Gmail Confidential Mode
This month I want to talk about Gmail.
Specifically, Gmail confidential mode. It has been in Gmail since 2018 but isn’t used very often. There are good reasons to use it and there are good reasons not to use it. It isn’t a panacea for email security problems, but it may solve some specific issues that you find difficult to tackle otherwise.
Gmail confidential mode is a feature you can turn on for a specific email. When you are composing an email look at the bottom of the New Message window. You’ll see a bunch of icons. The one that looks like a briefcase with a clock face over it enables confidential mode.
If you click that button it will bring up a dialogue box with a few options. You can set an expiration date. After that date, the recipient can no longer view the email. You can also assign an SMS passcode that the recipient will have to enter to open the email.
Okay, what’s the point? Emails sent in confidential mode can be set to expire. Perhaps the information you are sending is only valid up until a particular date. An example might be an offer to buy something that expires. Also, confidential mode emails cannot be copied, forwarded, printed, or downloaded. Useful for information that’s intended for the recipient and no one else.
Gmail confidential mode is only available of course if you are using Gmail, but the recipient doesn’t have to be. If they’re not using Gmail they’ll receive a link to retrieve the email. If they are using Gmail they’ll receive a normal email unless an SMS passcode has been assigned.
If you want to assign an SMS passcode that the recipient will have to enter before viewing this email, you’ll need to enter their phone number. The recipient will receive a text from Google with the passcode which they’ll have to enter to open the email. This feature is not available in all countries but works fine in North America.
What’s the downside? Well, it’s not foolproof. The recipient can still copy the email by taking a screenshot if they want to copy it. The email is not secret. As in, Google’s servers can still read it as it’s not encrypted. Another consideration might be your work email rules. Some organizations require all emails to be kept. Also, the email doesn’t truly go away after the expiration date as it’s still available in the sender’s Sent folder unless manually deleted. One final consideration is that emails sent to non-Gmail addresses receive a link to the email, instead of the email. That link could be either spoofed by someone for nefarious reasons or perhaps not clicked on out of fear.