Search Ask Leo!:

Ask Leo! #721 – Gmail’s Confidential Mode Isn’t

This Week

Featured: I share a supposedly "confidential" message with over 47,000 people. Also this week: why spam exists, and moving an external drive inside your computer.

Reminder: I have a page listing what I consider to be my most important articles. Conveniently on that page is a list of the most popular ones as well.

Gmail's Confidential Mode Isn't

(skip)

Google recently rolled out a feature called “confidential mode”, which claims to prevent disclosure of an email message to anyone other than its intended recipient. The message can only be viewed by the person you send it to, and cannot be forwarded or copied.

Or can it?

What's that old saying? Oh yeah: “If it can be seen, it can be copied.”

Let me show you how by sharing one of my so-called “confidential” messages.

Composing confidential email

Compose a new message in Gmail, and you'll see a combined padlock and clock icon near the bottom of the message.

Composing a message

Click that to set confidential mode options.

Confidential Mode Options

There are three basic characteristics of confidential mode:

  • The message cannot be forwarded, copy/pasted, downloaded, or printed. This is not optional, as it is the basis for confidential mode.
  • The message can expire, meaning it's available to be read only for a certain period of time. After that time, the message cannot be retrieved.
  • The message can require an SMS passcode to be viewed. As we'll see shortly, if this isn't selected, a passcode will be emailed instead.

For our example, I'll simply leave these as the default: one week, and no passcode. Click Save to apply confidential mode to the message.

When a message has confidential mode applied, a warning appears at the bottom of the message before you send it, along with the option to edit the settings if you change your mind.

Confidential message with warning

With confidential mode applied, click Send to send the message.

Receiving confidential email

Instead of receiving the message directly in their inbox, the recipient will get a message from Google containing a link that must be clicked in order to view the message.

Receiving a confidential message

Related

If you've ever used what's called “secure messaging” from a bank or medical institution, you'll have experienced this as well: getting an email that directs you to check your messages on their (much more secure) website. Most of the time it's just fine, but Just How Secure Is Email, Anyway? discusses why email just isn't as secure as some situations warrant.

This is the way most confidential and some email tracking services operate: the message is not displayed as an email message in your email interface or program, but as a webpage. The service has significantly more control over what the user can do while viewing the message as a webpage.

Click on View the email and Google will indicates it will send a passcode to the email address the message was originally sent to.

Send passcode

This almost-two-factor authentication is what restricts access to the email only to the intended recipient. The notification email above can be forwarded. But in order to actually view the message, you must still prove you have access to the original email address the notification was sent to.

Passcode entered

Once you enter the passcode and click Submit, the message is displayed.

The confidential message, displayed

What's wrong with this picture?

That's how Gmail's confidential mode works. It's kinda nice, for what it is.

But it's not confidential. At best, it puts up a few barriers and makes forwarding, copy/pasting, or downloading the message more inconvenient …

… but still possible.

In fact, I just did it.

See that last image of the supposedly confidential message above? I just shared it with you. All I had to do was take a screenshot. I can forward or download that screenshot; I could even run the image through OCR to put it back into editable text format.

Or I could post it on a public webpage.

That's not particularly confidential, as far as I'm concerned.

What's wrong with this picture is that I can take a picture. And even if screen-shots were disabled somehow, there are other techniques to capture it, including simply taking a photograph of the screen.

“If it can be seen, it can be copied.” No exceptions.

Expectations and trust

Confidentiality is a matter of trust, and there are several scenarios where trust can break down:

  • Your recipient has malicious intent. They can clearly save a copy of “confidential” email as long as they like, and use it however they want to.
  • Your recipient might just want to save things for their own records. Again, they can clearly save a copy of “confidential” email as long as they like, for any reason.
  • Your recipient might have malware, and malware can easily take screenshots as I have above. With malware, all bets are off.

I'm not saying confidential mode might not be helpful in some scenarios. My concern, though, is that promoting this as truly confidential sets an unrealistic expectation. In reality, the recipient can easily breach confidentiality.

Related Links & Comments: Gmail's Confidential Mode Isn't
https://askleo.com/62694

The Ask Leo! Tip Of The Day!

An emailed tip six days a week to help you use your computer, and your technology, more effectively and with more confidence. Includes online access to all previous tips, as well as Ad-Free Ask Leo!

There's something for everyone, from beginner to the experienced computer user.

By popular demand: now available as a monthly or annual subscription.

Support Ask Leo! by purchasing a subscription to The Ask Leo! Tip Of The Day.

Thanks!

-Leo

No Ads

Why Is There so Much Spam?

Between bouts of frustration with my inbox, I've been reading your various articles on spam. I think I'm slowly getting a handle on it all, but it sure seems crazy. And it really got me to wondering… why is there so much spam in the first place?

I feel your pain.

Some time ago, I did some research and looked at all my email for an entire year. Not only do I get a lot of email, but my calculations show that 87% of it was junk. Wow.

Why is there so much spam?

It's very simple, really.

Spam works.

Continue Reading: Why Is There so Much Spam?
https://askleo.com/2534

Can I Convert an External USB Hard Drive into an Internal One?

Is it possible to use my external hard drive as an internal hard drive? I have an extra external hard drive with a Western Digital hard drive. I would like to make it an internal hard drive.

In most cases, the answer is a resounding yes. In fact, I've done it myself.

However, there are a few caveats to be aware of.

Continue Reading: Can I Convert an External USB Hard Drive into an Internal One?
https://askleo.com/3121

The Ask Leo! Tip of the Day

A feature exclusively available to Ask Leo! Patrons Bronze level & above.

More Ask Leo!

Tech Enthusiast Hour: I'm one of the regular hosts of the weekly Tech Enthusiast Hour podcast! Join us as we discuss the latest news & tech goings on. More information at tehpodcast.com!

Become a Patron
Ask Leo! Books
Facebook - YouTube - More..

Leo's Other Projects....

HeroicStories Since 1999, HeroicStories brings diverse, international voices to the world ' reminding us that people are good, that individuals and individual action matter. Stories - new and old - are published twice a week.

Not All News Is Bad - Each day I look for one story in the current news of the day with a positive bent. Just one. And I share it.

leo.notenboom.org - My personal blog. Part writing exercise, part ranting platform, it's where I write about anything and everything and nothing at all.

Help Ask Leo! Just forward this message, in its entirety (but without your unsubscribe link below) to your friends. Or, just point them at https://newsletter.askleo.com for their own FREE subscription!

Newsletter contents Copyright © 2018,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC