Is Google’s new Confidential Mode feature a security threat?

Marco Tracogna
X2X Technology, Powered by CRIP.TO
3 min readAug 16, 2018

Google has announced its new email features. One of those features is the new privacy-focused confidential mode, which allows users to set an expiration date for emails, similar to messages on Snapchat.
Whilst a lot of users may welcome this new feature which affords them secrecy and security, the Department of Homeland Security (DHS) is concerned that it could lead users becoming vulnerable to phishing scams.

Google’s new Information Rights Management Tool, allows you to set restrictions on how your email is displayed, viewed, and shared. Essentially, an email sent in confidential mode cannot be forwarded or printed, and you can set up an expiration date and add a passcode requirement for added security when the email is viewed

By using this mode you are not sending the actual contents of an email, but sending an email with a link to the said content and requiring a password to access it. The idea is that users can protect the data they’re trying to communicate with someone on the other end. While that sounds fine in theory, in practice it means clicking on links within emails.

Although using this feature is straightforward for most GMail users, the potential problem arises for those third-party or non-Gmail users who receive an invitation to view a confidential email. In these cases, instead of the email appearing in their browsers, they are invited to click a button to view an email. This is where some say the security fears lie, as scammers may create fake versions of these confidential email alerts in order to dupe users into entering sensitive data to access an email.

The DHS has been in contact with the Google to try and work on a solution to the problem. Google’s response, has been to say that it believes no additional security risks have been created with the implementation of the new feature. Furthermore Google claims that it has an outstanding history of recognising and blocking phishing attempts and has created “machine learning” algorithms to detect potential phishing scams that cyber criminals carry out.

To avoid becoming a victim to phishing attacks, be wary of emails that look suspicious, and always check that the email address and sender name match. Another thing to do if you are suspicious is to check if the email is authenticated.

CRIP.TO believes that everyone should have the right to send and receive information privately and securely, and this is exactly how the CRIP.TO Black hardware device works. Black encrypts and stores all your personal data within its memory. The only time the data is in “contact” with the outside world is when it is used to communicate with another CRIP.TO user. The rest of the time, the data is safely out of reach, protected by our custom recipe of encryption algorithms. It doesn’t require a DNA sequencer to access the data, but it may be more secure. And, it does not require surgery to keep your data with you.

CRIP.TO is dedicated to giving its customers the freedom to communicate fearlessly. Check out our best-in-class solution that gives individuals, groups, and companies the best end-to-end encryption solution available.

We believe that everyone has the right to protect their information and keep their privacy. Integrity is a core value, and they see the vast potential of a decentralized, distributed solution like Blockchain as a key match in this space.

Copyright © 2017–2018 CRIP.TO OÜ

Originally published at crip.to.

--

--