Send Secure Emails with Gmail’s Confidential Mode

Earlier this year I switched jobs. After the interview process was over, I needed to send over my personal information for a background check. After that, I’d be all set! Sweet! Wait… how DO I send my social security number to someone securely? That’s how I discovered Gmail’s confidential mode.

Sifting Through the Options

All the services that send messages with text are super insecure. Email, SMS, and instant messages all go through an unencrypted cloud somewhere and then sit on someone’s device. The only thing I could think of was to get someone’s phone number and verbally give the information by phone. That would require someone to physically tamper with the phone equipment somewhere along the line to listen in. Well, I didn’t want to look like an idiot in front of my new employer, so it was time for me to poke around and figure out how to send confidential information securely.

One page of Google search results later, I had nothing useful. There was a bucket full of overly-optimistic claims about the security of the public cloud. There were also pessimistic demands that anything short of privately-owned end-to-end encryption was committing identity theft for the eagerly waiting criminals. I also found a bunch of shrug emojis and claims that there are no great options, so pay a bunch of money to a private company or give up. I could click the second page of search results but… therein lies madness. So, I decided to dig into the specifics of public options and see what the fuss is all about.

Enter Gmail’s Confidential Mode

So, by default, Gmail encrypts any emails sent to any service that also supports encryption. This happens automatically on every email sent by everyone, so no user intervention is required here. This is NOT end-to-end encryption, however. Google does a variety of things like scan messages for spam or viruses and collect metadata about them for features like Smart Reply. This means there are points where the message is not encrypted. Possibly, there are multiple points depending on how many server hops the message takes and what Google is doing to those messages at those points.

Google caused some excitement when it announced its new confidential mode on messages. People were hoping to finally have access to that end-to-end encryption they had been longing for. Unfortunately, that is not the case, and thus there are a lot of mixed reviews on using it in general. But, let’s dive a bit into what features it actually does have to offer. The official documentation defines confidential mode this way:

“Recipients of messages in confidential mode don’t have the option to forward, copy, print, or download messages, including attachments. Users can set a message expiration date, revoke message access at any time, and require an SMS verification code to access messages.”

That’s a pretty interesting set of features, but what is the point of all that?

How Information Gets Stolen

Let’s take a second to think about how the average consumer gets their personal information stolen. If I’m being honest, I’m not struggling to make ends meet, but I really don’t have much to steal. I can’t imagine a highly skilled hacker doesn’t have any better targets than me. They’d spend countless hours to get a little bit of savings and a credit card with a moderate limit. Maybe a group of hackers gets into a Google server and mass leaks information by just selling it all off. That’s technically possible. If we consider that further though, how many messages could they get ahold of? And, how many of them would have useful information worth selling? Again, it seems like a distant possibility, as I’m compelled to think those groups would have better targets to hack.

What Google is targeting with this mode is the security around users themselves. For instance, what if someone from my new company gave me the wrong email and I copied/pasted it and just send it to the wrong person? What if the person I’m sending it to gets their phone stolen one day and the thief does a global search for personal information on it, finding mine? That may seem unlikely, but I don’t know this person at all or anything about their security habits. I know friends that use 1-2-3-4 as a passcode, and frankly, I try to avoid thinking about it because it’s terrifying. This mode actually deals with the most common ways an average user’s information is discovered. In many ways, it’s pretty brilliant.

With confidential mode, I can email my contact at the company and get a phone number to attach to the message to verify their identity when they receive it. It’s basically two-factor authentication but done on-demand, and without requiring user configuration. Google just does it for you. On top of that, I can set the message to delete itself after a while so that message isn’t on the user’s device for very long. That shortens the window that a device would have to be compromised to get ahold of something personal.

This mode even makes it hard to take the information out of the email. A determined user could still take a screenshot or a picture with their phone. But, I’d argue that the fact that the convenient methods don’t work indicates that the sender intended for the email to be private. This means the recipient is not going to absent-mindedly save the message somewhere and forget about it, and they’re likely to even be extra careful in general.

Drawbacks of Confidential Mode

There are downsides, however, so it’s important we keep them in mind:

  • This is not true end-to-end encryption. In fact, Google refused to comment about how long they keep messages on their end, and what state they’re in. So, it’s unclear if an unencrypted version of the message could still be available on a server somewhere months later for some reason.
  • A lot of this protection could be circumvented for a very unlucky or determined user. Someone could still copy the data and leave it unsecured somewhere. A compromised phone could access the email and decode SMS all from one device if it was at the right time.

How to Use Confidential Mode

To send a confidential message, just click the little lock icon on the bottom of the window when composing a new message.

Then, a popup will let you enter your desired confidential options.

All things considered, I don’t think banks are going to be sending personal financial information over Gmail because of a few confidential user features. That said, I think that, for the average user, this is a very secure way to send private information.