Without end-to-end encryption, gmail confidential mode is little more than a marketing ploy. Find out why privacy experts call Google’s privacy features “misleading.”
When we launched proton mail nearly five years ago, we pioneered a new kind of email service: one that puts you in control of your own data. All emails are end-to-end encrypted and zero-access, which means even we can’t read them. We also offer the ability to set up expired emails, which self-destruct after a period of time chosen by the sender.
several years later, google tried to integrate some of these same features into gmail with “confidential mode”. Even though Google released Confidential Mode over a year ago, people are still confused about what it does. is it really safe or private? is it encrypted? when you turn it on, does it prevent google from reading your messages? the answer to these questions is ‘no’. in fact, the decision to call it “confidential” suggests a level of security and privacy that doesn’t exist in gmail’s confidential mode.
gmail confidential mode does not mean that your messages are end-to-end encrypted. google can still read them. Expiring messages are not permanently deleted and the recipient can always take a screenshot of your message. let’s take a closer look at how confidential mode works and why it’s not so confidential after all.
what does gmail confidential mode do?
gmail introduced confidential mode in April 2018 with its latest major inbox redesign. the feature allows users to optionally enable confidential mode from within the composer.
When you enable Confidential Mode, a panel appears giving you two options. the first allows you to choose when you want the email to expire so that the recipient can no longer read it (you can also revoke access to the sent email at any time). a second option allows you to require the recipient to enter an access code to access the message. Google generates the access code and sends it to the recipient’s phone via SMS, so you need to know your recipient’s phone number. furthermore, emails sent in confidential mode cannot be forwarded, copied, downloaded or printed.
problems with confidential mode
gmail’s confidential mode doesn’t make emails private because google can always read them. when you send an email with confidential mode turned on, google keeps the content of the email on its servers . if you send a confidential email to other gmail users, they can read the email in their inbox, but emails to external users only contain a notification that a sender “has sent you an email via confidential mode from gmail” along with a link to a page on google.com. (This is similar to proton mail’s password protected emails feature).
Once the email expires, it is no longer accessible to the recipient. but the message remains in the sender’s sent folder, which can also be read by google. This is not an email about to expire. It can still be accessed by google and may be exposed to governments or hackers. As noted by the electronic frontier foundation, “Because messages sent in confidential mode can still be retrieved, by both the sender and Google, after the ‘expiration date,’ we believe that calling them expired is misleading.”
the passcode option is a new invasion of privacy. if you choose to set a passcode for your recipient, you must provide your private phone number to google. if you’re sending a message to a gmail user, it’s likely that google already knows your phone number by read your emails or other google products. But if you send a passcode-protected email to a non-Google user, you’ve just allowed Google to link that person’s phone number to your email address, as well as any sensitive information in your message. This is an effective way for Google to collect information about people, who probably refused to use their service to prevent such data collection. it also means that google knows quite a bit about your supposedly sensitive email.
The other supposed security benefit of confidential mode is the inability of the recipient to forward, copy, download, or print the email. “This helps reduce the risk of sensitive information being accidentally shared with the wrong people,” says Google. while this may reduce the risk of accidental data exposure, it is not real security. the recipient can simply take a screenshot of the email. “I was able to easily take a screenshot and paste it into a new email and send it to a friend,” wrote a reviewer for inc. “It takes about 10 seconds. anyone using ms paint can figure it out.”
how is proton mail different from gmail confidential mode
When you send an email from your proton mail email address to another proton mail user, the message is encrypted on your device using your recipient’s public key. this happens automatically, every time. when you press send, the email travels to its recipient in encrypted form. the recipient then decrypts the message with its corresponding private key.
Because we don’t have access to the recipient’s private key, we can never read the message. we have access to metadata such as email addresses, timestamp, and subject line. (It’s a bit like locking a vault with your friend’s key and then mailing it to them. You can read a full explanation of how end-to-end encryption works.)
proton mail also allows you to send end-to-end encrypted emails to non-proton mail accounts (like your friends and family in gmail, to prevent google from reading their messages). Similar to gmail confidential mode, this also works by using a passcode. the difference is that with proton mail, you can choose the password yourself and communicate it to your recipient however you want. Also, the message is end-to-end encrypted and we can’t read it.
Finally, proton mail also offers the ability to send expired emails, except in our case, the emails actually disappear after the expiration time. this works for both emails sent to other proton mail users and non-proton mail addresses (as long as you set a password for the latter).
Of course, it is possible to forward, copy, download and print emails from Proton Mail. but again this is also possible in gmail confidential mode just by taking a screenshot. Advertising this benefit as a “security feature” misleads users into a false sense of security.
Without end-to-end encryption, Gmail’s confidential mode is little more than a marketing gimmick designed to appease privacy-conscious users. Fortunately, you don’t need to settle for fake privacy. you can join the more than 10 million people who use proton mail to protect their communications.
Best regards, The Proton Mail Team
You can get a free secure email account from proton mail here.
We also offer a free vpn service to protect your privacy.
proton mail and proton vpn are funded by contributions from the community. If you want to support our development efforts, you can upgrade to a paid plan. Thank you for your support.