How secure or private is Gmail's new confidential mode?
Google launched a redesign of the Gmail web interface last month. The the focus of the update was to bring the interface in line with other Google products.
While the update was cosmetic at its core, Google did introduce several new features to the web interface such as direct access to attachments or a new confidential mode for emails.
Confidential mode sounds like a business-only feature but it is available for home and business users alike on Gmail. But what is it?
Confidential mode on Gmail adds access restrictions to emails that you sent using the mode. Designed to protect sensitive information, it enables you to set time limits and passcodes. The mode blocks certain actions, forwarding, copy and paste, downloading of the email, and printing as well automatically.
Using Confidential mode on Gmail
It is simple to make certain emails on Gmail confidential. All you need to do is compose a new email or reply to one, and click on the new "confidential mode" icon in the send button row of the compose interface.
A click on the icon opens the confidential mode configuration overlay which gives you two options:
- Set an expiration date for the email. Available options are 1 day, 1 week, 1 month, 3 months and 5 years. The expiration date is displayed next to the selection menu so that you know immediately when the email expires.
- Enable the SMS passcode feature. Recipients need a mobile phone for that and Google will sent recipients a passcode text message which they need to unlock the email.
Gmail highlights confidential mode by adding a "content expires" message to the email. You can edit the requirement or click on the x-icon to remove it again before you hit the send button.
What happens when you hit send? If you selected the passcode option, you are asked to type the phone number of the recipient. This is mandatory and the only option that you have when you don't want to enter the phone number or don't have it is to go back to the compose window to remove the passcode requirement.
What happens when you type the wrong phone number? Nothing at first, Google accepts any number at this stage.
File attachments are not supported by the mode and you will receive a warning when you have selected confidential mode and added an attachment to the email. Your options are to disable confidential mode or remove the file attachment.
The email that you receive does not contain the message. Google uses the selected subject and shows the sender of the email, but instead of displaying the content, it informs you that you have received a confidential email which you can only open on Gmail directly.
In other words: Google sends you a notification by email that a confidential email was sent to you and that you may click on the link to open it.
If you are not a Google user, you are asked to sign in to a Google account to continue and view the email message.
You can sign in to any Google account at this point in time (if the recipient email address is not a Google account). If passcode was enabled during setup, you are informed that a one-time passcode will be sent to the phone number the sender entered during setup.
You can only select "send passcode" and see only the last two digits of the phone number. There is no option to change the phone number; if it is wrong, you cannot open the email and it will expire eventually unread.
How secure and private is the whole thing?
The short answer: it depends. Gmail's confidential mode protects the email by not sending it to the recipient directly. The same result -- that the email cannot be read during transit -- can be achieved with secure email providers or using encryption technology such as PGP.
The actual implementation blocks some options to download, copy or share messages but it does not protect against all. It is still possible to create a screenshot of the email and print it that way, write it down, or take a photo of the computer screen using any camera.
There is another issue that needs to be addressed. Recipients get an email with a link asking them to click on the link and even sign in to a Google account if they are not already to view it. If that does not sound a lot like phishing I don't know what does.
Recipients may not want to click on the links. Ironically, attackers who use phishing as an attack vector may exploit the new functionality to steal user credentials.
Gmail's Confidential mode feature is not the right option when you need to send confidential messages to others. Email is not the right format for confidential messages unless you use PGP or another secure form of communication.
Now You: What's your take on Gmail's confidential mode feature?Advertisement