Have you ever wished it were possible to delete an email from a recipient’s inbox days, weeks or months after it was sent?
If so and you’re a Gmail or G Suite user, it looks as if Google might be about to enable this kind of ‘self-destructing’ email feature on its platform.
We only have screenshots from an email sent to G Suite admins last week to go on, but what seems to be in the offing is the ability to set an expiration date for an email in a similar fashion to that already offered by specialist rivals such as ProtonMail.
“Confidential mode” time limits will be one week, one month or a chosen number of years from the moment it is sent, after which the email will disappear from both the recipient’s inbox and the sender’s outbox.
In addition, “options to forward, download or copy this email’s contents and attachments will be disabled” during the message’s lifetime, as will the ability to print it.
Senders will also be able to make recipients authenticate themselves by entering a onetime code sent from Google to a phone number.
Instead of sending a physical copy from one user to another, Confidential Mode will most likely host it on Google’s own servers, simply sending the recipient a link through which to view it.
That way, Google controls access to it and can delete it after the period set by the sender (ditto controlling access through authentication).
This design also makes it possible for a user on any email system to view the message without having to use Gmail (it’s possible Gmail account will be necessary at both ends for authenticated access to work).
The concept of self-destructing email sounds like something out of Mission Impossible but it’s worth mentioning its limitations.
The most obvious is that the sender has to decide in advance that the email is to be confidential. This can’t be applied retrospectively to any email.
A second is that there is nothing to stop the recipient from taking a screengrab of the email’s contents before it expires.
Moreover, while recipients won’t see the contents of a destroyed email, they might still be able to see that one was received and later deleted by the sender.
Confidential Mode sounds like a non-starter in industries required to keep emails for regulatory reasons but presumably G Suite will offer a mechanism to archive self-destructing emails sent this way.
This hints at what might be Confidential Mode’s biggest weakness for some people: just because the emails are deleted by Google from inboxes and outboxes doesn’t mean they don’t hypothetically exist somewhere.
Remember, from what we’ve seen so far, emails sent this way are not secured using end-to-end encryption in which keys are known only to the sender and receiver. That’s why Google calls it “confidential” rather than private.
All the same, its arrival could still be a big moment for an idea that has been lurking on the fringes for some years.
As already mentioned, ProtonMail (which Cambridge Analytica’s former CEO Alexander Nix claimed his company used to keep emails secret) offers self-destructing email complete with end-to-end encryption when emails are sent between account holders.
In the mobile space, a self-destruction app called Confide reportedly became popular among Washington politicos keen to cover their tracks after the election of Donald Trump in 2016. And Gmail users can already install Dmail as a Chrome extension to do a job very similar to what is being proposed for Gmail and G Suite.
6 comments on “Gmail’s new ‘Confidential Mode’ won’t be completely private”
If you send me email and I need to take extra steps to read it, chances are I’ll just delete it unread instead.
So if I was working for 3LAA (3 letter acronym agency) I would tell google to make something like this, and have it auto BCC my group. Clearly it’s illegal content if you want to hide it.
(my humor is Sarcastic Sinicism)
The idea of a self-destructive email is to me a bit silly. I suppose we’ve all sent communication (digital or otherwise) we’d prefer to retract, but with the foresight to expire a message one also has the stoic clarity to determine the message might more appropriately remain unsent. With no guarantee of erasing a memory from the recipient’s skull, the message is still “out there” anyway.
If you don’t want someone reading what you’ve said, don’t send it.
My bank’s Android app annoyingly* disables both screenshot and copy/paste functions, preventing me from
a) conveniently gathering evidence when the mobile deposit feature has annoying glitches
b) copying the auth code texted to the same device attempting** to log into the bank, completing the security theater circle
I don’t know if the same unilateral-politics code can be enforced on a desktop screen, but it certainly encumbers the mobile screenshot process by requiring an additional device.
* yes, for my (their) protection.
** yes, memorizing six digits doesn’t exactly break the intellectual sound barrier, but copy/paste prevents typos when clumsily switching apps.
When I read this accusation leveled at Google, I fell from my chair in shock.
Apparently an update will force me to retract half my claims against my bank’s app
(Lest I’m labeled a liar)
Screenshots now work–I tested yesterday with a mobile deposit.
Why am I getting all these promotional and social emails that I don’t want? I hate this new system. Why can’t I go back to the old gmail system?
Nancy, I’m betting you mean the labels Gmail unilaterally foisted upon us (maybe four?) years ago. They bug me as well, however…
a) they aren’t going away, and
b) you can hide them in the settings so they only appear when you update a message’s labels. I defiantly uncheck when I see them, not that it does any good besides giving me an infinitesimal bit of catharsis.