Features of the new Gmail have been rolling out to users since its unveiling just before I/O. One such feature, Confidential Mode, which offers a suite of email protection options, is arriving now on mobile. However, the Electronic Frontier Foundation is advising users to be fully aware of how Confidential Mode works, and how its use can affect others.
Gmail’s Confidential Mode, a feature geared towards commercial G Suite users, allows users to send emails that cannot be copied, printed, forwarded, or shared and also includes the capability for emails that “expire” or cannot be opened without two-factor authentication.
Users of the desktop web client have had access to this feature since April, but Google announced yesterday that the feature is beginning to reach users on Android and iOS.
However, the Electronic Frontier Foundation, or EFF, a well-respected organization in the field of digital user privacy, has recently shared some criticisms of Confidential Mode’s claims to security. The security-conscious will be interested to know that these “confidential” emails are not end-to-end encrypted. This means Google is in full control of the ability to encrypt and decrypt the secured emails or disregard expiration dates. Thus, obviously, if one does not trust Google with the contents of the email, do not send it via Gmail.
The organization also claims that two of Confidential Mode’s security measures, expiring messages and the inability to forward, print, copy, or share confidential messages, can be easily bypassed by simply taking a screenshot, either digitally or the old-fashioned way, with a camera.
By far, though, the EFF’s strongest argument is against the use of “SMS Passcode” two-factor authentication. They claim that because it’s the sender’s responsibility to give Gmail a phone number, Google may be able to associate a given person’s email with their phone number, possibly even without that person’s permission. This would be considered by some to be a major privacy violation.
9to5Google’s Take
The EFF brought up some valid points, especially the idea of a simple screenshot foiling security, but I’m sure that for companies just trying to add an extra layer of security to internal emails, Confidential Mode will be a welcome addition to G Suite.