Gmail Confidential Mode (GCM) is a new feature released on Gmail to let you take over control of what you send from your Gmail account. Gmail Confidential Mode lets you send self-destructing emails which can be revoked from the recipient’s inbox after a period of time. Emails sent under the “Confidential Mode” also cannot be forwarded or printed or downloaded in any form.
Gmail Confidential Mode (GCM) tries to give you a bit of control back by offering message expiration dates and making it trickier for email to be forwarded on. Confidential messages are hosted on Google’s servers, instead.
The way Google does it is that any email sent with the Confidential Mode switched on is basically a link, not the regular mix of text and attachments. You can think of that link as a limited access license to a specific space of your account where the email is actually stored. Therefore, with Gmail Confidential Mode (GCM), the email technically never leaves your inbox. In the entire time span when the email is valid, the sender always has the control and can revoke it anytime.
How to use Gmail Confidential Mode (GCM)
This is quite simple, I believe everyone should be able to use this feature at the end of this article. These are the steps to follow:
Step 1 ====> Open up Gmail and compose a message. At the bottom of the message you will see a small clock icon.
Step 2 ====> Click on the clock icon, a pop-up will appear where you can configure the settings for this email.
NB: Confidential Mode is configured on a per-email basis, so you must go through this for each email you want to use with the feature.
Set the expiring date for the email (ranging from one day to five years), based on when you want that email to expire.
Step 3 ====> Once you have completed the step two above, then configure the passcode. Here you have two options:
SMS passcode: A passcode necessary to view the email will be sent via text.
No SMS passcode: No passcode is necessary to view the email.
Step 4 ====> Compose your email and click Send. If you have configured Confidential Mode with an SMS passcode, you will then be prompted for a phone number (so the passcode can be sent via text.
Without that passcode, the recipient cannot view the email. The SMS passcode will only be valid for five minutes.
If you go the No SMS passcode option, that email can then be viewed by anyone with access to the recipient’s email client. For more security, it is always best to go with the SMS Passcode option.
That way the recipient must have their phone handy to read the email which will expire on the date you configured.
Receiving Confidential Emails
Receiving these confidential emails is seamless if the recipient is a Gmail user with the new version enabled. Here is what it looks like:
The Forward button is disabled, and there is a banner explaining the feature. But other than that, this looks like a standard email.
When the email expires the text disappears entirely: Not complicated, right? Sadly things are a little different if the recipient is not a Gmail user, or even if they are a Gmail user who uses a third party email client. Instead of seeing the message, they will see a link like this:
They have to click this link to open the confidential message in their browser. It is a little clumsy, but it gets the job done.
Why Google New Secure Email is Neither Secure Nor Email
The messages you send or receive via Confidential Mode are not actually email. The link is an email, but the message is an email-looking page on the internet that’s password-protected. Emails containing the link can, in fact, be forwarded, but only the intended recipient can successfully open the link.
When someone gets one of these forwarded mails, they are prompted for their Google login username and password to determine whether or not they’re the intended recipient. This is problematic, because it invites link-baiting phishing attacks, which could con people into revealing their login information.
An easy-to-imagine phishing attack would say that a Confidential Mode email has been forwarded and can be seen by clicking on the provided link. Once the victim arrives on the linked page, a Google-like login page requests a Gmail email address and password. Once those are entered, the phishers can capture the information they need to compromise their victim’s Google account.
Good email encryption systems encrypt email on one end and decrypt it on the other, making it inaccessible even to the mail provider. The sender is in control until it’s sent, after which time the recipient is in control. Google’s Confidential Mode does the opposite. Google itself has possession and control of the email at all times and grants or revokes access based on the choices of the sender.