The new Gmail Confidential Mode, released earlier this year, could be creating expectations around email security and privacy that it can’t meet, according to a new post from the Electronic Frontier Foundation (EFF).
While the EFF notes that many of the features “sound promising,” the features also have hidden downsides. For those unfamiliar, Confidential Mode in Gmail allows users to send emails with an expiration date for when they will self-destruct, while also giving them the power to set an SMS code to open the email. It also has additional features for restructuring how the recipient can interact with the sent email.
The EFF’s first contention is with the fact that, it said, Gmail Confidential Mode emails aren’t end-to-end encrypted. According to the post, this means that “Google can see the contents of your messages and has the technical capability to store them indefinitely, regardless of any ‘expiration date’ you set. In other words, Confidential Mode provides zero confidentiality with regard to Google.”
Another key feature of Gmail Confidential Mode is its built-in information rights management (IRM) controls, which allow users to “remove the option to forward, copy, download or print messages,” according to a Google blog post. However, IRM’s power lies with Section 1201 of the 1998 Digital Millennium Copyright Act making the bypassing of IRM a potential felony, and the EFF has a problem with this.
“We think that ‘security’ products shouldn’t have to rely on the courts to enforce their supposed guarantees, but rather on technologies such as end-to-end encryption which provide actual mathematical assurances of confidentiality,” the EFF post reads.
SEE: Encryption policy (Tech Pro Research)
In terms of expiring messages, the first workaround is a simple screenshot, the EFF noted. The bigger problem, the post notes, is that the expiring messages actually remain in the sender’s Sent folder for a long time. This means that, even after the expiration date, the email can be retrieved by Google or the sender, the EFF post said.
Finally, the EFF calls out the SMS passcode option as another security fail in Gmail Confidential Mode. While it does offer a two-factor authentication mode for email access, it could also require the sender to tell Google the recipient’s phone number, the EFF said, possibly without his or her consent. This could allow Google to “link two pieces of potentially identifying information,” the post said.
“This ‘privacy’ feature can be harmful to users with a need for private and secure communications, and could lead to unpleasant surprises for recipients who may not want their phone number exposed,” the EFF post said.
Additionally, as noted by ABC News, the US Department of Homeland Security (DHS) issued an intelligence note stating that Gmail Confidential Mode could be a “potential emerging threat” that could lead to some “nefarious activity.” As noted in the report, some believe it could encourage behaviors that could lead users to becoming victims of phishing attempts.
Google could not be reached for comment by the time of publication.
The big takeaways for tech leaders:
- Gmail Confidential Mode misleads users with its security claims, provides no end-to-end encryption, and more, the EFF said.
- The US DHS believes that Gmail Confidential Mode could put users at greater risk for phishing scams.