Can you explain how "removing options for recipients to forward, copy, print, and download" could "help prevent users shooting themselves in the foot"?
I get a bunch of information through emails at work that Im not allowed to share outside the company, and tons of others that I need to send to people outside the company. If the people sending me the internal company emails mark them as such, I can be sure I never inadvertently forward the wrong emails to the wrong group.
I think the threat model is about catching your own mistakes, not preventing bad actors from acting.
it seems it would be more useful to implement things such as "delete message after X days" or "do not forward" instead of mock features like this. Adding an autodelete feature in gmail is overly complex, requires filters + google scripts.
Right but from the sender's side only. I wish there was an easy way to automate deleting of old messages e.g. auto-deleting my unread messages or most of the newsletter/promotional stuff.
This feature only works for users of Gmail and specifically web mail. All the users I would want to have an extra layer around 'shoot themselves in the foot' usually also insist on using Outlook to access their email.
This is simply a superficial UI that gives a false sense of doing anything for most of the cases.
Not sure why you’re being downvoted. To me it seems only to increase the chance for users to shoot themselves in the foot, as they now have a false sense of security.
The most important security feature is just the fact that email won’t be saved in that account. I had cases when I had to send or receive a small piece of sensitive data (SSN, bank account details) and we used Virtru for that. Now we can just send in Gmail.
The first thing that springs to mind is attorney client privileged emails. My understanding from how legal explained it to me is that if I have a privileged email conversation with them but then forward it to my boss that communication wouldn't be privileged (and I just shot myself in the foot legally)
I think the threat model is about catching your own mistakes, not preventing bad actors from acting.