Gmail’s new ‘Confidential Mode’ won’t be completely private

Have you ever wished it were possible to delete an email from a recipient’s inbox days, weeks or months after it was sent?

If so and you’re a Gmail or G Suite user, it looks as if Google might be about to enable this kind of ‘self-destructing’ email feature on its platform.

We only have screenshots from an email sent to G Suite admins last week to go on, but what seems to be in the offing is the ability to set an expiration date for an email in a similar fashion to that already offered by specialist rivals such as ProtonMail.

“Confidential mode” time limits will be one week, one month or a chosen number of years from the moment it is sent, after which the email will disappear from both the recipient’s inbox and the sender’s outbox.

In addition, “options to forward, download or copy this email’s contents and attachments will be disabled” during the message’s lifetime, as will the ability to print it.

Senders will also be able to make recipients authenticate themselves by entering a onetime code sent from Google to a phone number.

Instead of sending a physical copy from one user to another, Confidential Mode will most likely host it on Google’s own servers, simply sending the recipient a link through which to view it.

That way, Google controls access to it and can delete it after the period set by the sender (ditto controlling access through authentication).

This design also makes it possible for a user on any email system to view the message without having to use Gmail (it’s possible Gmail account will be necessary at both ends for authenticated access to work).

The concept of self-destructing email sounds like something out of Mission Impossible but it’s worth mentioning its limitations.

The most obvious is that the sender has to decide in advance that the email is to be confidential. This can’t be applied retrospectively to any email.

A second is that there is nothing to stop the recipient from taking a screengrab of the email’s contents before it expires.

Moreover, while recipients won’t see the contents of a destroyed email, they might still be able to see that one was received and later deleted by the sender.

Confidential Mode sounds like a non-starter in industries required to keep emails for regulatory reasons but presumably G Suite will offer a mechanism to archive self-destructing emails sent this way.

This hints at what might be Confidential Mode’s biggest weakness for some people: just because the emails are deleted by Google from inboxes and outboxes doesn’t mean they don’t hypothetically exist somewhere.

Remember, from what we’ve seen so far, emails sent this way are not secured using end-to-end encryption in which keys are known only to the sender and receiver. That’s why Google calls it “confidential” rather than private.

All the same, its arrival could still be a big moment for an idea that has been lurking on the fringes for some years.

As already mentioned, ProtonMail (which Cambridge Analytica’s former CEO Alexander Nix claimed his company used to keep emails secret) offers self-destructing email complete with end-to-end encryption when emails are sent between account holders.

In the mobile space, a self-destruction app called Confide reportedly became popular among Washington politicos keen to cover their tracks after the election of Donald Trump in 2016. And Gmail users can already install Dmail as a Chrome extension to do a job very similar to what is being proposed for Gmail and G Suite.