Firefox easily bypasses protection in the new Gmail interface.

Recently, Google introduced a new design of Gmail. If desired, each user can switch to it, and soon all G Suite users will be transferred forcibly .

This design has implemented several new security features, including the so-called confidential mode . Here the sender sets the validity period of the letter, after which it “disappears”. At least that should work. In fact, there are several ways to circumvent this protection, save the received message, copy or print.

')


Creating a confidential letter Gmail: indicates the date of the disappearance of the letter and the activation code from the SMS, which must be entered to gain access to it

Google calls this system Information Rights Management, a term Microsoft invented over a decade ago for a similar feature in Microsoft Office. In reality, this is a kind of analogue of DRM, only for email.

Specialists from the Electronic Frontier Foundation see several problems in how Gmail’s privacy mode is implemented.

Frivolous protection

First, these are simple circumvention methods for this “protection”. Obviously, you can make a screenshot of the received letter. You can simply save it in its original form. Although there is no “Save” or “Download Letter” button in Gmail, there is such a button in the browser and it works normally on confidential emails.

Secondly, the letter is not really deleted completely - it continues to be stored in the Sent Items folder of the sender, that is, on Google servers. Even if both the sender and the recipient clicked the "Delete forever" buttons and cleared the baskets, the letters still remain on Google servers for up to 60 days .

Finally, Google prohibits printing confidential emails from the web interface. But this protection is implemented using CSS-rules @media print , which hide the main content during printing. Remove the ban on printing is very easy. For example, in the Firefox browser, open the Style Editor in the web console - and delete unnecessary rules. Alternatively, you can simply click on the left eye shape icon and turn off all the CSS styles on the page. In other browsers with embedded developer tools, you can also find @media print in the code, comment it out or delete it. But in Firefox this is probably the easiest thing to do.

In general, the @media print rules are implemented in the standard in order to help the user print a page without unnecessary “garbage”. That is, Google uses this rule for other purposes and abuses it, experts say .

Google also applied several tricks to block copy-paste, but they can also be circumvented.

First, this CSS property user-select , which does not allow to select text . It is deactivated from the same style editor in Firefox: just simply disable all styles or write your own rule that returns the normal behavior (auto) when text is selected.



Secondly, Google introduced JavaScript, which blocks the context menu that allows you to copy text. This restriction in Firefox is removed in the configuration about:config , where the setting of dom.event.contextmenu.enabled should be set to false (false means that JavaScript does not have the ability to block the context menu).

Security illusion

It can be assumed that even such unreliable protection of letters is better than none at all. Unfortunately, this is not the case. Information security experts have repeatedly warned that under such conditions users experience an illusion of security. Because of this, they are more careless about the transfer of confidential information, unnecessarily relying on the security and privacy of Gmail emails. In other words, such protection may even worsen the real protection of information and increase the number of leaks of confidential documents.

“If money, if the market determines security measures and if people make decisions based on their sense of security, then the most intelligent thing a company can do, on the basis of economic considerations, is to give people a sense of security. And there are always two ways to achieve this. First - you can really protect people and hope that they will pay attention. Or secondly, you can create a sense of security and hope that they will not pay attention, ”said Bruce Schneier in his TED lecture , which is called Security Illusion.

DRM in the mail

The specialists of the Electronic Frontier Foundation (EFF) note that the end-to-end encryption is not used in confidential mode, that is, the letter still passes in open form through Google servers, and the company has the technical ability to store copies of letters for an unlimited time, regardless of set "date of removal".

In addition, the sender must reveal Google’s mobile phone number to the recipient in order to activate the SMS code protection — potentially without the consent of the recipient.



According to the EFF, the IRM (DRM) system implemented in Gmail does not rely on technology, but on the 1998 Digital Millennium Copyright Act (DMCA), which directly prohibits third parties from circumventing this protection. For the first such violation, up to five years in prison and a fine of up to $ 500 thousand are threatened. Theoretically, disabling protection in the Firefox web console style editor can also be considered a violation of the DMCA. Again, in theory, Google has the right to put pressure on Firefox developers to deactivate this feature for Gmail, and to start pursuing developers of third-party extensions who will try to bring this functionality back to Firefox.

“We believe that information security products should not rely on the courts to provide their intended safeguards, but should rely on technologies such as end-to-end encryption that provide actual mathematical guarantees of confidentiality ,” the EFF said. “We believe that the use of the term“ confidential mode ”for a function that does not ensure confidentiality, as this term is understood in IS, is misleading.”

EFF believes that there can be no privacy in unencrypted mail, this also applies to Gmail’s “confidential mode”. Maybe this function makes sense in a narrow corporate environment, but for most users there are no guarantees of privacy and the necessary functions inherent in secure communications. First of all, there is no secure end-to-end encryption of email with a digital signature.

---