Don't mistake Gmail's Confidential Mode for real privacy

Valentin Wolf/imageBROKER/Shutterstock
Originally Published: 

It's odd that emails are still a primary means of conversation despite really not changing much over the years. At a time where privacy and security are increasingly in demand, companies have made attempts to make email more appealing to people worried about potential hacks and breaches. That makes a feature like Gmail's confidential mode tempting to use.

First introduced last year, confidential mode gives you two options to lock down your messages when sending email. You can either get your secret agent on and set the message to self-destruct (don't worry, it just disappears from the recipient's inbox after a designated amount of time) or require a password to access it, sent via SMS text message or via a separate email. Confidential mode also keeps recipients from copying, forwarding, downloading, or printing the email.

Those extra bits of protection may be enough to convince someone that turning on Confidential mode is enough to make sure an email won't fall into the wrong hands. And, with the introduction of Confidential mode in G Suite later this month — Google's paying customers, typically businesses including Fortune 500 companies and other major organizations — it's likely that even more sensitive information will be moved around using the mode.

There's just one problem with Gmail's Confidential mode: it's not as secure as it may seem. Much like how Google Chrome's Incognito mode doesn't totally prevent third-parties from seeing the websites you visit, Confidential mode doesn't keep the content of your emails from Google itself.


As the Electronic Frontier Foundation (EFF) pointed out when Google first introduced Confidential mode, messages sent with Gmail's supposed privacy feature are not end-to-end encrypted. End-to-end encryption essentially means only the sender and the recipient have access to the content of the message. Anyone in between, be it a company or a hacker who intercepts the message, wouldn't be able to read the text. Gmail forgoes this protection because it wants access to the emails. The company used to scan every email to glean information for advertising purposes and while it claims to have halted that practice, a report from CNN last year found that the company still allows some third-party apps to access data from your Gmail account.

With disappearing emails, a person may rightly expect that those messages are gone for good as soon as the expiration date hits. That isn't the case. Google maintains those messages on its server, and the messages stay in your "Sent" folder. That means they aren't gone and can, in fact, be retrieved by Google or by the message sender. And of course, there's nothing stopping the recipient from simply screenshotting a message, which means they can hang onto the contents for as long as they want.

While Confidential mode may be intended to conceal information, in some cases it may actually expose more to Google. When an email is sent with a passcode, users can choose to deliver that code via SMS (text message). This two-factor authentication-style protection does ensure that only the intended recipient can access the email (unless their phone is stolen or compromised), but it also may expose their phone number to Google, allowing the company to link their email address and phone number. If a person has managed to keep Google from collecting that type of personally identifiable information for this long, they probably won't be thrilled to suddenly have their number sucked up by Google's massive data vacuum under the guise of a private email exchange.

All of this adds up to a security feature that isn't so secure. The EFF called Gmail's Confidential mode "misleading" and said it "lacks the privacy guarantees and features to be considered a reliable secure communications option for most users."

Luckily, there are more secure alternatives out there. ProtonMail is perhaps the easiest and most accessible way to send end-to-end encrypted email, and it offers the ability to send expiring messages that actually disappear for good. You can also set up PGP (Pretty Good Privacy) to encrypt the content of your emails. There are a number of guides that will work with your email client of choice, including Gmail. You can also use apps like WhatsApp or Signal to communicate securely with others outside of email. Any of these options ensure your communications will be more confidential than Gmail's Confidential mode, which works fine as long as you know its extensive limitations.