What Is Gmail Confidential Mode and How Do You Use It?
Sending important, private messages via email is riddled with risk. Not only could someone forward your missive to someone you don't trust, but they could also hold onto it forever to one day use it against you.
Fortunately, Gmail has introduced a new feature to protect your sent messages.
Gmail Confidential Mode, available now via Gmail's website and its Android and iOS apps, stops the recipient from forwarding, copying, printing or downloading the message. Messages sent using Confidential Mode can also be locked with a password that is either sent via SMS messaging if the sender opts for it, or via email if the recipient doesn't use the Gmail app.
Emails sent via Confidential Mode are deleted from the recipient's inbox (or whichever folder they move it to) after a certain amount of time, which is set by the sender and ranges from one day to five years. Those messages do stay in the sender's Sent folder, so you should delete your copies if you're trying to remove all traces.
What Could Go Wrong?
Of course, there's already a potential security risk. The Electronic Frontier Foundation (EFF) has slammed Google for forgoing end-to-end encryption and instead using Google's own Information Rights Management (IRM) technology, which relies on an obscure statute of the 1998 Digital Millennium Copyright Act.
Also, the EFF suggests that the expiration-date option isn't as simple as Google suggests, stating that "these messages actually continue to hang around long after their expiration date for instance, in your Sent folder."
Security professional Christopher Budd pointed out that malicious online actors could make mockups of Confidential Mode to create phishing attacks to take users' cellphone numbers and other data.
Lastly, Confidential Mode doesn't block recipients from taking a screenshot of your emails, so that's another loophole available.
How to Use Gmail Confidential Mode
1. In the Gmail app on iOS or Android: after composing your email, tap the three-dots button. If you're using Gmail in a web browser: click the Lock icon at the bottom of your message. Skip to step 3 if you're on the web; the remaining steps are similar, but look slightly different.
2. Tap Confidential Mode.
3. Tap Expires in 1 week.
4. Set an expiration time, and tap Done.
5. Tap Standard.
6. Select between SMS passcode delivery or Standard Confidential mode, and tap Done.
7. Tap the Check mark.
8. Tap Send.
9. If you chose SMS Passcode, and Gmail doesn't have the phone number for recipient, you'll need to add it. Tap Add Missing Information.
10. Enter your recipient's phone number and tap the Check mark.
11. Your recipient will need to tap Send Passcode to get the SMS message with the code to unlock the email.
12. Your recipient will enter the verification that Google sends to them, and tap Submit.
Once you complete these steps, your email will be unlocked and your recipient will be told how long they have before the message disappears from their end.