Gmail Confidential Mode: An Elegant Email for a more Confidential Age

There are some things that we have to email to others. These may be private or personal information that we need to share for a moment but that we don't want to have to worry about forever. Perhaps our accountant needs our social security number. Or our doctor might need to know something specific from our health history.

In many ways, the best way to share this is in person or over the phone. Unless someone is actively recording the discussion, anything that we say disappears into the air after we say it. However, anything said this way can be overheard by a third party.

Because of its permanence, few of us would ever share any confidential information over email. However, Gmail has an elegant solution to this problem: confidential mode.

Showcasing how to turn confidential mode on or off at the bottom of a new Gmail message.

Email Confidential

To activate confidential mode, all a Gmail user has to do is:

  1. Click Compose to start a new email.
  2. Click "Turn confidential mode on / off." (It's located on the bottom of the page, seven buttons over from Send, in-between "Insert photo" and "Insert signature.")

The menu that pops up when confidential mode is turned on.

First, we see the limits of what recipients can do with this message. Google explains, "Recipients won't have the option to forward, copy, print, or download this email." This limitation not only applies to the message but attachments as well. As such, the recipient can view the images, PDFs, etc. that we send, but these are staying safe in the email itself.

Second, in this menu, we can set the expiration from one day to five years. A week is the default. This expiration isn't optional. We have to set a time for this email to expire and no longer be accessible. Even if we opt for the maximum, no matter what, this email goes away in five years.

Third, we can also decide how our recipient will get their passcode. Like the expiration, this is not optional. If we go for the default "No SMS passcode," Google emails the passcode. Here, both the email and the passcode go to the same email. Each time a person clicks "View the email," a message explains the one-time passcode will be sent to this email.

But if we want to add another layer of security, we can opt for "SMS passcode." When we finish this email and hit send, a box pops up asking us to enter a phone number " so recipients can verify their identity using an SMS passcode." To read this email, the person needs both the email account AND phone number we enter.

If SMS is selected, Gmail will prompt for a phone number to send the passcode to.

Better but not Perfect

While confidential mode offers fantastic security features, it does not fix everything. Many of the concerns brought up in "You’ve Got Mail! But Is It HIPAA Compliant?" remain. For example, Google warns, " This message may still be visible to your Google Workspace domain admins or Vault users for periods defined by the domain's Gmail retention rules." This means that this message is not encrypted while at rest.

Furthermore, none of the information in this email is safe from a screenshot. Any part of the message or attachment that can be viewed can then be captured with Print Screen or Snip & Sketch.[1] As such, if the recipient wants to permanently save some or all of this information, it just takes a little bit of work.



[1] This workaround particularly bothers me because Google has the technology both on Google Play and on YouTube to block screen capturing.