GMail Confidential Really Isn’t, But It Has Its Uses

Many of you reading this have had your Gmail account updated. The update contains a few extra features and a new look, but I would like to focus on one feature that may have escaped your attention. This is the confidential option available when sending an email. This option allows you to control how the email you sent is used.

 For years, I have thought that such a feature should exist. There simply seem to be times when you reluctantly have to email a copy of an important document to someone you may not know. For example, if you are applying for some job overseas, you may have to send a copy of your passport information page. I’m always uncomfortable doing this because I have no idea how the recipient will guard my privacy. Will they leave the document open on their computer? Will they make and distribute a copy of it? Will they forward it to other people? With each of their actions, I risk being compromised.

 But Gmail has come up with a solution to this problem. Using their confidential option, you can make a sensitive document self-destruct at a designated time. It will also prevent downloads, copying, printing and forwarding of such emails and their attachments. There are positive and negative aspects to this, but before discussing them, here is some basic information about using this feature.

 First of all, you have to know where to find this feature. To be honest, I didn’t even notice where it was. For me, the icon associated with this feature does not clearly relate to its purpose. Here is where to find this feature when you compose an email.

 google confidential

 Clicking on the icon brings up this interface.

 google confidential details

 You can see that you can choose to send a code by SMS if you know the person’s phone number. The recipient will receive an email that looks like this.

 google confidential recipient

 They will then be sent to a page where they can read the email and which will give information as to when the email will expire. If you change your mind about allowing access to a confidential email, you can remove the recipient’s access at any time, even before the email gets opened. To do this, open your ‘Sent’ folder, open the confidential message and click the ‘Remove Access” button. The recipient will no longer be able to read the email. This could be a good tool to use for those impulsive, angry emails you may send and then later regret. You can also renew access in the same way.

 The tool does offer some good features, but Google admits that anyone can take a screenshot of the email or attachment. It is true that the copy function is disabled; however, I found that going into developer tools to access the page code enabled me to find and copy the message. In the following example, I sent the message, “This is only a test.” You can see it here. It can then be copied.

 google confidential code

 One positive aspect of the confidential feature is that you can set the expiration date from one day to five years. This will come in handy if the recipient’s email is hacked and the hackers harvest all available sensitive data and any documents that have been sitting around for years. People often allow old emails and attachments to build up in their folders so this tool gets around that. Setting an expiration date removes old emails that could harm the sender or the sender’s company if they happen to be stolen.

 Some members of the cybersecurity community have criticized Google for using the term, ‘confidential mode’. They feel this is a misnomer because this mode does not offer true confidentiality. True confidentiality can only exist in some form of end-to-end encryption.

 Besides the security shortcomings mentioned above, using the confidential mode also does not mean that Google cannot save copies of your email and attachments. They can still use the information you supply in such emails to target you for ads or sell this information to internet marketing firms. If you decide to send the recipient an SMS code, you are also supplying information on your recipient, their phone number, which Google can monetize or otherwise use.

 Such criticisms aside, the confidentiality feature at least gives the sender more control over a message or document than they previously had. Sure, a recipient can subvert this using a number of techniques, but I’m not sure many would actually consider this. Most would simply retrieve the information that was sent during the allowed access time and that would be the end of it. The exception to this would be attachments. Google gives you the right to preview the attachment, but you cannot save or print it. Yes, right clicking on the attachment will show a print option, but printing will give you nothing. In such cases, the recipient would be inclined to make a screenshot and save that.

 In the end, don’t expect true secrecy when sending anything in this mode. Using it will alert the recipient that something important has been sent and may, thereby, prompt quick action on the recipient’s part. On the other hand, if you are sending something like a job application and the recipient doesn’t open the email quickly enough, they may never be able to access your application. In other words, make sure you give the recipient enough time to open your email when you set the expiration date. Also, expect that any attachments, like a resume/cv, will not be printable or savable, which makes it inconvenient for the recipient. In some cases, such an inconvenience could make them ignore your email.

Remember also that some recipients may take the fact that you sent them a self-destructing email as a sign of distrust. It may imply that you don’t expect them to handle your sensitive documents with care. What would this say about your character if they were to consider you as a future employee or business partner? In these cases, some sort of explanation or apology may be necessary in the cover letter. On the positive side, it could show that you are interested in maintaining security and at least have a passing knowledge of what that entails.

 In the end, the Gmail confidentiality feature should be considered as a useful tool. If you want real safety you’ll need to send an encrypted email. You could also password protect a document. These methods, however, take more time to organize and can create problems for both sender and receiver. If, for example, you send a password protected document, you’ll need some way to inform the recipient of the password. If you know the recipient, you can give them a phone call or reference a shared association e.g. the town we met in last year. If you have no association with a person, such as when applying for a job and attaching your resume/cv, you probably don’t want to make things too difficult for the recipient, in such cases, the Gmail confidentiality feature may be your best choice. So use it, but keep in mind its limitations.

 

 

 

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technologies, TrustWall and Mobile bare-metal virtualization. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator.
This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s