Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Going live in a few fingers crossed and see if this works. Uh Good old fix errors again. Oh, no. All right. So we are going to go live in. Cool. How's everyone doing? Uh We are going live there we go.
Periscope is up and running. Let's double check here. Go through Twitter on the old ipad. Figure it out. Oh, lovely. Unbranded. Just link tweet. Like, hey, heads up and is there audio, there's actually audio in Periscope for once.
Let's hope it doesn't die 30 seconds in or a minute in Mornings with Mark episode 39. For those of you just tuning in because it's been a hell of a week with that kind of thing. Um Deal is every morning I hop on, I do sort of 5 to 7 minutes talking about um a particular issue, an announcement, whatever kind of floated into my brain.
Um Looking at security privacy, leveling it up, uh how it impacts you, how it impacts our community, things like that. Um Things look good. We're good. OK. Keep double checking because at this point in the week, I am utterly paranoid about the quality of the stream about the efficacy of the stream if the stream is actually even working or not.
Um a little concerned that uh Twitter Periscope blink is just a link, there's no actual description, but what are you gonna do? Um Oh, today I want to talk about the new feature from Gmail. Um So they're saying that they're going to give you a secure email that you can self destruct and recall at any time works with any user including non Gmail users.
Hm That's not how email works. So they have implemented the feature. Um It does have the functionality that they've promised. Um It's not in the way that they promise though. And this is where I get a little frustrated with marketing and security um in general within the community because I think what they're billing as secure email that you can recall is not actually that at all, what it is is you're typing out a message.
Um Yes, that's typing you type out a message and you email it to somebody. And what actually happens is that message doesn't get emailed. That message is stored securely on Google servers with um an authentication scheme wrapped around it and a coded link like a tokenized link and that link is sent to somebody and then they can click on that link to get access to the message.
So Gmail users get a far smoother experience. But for normal email users, you're just getting an email with a link in the description saying you've got a secure message, you can click here to go at it.
It's not actually saved on your device, which means it's not working like normal email. And that's where I get really frustrated. And it would be one thing if Gmail was like, hey, we've got a way to send secure messages for certain times.
Um And you know, here's the ups and downs of it, but it's billed as like email, you can recall any time. Well, recalling just means you destroy that tokens access. So that's a solid system. That's a great um security setup.
It makes sense. Um But it's not email, it's absolutely 100% not email. And that's sort of the challenge I have with that is making things more complicated than they need to be. Um was yesterday's topic and how this really kind of ties in is the fact that people go in expecting emails.
So if I send you one of these messages through gmail and you put it on, let's say your phone, you download it and you're going to read it on the plane. And then all of a sudden when you get on the plane, you can't read it because it's not cached on your system because it's not an email message.
It's an email message, the link to the actual message people are expecting one thing and they're going to get another. Now, the thing they're getting is fine. There's no problem with it. There's strong security around it.
From the initial sweep. At least there is a good concept. The user interface even looks somewhat reasonable like this is not a bad thing, but billing it as this makes it inordinately more complex than it needs to be.
And that's really where I take issue with it. I think it's a good feature. I think it's positioned and marketed wrong. Um And I think that does a disservice to security and I can give you a num numerous numerous examples of the similar kind of thing where people will say one thing and they actually are implementing another.
And I understand from a lack of awareness from the marketing teams maybe from the goal of trying to hook people in with a simple concept to explain the details later. But when it comes to security and privacy, we really shouldn't mess around, you should just plainly lay it out.
Um Yes, in simple terms that people can understand, but how wouldn't people understand that you're adding secure message access, not email, right? So you phrase that better and you say in this new version of gmail, we're giving you the ability to send secure web messages um or secure online only messages.
Um It just it's not, you know, you have to work that wording massage a little bit more. But the fact that this new secure withdraw anytime email message is built right next to a strong offline mode those two don't line up, they don't, doesn't work together.
Um, and that's really a problem. I think we can do better, I think. Um, that's a huge issue in security in general. Um, and I'm sure I'll be ranting and talking about it more. Um, as we roll along, uh, this week later on the, today, actually, I'm hopping on a plane and heading to Halifax, um, back to my home province of Nova Scotia um for Atlantic Security Conference uh tomorrow um one o'clock Eastern, I believe or no one o'clock Atlantic.
Um I am giving a talk on operational technologies and sort of the paradox of cybersecurity. Um I will be posting some stuff on my site. So marknca hit me up on Twitter at marknca.
Um And you can see some of the content there or if you're in Halifax. Absolutely try to snag a ticket if they aren't sold out already. Atlantic security conference is one of the best conferences out there.
Um Definitely a highlight of my calendar. Um If you're on site, hit me up, if not follow online, I'll be tweeting as much as I can, I'll still be doing this broadcast. Um Assuming it works because it's in that kind of week.
Um uh Always hit me up, we'll talk either downlow or in the comments or on Twitter wherever you're seeing this. Um This is all about discussion. It's a two way street here. I hope you are set up for a fantastic Wednesday and I will see you tomorrow assuming everything works.
