicious link, so adding a legitimate case will be just confusing.

&quot;In the compose screen, there’s a tiny lock icon called “confidential mode”. It says that the recipient won’t be able to forward email content, copy and paste, download or print the email.&quot;<p>I can see how they could prevent this happening for the average user, but do they really have some way actually stop this?

can&#x27;t wait till this is used as an excuse to break SMTP compatability.

So what? We&#x27;ll all just have to install a newer version of one of the many existing browser extensions that saves all our email.

About 2 years ago I received a quote in my yahoo email that on the bottom said &quot;this email will vanish from your mailbox within 48 hours&quot;. And sure it did! I wonder how the author did that. He wasn&#x27;t working for yahoo or anything like that; it was a quote not related to technology in any way.<p>I&#x27;m still puzzled by this one. Anyone?

Someone possibly already building a service to undelete &quot;expired&quot; email.<p>Automatic local snapshots that you control!<p>Sort of like deleted tweets that suddenly everyone have elevated interest in and can read forever.<p>In fact the more &quot;deleted&quot; the tweet (or email) is - the more attention it will get.

What a bunch of hype garbage this is. If you send something in plaintext to a server it&#x27;s already game over.<p>If Google was serious about privacy it would pgp-encrypt everything so only the client, client-side can decrypt it, just like what protonmail does.<p>pfff, &#x27;self destructing emails&#x27;, what a heaping pile of razzle dazzle no-ops that is -- this is more likely subliminal advertisement for the new mission impossible movie.

This would be great... if taking (and faking) screenshots wasn&#x27;t possible.

So it isn&#x27;t encrypted? That doesn&#x27;t seem substantially more secure.

Contact spylink80@keemail.me for all your cyber problems name it whats app, Facebook snap chat anything you can think off,he is the perfect person you need when it comes to that .He will surely help you.

I wish Dropbox would do something like this as well -- let me specify that files in a certain directory will auto-delete themselves after a set period of time, or immediately after being retrieved.

This is how the end of e-mail as we know it looks like. Self destructing messages, expired attachments, disabled forwarding. Heck, they took the mail out of the e-mail.

Slack has a feature to delete posts after a certain period of time. We use this internally so that we can have unfiltered frank discussions.

Looks like privacy is making a big come back and fuk all these companies that gives free service in exchange to use your personal info

A better solution could be to convert the email into an image with &quot;VOID&quot; watermark all over the image after its expiration.

smells like “embrace, extend, and extinguish”

If you can take a picture with your phone or a screenshot of the email, what&#x27;s the point?

Great. So now I have forward every email I get to some non-google email as a backup.

Not possible with POP3 I guess.

Wouldn&#x27;t self destructing emails only work if both sides use Gmail?

That’s not how email works. That’s not how any of this works.

This is terrible for forensic evidence. Many an illegal activity is captured and busted because of email records — just think of the Enron dataset for example.

As to how bad I find this is: It&#x27;s more than enough to close the account.<p>If in the receiver end I can&#x27;t disable this, this is it.

Uhmm... screenshot the mail; self-destruction circumvented.

&gt; It says that the recipient won’t be able to forward email content, copy and paste, download or print the email.<p>DRM for email? that worked so great for the media industry... No thanks.

Well, realistically, unless Microsoft goes along with it and builds the same implementation into Outlook, this ain&#x27;t going anywhere. Business runs on Outlook, and Office 365 is the other huge part of Microsoft&#x27;s revenue, outside Azure.

So from now and on, it&#x27;s called g-mail, and not e-mail, and they are not compatible. Also this seems to be a stupid idea, as who&#x27;d believe self-destructing or expiring emails would actually be ever deleted from g-servers...