Confidential mode for Gmail is a relatively old but mostly overlooked feature in Gmail. It sits as a locked clock icon near the “Send” button of the Compose message window and lets you set an expiration date for your message/s. This effectively cuts off its recipient’s access as soon as the time lapses and requires a verification code by text to open messages. It also prevents emails from getting forwarded, copied, or printed.
How to enable Confidential mode for Gmail?
Varied features in Google’s Gmail like the ability to add a signature and unsend emails before a recipient reads them, already make Gmail an important communication tool. The addition of Gmail Confidential mode improves the functionality of the service furthermore for users who use it as their primary email client or depend on it for work-related communication.
On your computer or mobile, open your Gmail account. Click the Compose button.
Select the Confidential Mode option if you are on the mobile app or click the ‘locked Clock’ Confidential Mode icon in the bottom right of the Compose message window on your computer.
Toggle On the Confidential mode icon (lock with timer) to turn on confidential mode.
Choose an Expiration date. These settings impact both the message text and any attachments.
To add another layer of security, you can set the message to only unlock after the recipient types in an SMS verification code that’s sent to their phone number. So, when you choose ‘No SMS passcode‘ recipients using the Gmail app will be able to open it directly. While the recipients who don’t use Gmail will receive a passcode via an email. Similarly, if you pick the ‘SMS passcode’ option recipients will get a passcode by text message.
Hit the Save button to save your changes.
Is Gmail confidential mode really secure?
One caveat to the Confidential mode in Gmail is that enabling it does not necessarily mean the messages are end-to-end encrypted.
Although the message is no longer accessible to the recipient once it has expired, it continues to linger in the sender’s sent folder, which is readable by Google also.
This is essentially not an expiring email. As you delete a message only only at one end, an online record of it continues to exist. In a way, this only reduces the risk of accidental data exposure, that’s not real security. A big perk of expiring messages is that purging happens automatically.
Second, when you send a passcode-protected email to a non-Google user, you just allow the company to link that recipient’s phone number to their email address thereby letting Google collect the person’s information even though they might have refused to use their service to avoid just such data collection.
Lastly, though the confidential message has options to copy, print, forward, and download disabled, the recipient can still capture a screenshot of the email.