Reminder: I have a page listing what I consider to be my most important articles. Conveniently on that page is a list of the most popular ones as well.
Google recently rolled out a feature called “confidential mode”, which claims to prevent disclosure of an email message to anyone other than its intended recipient. The message can only be viewed by the person you send it to, and cannot be forwarded or copied.
Or can it?
What's that old saying? Oh yeah: “If it can be seen, it can be copied.”
Let me show you how by sharing one of my so-called “confidential” messages.
Composing confidential email
Compose a new message in Gmail, and you'll see a combined padlock and clock icon near the bottom of the message.
Click that to set confidential mode options.
There are three basic characteristics of confidential mode:
- The message cannot be forwarded, copy/pasted, downloaded, or printed. This is not optional, as it is the basis for confidential mode.
- The message can expire, meaning it's available to be read only for a certain period of time. After that time, the message cannot be retrieved.
- The message can require an SMS passcode to be viewed. As we'll see shortly, if this isn't selected, a passcode will be emailed instead.
For our example, I'll simply leave these as the default: one week, and no passcode. Click Save to apply confidential mode to the message.
When a message has confidential mode applied, a warning appears at the bottom of the message before you send it, along with the option to edit the settings if you change your mind.
With confidential mode applied, click Send to send the message.
Receiving confidential email
Instead of receiving the message directly in their inbox, the recipient will get a message from Google containing a link that must be clicked in order to view the message.
This is the way most confidential and some email tracking services operate: the message is not displayed as an email message in your email interface or program, but as a webpage. The service has significantly more control over what the user can do while viewing the message as a webpage.
Click on View the email and Google will indicates it will send a passcode to the email address the message was originally sent to.
This almost-two-factor authentication is what restricts access to the email only to the intended recipient. The notification email above can be forwarded. But in order to actually view the message, you must still prove you have access to the original email address the notification was sent to.
Once you enter the passcode and click Submit, the message is displayed.
What's wrong with this picture?
That's how Gmail's confidential mode works. It's kinda nice, for what it is.
But it's not confidential. At best, it puts up a few barriers and makes forwarding, copy/pasting, or downloading the message more inconvenient …
… but still possible.
In fact, I just did it.
See that last image of the supposedly confidential message above? I just shared it with you. All I had to do was take a screenshot. I can forward or download that screenshot; I could even run the image through OCR to put it back into editable text format.
Or I could post it on a public webpage.
That's not particularly confidential, as far as I'm concerned.
What's wrong with this picture is that I can take a picture. And even if screen-shots were disabled somehow, there are other techniques to capture it, including simply taking a photograph of the screen.
“If it can be seen, it can be copied.” No exceptions.
Expectations and trust
Confidentiality is a matter of trust, and there are several scenarios where trust can break down:
- Your recipient has malicious intent. They can clearly save a copy of “confidential” email as long as they like, and use it however they want to.
- Your recipient might just want to save things for their own records. Again, they can clearly save a copy of “confidential” email as long as they like, for any reason.
- Your recipient might have malware, and malware can easily take screenshots as I have above. With malware, all bets are off.
I'm not saying confidential mode might not be helpful in some scenarios. My concern, though, is that promoting this as truly confidential sets an unrealistic expectation. In reality, the recipient can easily breach confidentiality.
Related Links & Comments: Gmail's Confidential Mode Isn't
I feel your pain.
Some time ago, I did some research and looked at all my email for an entire year. Not only do I get a lot of email, but my calculations show that 87% of it was junk. Wow.
Why is there so much spam?
It's very simple, really.
Continue Reading: Why Is There so Much Spam?
In most cases, the answer is a resounding yes. In fact, I've done it myself.
However, there are a few caveats to be aware of.
Continue Reading: Can I Convert an External USB Hard Drive into an Internal One?
A feature exclusively available to Ask Leo! Patrons Bronze level & above.
- Tip of the Day: Get Pro, not Home, if You Have a Choice
- Tip of the Day: Check the Date
- Tip of the Day: Restrict Windows 10 Search
- Tip of the Day: Try Triple Click
- Tip of the Day: Don't Clear Cookies
- Tip of the Day: Headlines Are Written to Make You Click
- Tip of the Day: Windows Key + P for Projector Mode
More Ask Leo!
Leo's Other Projects....HeroicStories Since 1999, HeroicStories brings diverse, international voices to the world ' reminding us that people are good, that individuals and individual action matter. Stories - new and old - are published twice a week.
Not All News Is Bad - Each day I look for one story in the current news of the day with a positive bent. Just one. And I share it.
leo.notenboom.org - My personal blog. Part writing exercise, part ranting platform, it's where I write about anything and everything and nothing at all.
Help Ask Leo! Just forward this message, in its entirety (but without your unsubscribe link below) to your friends. Or, just point them at https://newsletter.askleo.com for their own FREE subscription!
Newsletter contents Copyright © 2018,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC