How secure or private is Gmail's new confidential mode?
Google launched a redesign of the Gmail web interface last month. The the focus of the update was to bring the interface in line with other Google products.
While the update was cosmetic at its core, Google did introduce several new features to the web interface such as direct access to attachments or a new confidential mode for emails.
Confidential mode sounds like a business-only feature but it is available for home and business users alike on Gmail. But what is it?
Confidential mode on Gmail adds access restrictions to emails that you sent using the mode. Designed to protect sensitive information, it enables you to set time limits and passcodes. The mode blocks certain actions, forwarding, copy and paste, downloading of the email, and printing as well automatically.
Using Confidential mode on Gmail
It is simple to make certain emails on Gmail confidential. All you need to do is compose a new email or reply to one, and click on the new "confidential mode" icon in the send button row of the compose interface.
A click on the icon opens the confidential mode configuration overlay which gives you two options:
- Set an expiration date for the email. Available options are 1 day, 1 week, 1 month, 3 months and 5 years. The expiration date is displayed next to the selection menu so that you know immediately when the email expires.
- Enable the SMS passcode feature. Recipients need a mobile phone for that and Google will sent recipients a passcode text message which they need to unlock the email.
Gmail highlights confidential mode by adding a "content expires" message to the email. You can edit the requirement or click on the x-icon to remove it again before you hit the send button.
What happens when you hit send? If you selected the passcode option, you are asked to type the phone number of the recipient. This is mandatory and the only option that you have when you don't want to enter the phone number or don't have it is to go back to the compose window to remove the passcode requirement.
What happens when you type the wrong phone number? Nothing at first, Google accepts any number at this stage.
File attachments are not supported by the mode and you will receive a warning when you have selected confidential mode and added an attachment to the email. Your options are to disable confidential mode or remove the file attachment.
The email that you receive does not contain the message. Google uses the selected subject and shows the sender of the email, but instead of displaying the content, it informs you that you have received a confidential email which you can only open on Gmail directly.
In other words: Google sends you a notification by email that a confidential email was sent to you and that you may click on the link to open it.
If you are not a Google user, you are asked to sign in to a Google account to continue and view the email message.
You can sign in to any Google account at this point in time (if the recipient email address is not a Google account). If passcode was enabled during setup, you are informed that a one-time passcode will be sent to the phone number the sender entered during setup.
You can only select "send passcode" and see only the last two digits of the phone number. There is no option to change the phone number; if it is wrong, you cannot open the email and it will expire eventually unread.
How secure and private is the whole thing?
The short answer: it depends. Gmail's confidential mode protects the email by not sending it to the recipient directly. The same result -- that the email cannot be read during transit -- can be achieved with secure email providers or using encryption technology such as PGP.
The actual implementation blocks some options to download, copy or share messages but it does not protect against all. It is still possible to create a screenshot of the email and print it that way, write it down, or take a photo of the computer screen using any camera.
There is another issue that needs to be addressed. Recipients get an email with a link asking them to click on the link and even sign in to a Google account if they are not already to view it. If that does not sound a lot like phishing I don't know what does.
Recipients may not want to click on the links. Ironically, attackers who use phishing as an attack vector may exploit the new functionality to steal user credentials.
Closing Words
Gmail's Confidential mode feature is not the right option when you need to send confidential messages to others. Email is not the right format for confidential messages unless you use PGP or another secure form of communication.
Now You: What's your take on Gmail's confidential mode feature?
After reading the article and comments I conclude:
1.) It is surely not for my needs
2.) It falls into the Facebook-type services that give me a better “life experience”
3.) It is a “POS” (Piece Of Shxx)
As usually for an article like this, all the privacy conundrums surfaces from among the commentators, and EU seem to be clamping down on these tech giant regarding how data related to users is used, or is this all just smoke and mirrors??
E-mail is after all sent over the internet in plain text although there are some e-mail services that can relay the e-mail encrypted, one example if I remember it correct is when sending e-mail between Protonmail and Gmail.
So, If someone in EU wants to use a trusted e-mail service, what are the choices if Gmail now is “questionable”??
If Google wants to provide secure email they should implement the idea explained and demonstrated here.
https://newatlas.com/fontcode-text-code/54588/
This is defeated by a screenshot. I’m scratching my head here thinking how on earth this is actually confidential at all?
If I am going through the trouble of sending someone a password by SMS… I might as well use PGP which is actually trustworthy, unlike Gmail’s security/privacy show.
People are blissfully ignorant. I know a police officer, who is heavily criticizing the Dutch government for it’s policy regarding immigrants, is using Gmail and Facebook. That has nearly cost him his job.
I do have a Google account, which I only log in from time to time to suspend all registration of my search history. (Sometimes I need the google search engine). Never have given them my phone number.
A question to my fellow geeks: is it easy to add my pop email account to Proton Mail, in the sense of using proton mail together with my paid mail account from a Dutch provider at the same time? I only use this provider for my email account. It is not my internet provider.
ProtonMail is not secure at all, and is run by some rather suspicious characters. Wouldn’t be surprised if it was another data collection operation. Just look at their Terms/Policy pages where they say that the data/their services are stored inside secure Swiss data centers so one should ask: secure by whose measures, who has access to them, and how etc.
Google’s entire business model is data collection.
It is why the company exists.
People are really surprised their email data is not private?
Really?
Use services like ProtonMail, Tutanota or Lavabit if you truly value your privacy.
If you don’t care about privacy then use Google, but FFS don’t compain about it.
I am luckily of an age where I have never directly used any google services.
Lavabit was closed down after Snowden fled.
“Use services like ProtonMail, Tutanota or Lavabit if you truly value your privacy.”
All of those options are better than GMail, but I would argue that if you truly value your privacy then you should be running your own mailserver rather than using someone else’s. It’s pretty easy to do these days.
John, one thing to to consider is an intruder breaking into your own mail server. Your server is only as secure and you make it (and by “you” I mean any Joe-Blow that sets one up). Security and software updates to the server are all in need of repeated attention… Hillary Clinton’s IT folks know all about this… Google has intrusion attempts at a rate of 100s per second… they are a really good bet to have your account’s security properly established.. Of course only if 2FA is active. Sadly not enough folks use 2FA. you can also PGP protect all your gmail at rest and in transit. Your biggest security threat is local unsecured wifi, lost phones with weak 4 digit passcodes, and USB devices with malicious code and key loggers. Google is not the enemy, but they are evolving too.
Google’s incessant desire to collect everyone’s phone numbers is getting old.
Google… privacy? LOL
@Mola Ram
Glass houses, Microsoft, glass houses.
Not a question of whether or not it’s confidential. Totally a question of how far we believe Google that it’s confidential.
My email for this posting is Gmail – but I wouldn’t dream on transmitting anything confidential over the service – I use a Proton account for such things.
Personally, I wouldn’t take Gmail’s word for privacy – normal or with this enhanced service – if they had both hands, both feet, and both bum-cheeks on Bibles.
Seems lately with all the weird mistakes in software updates that no one’s vetting any of this stuff. This thing is a non-starter, encryption’s already available in gmail, it’s easier to use than this and there’s no attempt to get recipients’ data.
I refuse to give google my phone number, it’s not needed for anything, all it does is increase spam phone calls; I’d never give it out to read an email. Delete. :)
We need to push back against technology companies and their increasingly intrusive motives
As someone else has posted, this new Confidential email feature is possibly a way to force every one to link and provide both an email address and a cell phone number
It is also a way to force nonGmail users to sign up, to receive the Confidential email
Lets invent a technical term that indicates a feature that compromises security, for example “A trojan feature”
This Confidential email feature is a “trojan feature” which seeks to mine a lot of linked email addresses/cell phone numbers
It seems a very clunky solution to ensuring emails remain confidential, and I would have expected more from the Google research team
But then again, putting “Confidential” and “Email” in the one sentence is a nonsense in this era
Thank you for the very informative article
This is the trend in technology:
New features:
1)Are no improvement over the existing ones
2)Likely to reduce rather than improve productivity
3)Fundamentally seek to change your workflow without enough research to see if the feature is actually wanted
4)Change for change sake, and poorly thought out
5)No longer optional
The Confidential mode, asking the recipient to log in, is exactly like a phishing scam, and the risk is that you will send an email that will never be opened
Even if I work as I IT I don’t have a cellphone, I don’t need it at all I only have a landline and a phone that I use as a camera or agenda and on the wifi sometime.
If someone need to reach me I have a voicemail and they just have to leave message I don’t really need that anybody reach me when I’m not at my desk.
So I could even not receive one of those message even if I wanted 😜
Seems like this is the reason why I have been constantly asked to verify my email via phone the last couple of days. Not all of us are willing to connect our email addresses and phone numbers.
Evidently, Google doesn’t think linking phone numbers and email is a privacy/security issue. A bit ironic for a security feature.
So basically, this is a new way to reap mobile phone numbers and link them to email accounts. It also pressures those without a Google account to “sign up”.
Google doesn’t believe that there is any security issue with giving them data. It’s a fiction they must maintain since, like Facebook, their entire business model depends on gathering as much surveillance of the general public as they can get.
So it’s not actually email, then, and I can think of a whole bunch of ways to bypass the “security”. Personally, if I receive one of these, I’ll just have to tell the sender that I can’t see whatever it is that they sent. I’m certainly not going to give Google my cell phone number or log in to see a message.
We are going to need decentralized email service based on bitcoin/blockchain/ethereum technology that can rival Gmail.
The email system is already decentralized. All people have to do is to stop using GMail. At least in my social circle, that change is mostly complete. Most of the people I know who used GMail in the past no longer do so.
Which is good for me! I avoid sending emails to Gmail accounts as much as possible, and if I have to, then I tend to keep them as brief as possible.
You need to read the article again.
It’s not YOU who hands over your phone number, it’s the SENDER who does so.
So that means that if your friend/coworker/whatever sends you a confidential email and uses the SMS option then Google already has your phone number now, even if you choose not to open the link.
Yes, you’re right. Fortunately, the people who have my cellphone number already know that if they were to do such a thing, I’d be angry about it.