Tag: GMail

What can be done to support secure email?

Personal and business Internet users are showing interest in the concept of secure email. This is to assure that confidential emails only end up being viewed by the eyes of their intended recipients.

It is being driven by issues relating to confidential personal and business information being leaked to the Web along with a common personal worry regarding government surveillance in the age of terrorism and extremism. Along with this, activists, journalists and the like are wanting to rely on secure communications to pass through critical information in areas that are hostile to freedom of speech and the press. In some cases, people travelling through countries known to be hostile to freedom of speech like Russia and China have been encouraged to keep their data highly secure due to the espionage taking place in these countries.

Compose Email or New Email form

More work needs to be done on secure email

There is a slow increasing prevalence of secure email platforms appearing on the Web. These platforms such as the Swiss-based ProtonMail and the secure iteration of Google’s GMail service are dependent on a Web-based user interface. Along with this, most of us are implementing instant-messaging platforms like WhatsApp, Viber and Telegram to send personally-confidential material to each other.

But they offer a series of features intended to assure personal privacy and corporate data security. They offer end-to-end encryption for the emails at rest (while they are on the servers pending delivery) and in transit (while they are being moved between servers). They also offer the ability for users to send seif-destructing emails that don’t stay in the recipient’s or the sender’s storage space after they are read unlike with conventional emails which stay in the user’s storage space after being sent or read. These self-destructing emails cannot even be forwarded to others or printed out (although it could be feasible to take a screenshot of that email and print or forward it). Some of these setups even have the ability to detect screenshots and let the sender know if the recipient took one of a confidential email. As well the metadata about the emails isn’t held on the servers.

But there are current limitations associated with these services. One of these is that the privacy features are only available to users who subscribe to the same email platform. This is because the common standards for secure email such as S/MIME, PGP and GnuPG only support basic key-based encryption and authentication abilities and the common email protocols like IMAP and POP3 don’t support email-handling control at the message level. As well, these services rely on a Webmail interface and require users to click on links sent as part of standard emails to view the secure messages if they aren’t part of that system.

There are certain features that need to be added to IMAP4 to allow for secure email handling. One of these is to permit message-level email control to permit self-destructing emails and to allow the sender to limit how the recipient can handle the messages. But the message-control features may run against legal-archive and similar requirements that will be asked of for business correspondence. In this situation, there may be the ability to indicate to senders or recipients if the emails are being archived as a matter of course and message-level email control can’t be assured.

Of course this may be about a newer feature-level email standard, preferably open-source or managed by many in computing academia and industry, to add this kind of secure email control.

Then there is the requirement to encourage the use of encrypted-email / authenticated-email standards like S/MIME or PGP within email endpoints, both Web-based and client-based. It will also include the ability for users to create asymmetrical key pairs and store their correspondents’ public keys in their contact manager software. There will also have to be the ability to support automated public-key discovery as a new contact is added, something currently feasible with encrypted messaging platforms that maintain their own contact directory.

Other questions that will come up in the course of building a secure email ecosystem is how the encryption keys are stored on the end-user’s system and whether an end-user needs to create new encryption keys when they change devices along with how to store them securely. This can be of concern with most computer users who typically maintain multiple devices, typically a smartphone along with a regular desktop or laptop computer and / or a tablet of the iPad ilk. Similarly there is the fact that one may not have the same computing device for the long haul, typically due to replacing one that has broken down or upgrading to a better-performing device.

There will also have to be the issue of security and portability thanks to issues like users temporarily using different computer devices such as friends’ computers, work / school computers or public computers. Here, it may be a question about where contact-specific encryption keys are held, whether on a server or on removable media along with how email sessions are handled on these temporary setups.

What will need to happen is for email platforms to support various secure-messaging features in a manner that can exist on a level playing field and without the need for correspondents to be on the same provider.

Hey Cortana! You can work with GMail

Article

You can now connect Gmail to Cortana for calendar, mail, and contact support | Windows Central

My Comments

Windows 10 Cortana Notebook menu

Select “Connected Services” in Cortana’s notebook

Some of you may just use GMail simply as another Webmail account but you can have client-side access to it from certain email clients like Windows Mail, Outlook or your Android email client. Here, if you are using Windows Mail for example, you may find that you could have Cortana work your account from their simply by adding it to the list of accounts your Windows Mail installation works with.

But you may also just use the Web-based user interface for your GMail account and simply use it also as a contacts and calendar storage for your Android phone, especially if you do upgrade your phone frequently.

Add a Service menu in Windows 10 Cortana Notebook menu

Select GMail as the service to add to Cortana

Here, you can create a direct link between Cortana and your GMail account so you can summon her for information from that account. This can be of importance if you buy the Harman-Kardon Invoke smart speaker which is powered by Microsoft’s Cortana voice-driven personal assistant.

To do this, open Cortana on your Windows 10 computer and click on the Notebook icon. Then click on Connected Services in the menu that pops up. Select “Add a service”, then select “GMail”. Here, you will be asked for your Google username and password that you operate your GMail account with. Enter these credentials and Google will then ask you whether you want to allow Cortana access to your account. Once you assent to this, your GMail details are available to Cortana.

This will become more of a trend as an increasing number of social networks, Webmail services and the like provide the necessary “hooks” to allow the various voice-driven personal assistants to work with their services.

Google brings forward a feature that ends email remorse

Article

Compose Email or New Email form

Sometimes you may wish you haven’t sent that email

Now you can avoid email sender’s remorse with Gmail’s ‘Undo Send’ feature | Naked Security (Sophos blog)

My Comments

You end up sending that misspelled email to your boss or click “Reply All” instead of “Reply” when you send that reply. Or a late Friday night alone with some music playing on the stereo and a half-empty bottle of whiskey beside you means that you type out that inappropriate email to that former love interest. These can lead to situations where the email you sent can have embarrassing or disastrous consequences.

Google has now integrated a “delayed sending” feature in to the GMail service so that you can opt to cancel sending that email. Here, once you enable this feature, you can specify a certain amount of time to wait before actually sending that email. This enables a “Cancel Send” button which takes the email out of the Outbox so it isn’t on its embarrassing way and would cope with situations like misspelt or misaddressed messages or “half-the-facts” situations. This is another feature that Google dabbled with in their labs to beat the “I wish I didn’t send that” blues and they rolled this in to production GMail deployments.

The previous feature they worked on was a CAPTCHA setup that would come in to play when it is the late evening. Here, you would have to solve a maths equation before you could send out that email, as a way of assessing whether you had a bit too much to drink and were about to send that drunken email. But they could extend this functionality to cope with the drunk email by having a user-selectable option to hold all emails that you send during a certain time window like 10pm-6am on Friday and Saturday nights for a longer time or until the next day.

This can easily be implemented in email client software as well as Webmail setups so you don’t have to use GMail to have these features. But Google is the main email service provider who is targeting the issue of sender’s remorse by providing the delay options.