Gmail's confidential mode is not confidential
Gmail as one of the major email services worldwide has realized that privacy concerns are rising constantly - and this is happening at a global scale. To meet this new demand for private and secure emails, Gmail has introduced a new feature: Confidential mode.
However, this feature is neither confidential nor private as Google still has unlimited access to its users' emails, even when they use confidential mode.
What is Gmail's confidential mode?
Gmail's confidential mode is a feature that lets you send emails with a self-destruct timer or with password protection. Or in Google's words:
"Recipients of messages in confidential mode don't have the option to forward, copy, print, or download messages, including attachments. Users can set a message expiration date, revoke message access at any time, and require an SMS verification code to access messages."
Why is Gmail's confidential mode privacy-intrusive?
Though pretending to offer privacy, Gmail's confidential mode comes with three major problems:
- The emails are not end-to-end encrypted.
- Google retains full access to the email even when you set a self-destruct timer.
- If you password-protect an email, Google can link your recipient's phone number with their email address.
All these facts combined make Gmail's confidential mode more a privacy-intrusive feature than a privacy-protecting feature.
The confidentiality expected by the users is not achieved because the emails sent via confidential mode are not inaccessible by third parties. The EFF states that this increases the risk for the users as they may send private information via confidential mode, which they wouldn't have sent with a normal email, falsely believing that the data is secured with encryption.
Why does confidentiality require encryption?
Information classified as confidential relates by definition to something very personal or top secret. It must be kept from any and every third party by all means.
This form of secrecy can only be achieved with end-to-end encryption. Encryption guarantees that only the people holding the key to decrypt the information can gain access to it.
This is why end-to-end encryption is an absolute necessity when communicating confidentially.
When sending an email with Tutanota, you have the option to send a 'confidential' email - which refers to an end-to-end encrypted email, or a 'not confidential' email - which refers to a standard email.
With this definition in mind, Gmail's confidential emails are just standard emails with some extra features like unprintable, unforwardable, uncopyable, and so on. However, this will not stop anyone from taking a screenshot from the unprintable email, just to print off the screenshot.
Besides, the point in confidential communication is not to keep information hidden or protected from the person you are communicating with, the point is to keep everyone else out of this conversation.
What is the benefit of Gmail's confidential mode?
All in all, there's not much benefit to Gmail's confidential mode. If you want truly confidential emails, you need to use a secure email option like Tutanota or encrypt your emails manually since Gmail has long abandoned its project to offer easy end-to-end encryption. Instead, they now offer a rather dubious version of confidentiality.
The only benefit that remains with Gmail's confidential mode is that the receiving mail service does not see the email sent via this mode. If you send an email from Gmail with confidential mode to a friend, who is using Yahoo Mail for example, Yahoo will not see this email. Yet, Google still has full access to the email so the benefits are extremely little.
If you're using Gmail's confidential mode, be aware of its limitations. Don't be fooled by Gmail's promise for confidentiality.
Confidential emails are simply impossible without applying end-to-end encryption.