What is Confidential Mode in Gmail?

Privacy is a huge concern for all web users, or should be. From corporate data collection to government surveillance, from occasional scammers to industrial-scale hacking, the threats to our privacy are many and are growing in scale and sophistication. So when a popular service introduces a new ‘secret’ email mode, we want to know about it. What exactly is Confidential Mode in Gmail and what can it do for us?


Web

Confidential Mode was introduced into Gmail in 2018. It’s intent is to prevent your email being forwarded, copied or printed. The idea is that you can send a message without worrying about the contents of that message finding its way to places you don’t want it to go. It also includes a timer you can set so your email will delete itself once that timer has expired.

Both are interesting ways to protect email messages but aren’t without their weaknesses. Apparently the timeout doesn’t always work and will keep a copy of the sent email in your Sent folder unless you manually delete it. Then there’s the big one, while the recipient will not be able to copy, download, print or forward the email from within Gmail, there is nothing stopping them taking a screenshot of it and sharing that.

Those weaknesses aside, Confidential Mode is a useful addition to Gmail. Sure it isn’t as useful as end-to-end encryption would be, but as there are no signs of Google introducing that anytime soon so this will have to do.

Using Confidential Mode in Gmail

Confidential Mode should be available to everyone as it was rolled out over a year ago. If you open a compose message window, you should see a small clock icon at the bottom. It is from here that you can use Confidential Mode.

  1. Open Gmail and select Compose.
  2. Select the clock icon from the bottom of the compose window.
  3. Set an expiry timer or use the default 7 day timer.
  4. Select Save to implement within the email.
  5. Finish composing your email and send as normal.

You can set the expiry timer for 1 day, 1 week, 1 month, 3 months or 5 years. I’m not sure what use a 5 year timer would be but it’s an option.

You will also notice an SMS code option. This is an extra security step you can take in securing your email. You will need the recipient’s phone number for this to work. If you select the option you will be prompted to enter the phone number. Gmail will send an SMS code to the recipient which they will have to enter in order to view the email.

Finally, you can revoke access to the email at any time. As long as you don’t delete the email from your Sent folder, you can access that sent email and select Remove Access. This will delete the copy of the email from the recipients Gmail account. If you change your mind, you can select Renew Access and it will become visible again.

How effective is Confidential Mode in Gmail?

How effective is Confidential Mode in Gmail? Not very if I’m honest. These are neat tricks and will work in some situations but Confidential Mode is still far from being truly secure. Not being able to download, copy, print or forward is a neat trick and is somewhat effective. Gmail cannot stop you from screenshotting the email though so renders it almost useless.

Emails can in fact be forwarded but only become visible when the recipient enters their Gmail login. This poses two problems. One, someone could share their Gmail login with anyone to share the email. Unlikely, but possible. Two, we are so used to phishing emails and scammers trying to get us to log into things that many people won’t trust an email asking them to log in even if it looks like it came from Google.

These emails are stored on Google servers until deleted so rather than being truly secure, you’re dependent on Google keeping them safe. Google is unlikely to drop the ball here but security is about maintaining control of your data. Confidential Mode does not allow you to do that.

If privacy is your main concern, you shouldn’t use Gmail. Confidential Mode is a useful extra security measure but it does not constitute secure email. For email to be truly secure, you need to use a provider that allows end-to-end encryption where you maintain control over the data. Where the provider does not keep the email safe for you and where even the email servers cannot read the email through the encryption.

Confidential Mode offers none of those things.