Gmail’s new ‘Confidential Mode’ is Misleading and Unsecure

Unless you live under a rock, you’re pretty much overwhelmed with the buzz around Gmail’s redesigned inbox. Don’t worry, I’m not going to waste your time repeating what you’ve already read. Instead, I’m going to tell about what no one else is saying regarding Gmail’s most overhyped feature of its redesign, ‘Confidential Mode’, and how it is misleading in name, design and functionality.

Beyond a fresh new look, the most popular email service in the world added a bunch of new features to its decade old inbox functionality. Amongst them, and by far the most talked about, is its new ‘Confidential Mode’ which aims to bring a bit of control into the Gmail experience. At this point it’s important to say that I’m the CEO of Criptext, a company that offers an encryption service for Gmail.

So, what is it?

In short, “Confidential Mode’’ lets you send a self-destructing email to anyone, regardless whether they use Gmail or not. It also prevents recipients from copying the text in the email, which is pretty useful. In a nutshell, the feature gives users more control over what they send over email — and that’s a good thing. However, it’s not a seamless experience for the recipient as it adds two extra steps to the email experience. To read the “confidential email”, recipients must first open the email, click a link and then read the email in a browser.

Source: Tech Crunch

This feature is poorly executed as the extra steps really does hinder what could otherwise be an awesome experience. It’s true that increased privacy comes at the cost of usability, but this tradeoff was easily avoidable. I know this because Criptext has been sending self-destructing emails on Gmail for the las 4 years, no extra steps included. Anyhow, this is all besides the point that “Confidential Mode” is misleading users into thinking it’s secure.

Confidential, yet unsecure

It’s easy to be swayed by the notion that Google is making your emails private, but don’t forget: Google is an advertising company that mines your data in order to show you ads. Gmail is known to read the content of your emails (both sent and received) in order ‘to improve your Gmail experience’, which is short for ‘in order to show you ads that are relevant to the things you are saying over email’. Once you wrap your head around this, you’ll understand why end-to-end encryption is not a viable feature for Gmail. If it encrypted emails end-to-end, then it technically wouldn’t be able to read your emails, which leads me to explain the two reasons why “Confidential Mode” is misleading:

  1. Data Permanence: Gmail says that “confidential Emails” self-destruct, but this doesn’t mean they cease to exist. That is, just because you can no longer read it, doesn’t mean that it’s been erased from Google servers. Think about it like when you delete a picture from Facebook: though it’s no longer available to you or the public, Facebook still keeps a copy of it. Because of Google’s data-dependent business model, there’s very little room to believe that self-destructed “Confidential Emails” will be permanently deleted from its servers.
  2. Encryption: Note that, although Google has flaunted the word confidential around, it has never said that these emails are encrypted and that’s because they’re not. The word ‘Confidential’ implies privacy, but privacy doesn’t necessarily mean security. Even more misleading is the icon for “Confidential Mode” (seen below) which is a lock with a clock. Such graphical representation of a “Confidential” feature misleads users into thinking that the email will be encrypted or secured beyond a traditional Gmail email, which isn’t the case.
Source: Google

Approach with caution

Before writing this piece I did some research to see if anyone else caught wind of this play on words by Gmail and, to my surprise, almost nobody has written about this in depth. Hat’s off, however, to Romain Dillet at Tech Crunch who did mention ever so briefly on his article the following:

It’s also worth noting that Google doesn’t mention end-to-end encryption anywhere. A “confidential” message doesn’t have to be encrypted.

The announcement of Google’s new Gmail comes days after it announced its new messaging app, “Chat”, to rival Apple’s iMessage. Chat came short of meeting users’ expectations and was heavily criticized for lacking basic encryption features which have become a standard in the messaging market. In my opinion, encryption was purposely left out so that your messages could be read and mined like your Gmail emails. Let me repeat: Google is an advertising company.

Ultimately, Gmail’s new ‘Confidential Mode’ feature is a great addition to its email platform, bringing more control and a tad bit more privacy to the Gmail experience. That said, this newly found sense of control conveys a misleading sense of security and users should be wary of its limitations. If you’re looking for a truly secure and private email experience, then I suggest you check out Proton Mail or wait for this summer’s launch of the new Criptext’s standalone encrypted email service, which will be the first email service to not retain any of its users’ email data or encryption keys. However, these two are independent email services that don’t integrate into Gmail.

The truth is that Gmail is inherently unsecure because email itself is unsecure. There’s only so much you can do to get a more private and secure Gmail experience. If you’re like me and love using Gmail as your personal email account, then I highly suggest you look into encryption solutions for Gmail such as Criptext for Gmail and Virtru. I personally like Criptext for Gmail because it’s seamless for both the sender and the recipient. Beyond encrypting and self-destructing your emails, Criptext lets you know when emails have been read and even unsend them — even after they’ve been read.

Source: Criptext

Regarding Confidential Mode, Gmail hasn’t fully rolled out the feature publicly, so let’s see how/if they address the issues stated above once they do. My guess is they’ll focus on promoting the virtues of the feature whilst trying to shove its limitations under the rug. Either way, as a Gmail user, it’s important that you be properly informed as to what Confidential Mode does, and, even more importantly, what it doesn’t do.

*Update 1

After publishing this story on my personal Twitter account, Dell Cameron from Gizmodo replied to my tweet with the following:

google told me today the emails can be recovered internally with e-discovery software, btw

Dell is referring to Google Vault, which is G Suite’s enterprise data Auditing/e-discovery tool. What this means is that if your work email is hosted by Gmail then you can bet your administrators will have a copy of your “confidential emails” — even if they’ve expired already. This pretty much confirms what I stated as problem number 1 with “Confidential Mode” regarding data permanence and the fact that expiration doesn’t mean nonexistence.