Google Gmail's 'Confidential Mode' puts a self-destruct timer to conversations to "protect sensitive information from unauthorized access."
The feature can be enabled when users compose a new email, where they can access the mode and set an expiry date for email and a passcode. Once the email is sent, the self-destruct timer cannot be changed.
Recipients of these confidential emails won't be able to copy, paste, download, print or forward the message. If the email has attachments, those too are disabled.
Google launched this feature alongside its big Gmail redesign on April 2018 (with G Suite customers getting the first look). After all users benefit from the updates since July 2018, Google starts introducing those features to its mobile users.
And this includes the 'Confidential Mode' as it arrives to Gmail's mobile app. Gmail announced the news with a tweet:
Confidential mode is now available on mobile devices and can help you protect sensitive information from unauthorized access. Learn more about this feature → https://t.co/lmQNElH6C1 pic.twitter.com/Nxtx2yU0pG
— Gmail (@gmail) August 16, 2018
The Electronic Frontier Foundation (EFF), which is an international non-profit digital rights and digital privacy advocacy group, thinks that Gmail's 'Confidential Mode' is not at all secured. It's like lending users a false sense of security.
The first reason is because 'Confidential Mode' doesn't stop any recipients from taking a screenshot of the message.
Google explained this by saying that: "Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn't prevent recipients from taking screenshots or photos of your messages or attachments," said Google. "Recipients who have malicious programs on their computer may still be able to copy or download your messages or attachments."
The next is the lack of end-to-end encryption. What this means, Google is still in full control, can read those emails on transit, and disregard expiration dates.
The EFF also pointed out that expiring messages do not, in fact, disappear from your Sent mail. This means that the emails are actually retrievable.
The advocacy's group strongest argument is against the use of 'SMS Passcode' two-factor authentication. if the senders use SMS passcode for the email, they may required to give Google the recipient's phone number (if the company doesn't have it).
What this means, Google is just having another way to gather more personal data. Google may be able to associate a given person's email with their phone number, even without that person’s permission. This would be considered a privacy violation to some individuals.
So here, Gmail's 'Confidential Mode' isn't actually that "confidential" (at least initially), and the EFF has brought some valid points. But for companies that want to add just a bit of extra security, 'Confidential Mode' is a welcome addition despite its flaws.