Google’s Gmail Confidential Mode lets an email sender set a message to automatically expire anywhere from 24 hours to five years after itis sent.
Remember Hollywood movie series Mission Impossible (MI), in that the agent used to receive his assignments through self-destructing messages that usually detonating itself.
Confidential mode on Gmail adds access restrictions to emails that you sent using the mode. Designed to protect sensitive information, it enables you to set time limits and passcodes. The mode blocks certain actions, forwarding, copy and paste, downloading of the email, and printing as well automatically.
Here disappearing emails may not actually detonate, but they do vanish after a certain amount of time. The tool is part of Google’s efforts to beef up privacy and cybersecurity for Gmail users. It will be available to corporate accounts as well as personal Gmail account holders, you can enable it and use it right away.
Open Gmail on your computer and tap the compose/reply button.
Now select this icon on the bottom of the screen. It’s a tiny lock with a clock on it.
A click on the icon opens the confidential mode configuration overlay which gives you two options:
- Set an expiration date for the email. Available options are 1 day, 1 week, 1 month, 3 months and 5 years. The expiration date is displayed next to the selection menu so that you know immediately when the email expires.
- Enable the SMS passcode Recipients to need a mobile phone for that and Google will be sent recipients a passcode text message which they need to unlock the email.
No SMS passcode – if the recipients don’t use Gmail, they’ll get a passcode by email.
SMS passcode – Recipients will get a passcode by SMS (text message)
Gmail highlights confidential mode by adding a “content expires” message to the email. You can edit the requirement or click on the x-icon to remove it again before you hit the send button.
What happens when you hit send? If you selected the passcode option, you are asked to type the phone number of the recipient.
That’s it. Now the email will automatically delete itself after your predetermined self-destruction time period ends. Recipients can open the email until then, which means the clock starts right when you send it, not when they open it.
Also, if you want to revoke access sooner, you can do that by opening Gmail, selecting “Sent,” opening the confidential email you just sent and then selecting “remove access.”
The email that you receive does not contain the message. Google uses the selected subject and shows the sender of the email, but instead of displaying the content, it informs you that you have received a confidential email which you can only open.
In other words: Google sends you a notification by email that a confidential email was sent to you and that you may click on the link to open it.
No SMS passcode– if the recipients don’t use Gmail, they’ll get a passcode by email.
SMS passcode– Recipients will get a passcode by SMS (text message)
But, before you start emailing friends the juicy details of your diary, there are a few important limits on confidential emails you might want to keep in mind. Erased emails may fade away from receivers’ inboxes, but they’ll still show up in your “sent” file if you don’t manually delete them. Keep in mind as well that Mac OS and Windows OS both allow the taking and saving of screenshots of anything that appears on a screen. It’s also not clear how long the messages stay on Google’s servers.
There is another issue that needs to be addressed. Recipients get an email with a link asking them to click on the link and even sign in to a Google account if they are not already to view it. If that does not sound a lot like phishing I don’t know what does.
Recipients may not want to click on the links. Ironically, attackers who use phishing as an attack vector may exploit the new functionality to steal user credentials.
Gmail’s Confidential mode feature is not the right option when you need to send confidential messages to others. Email is not the right format for confidential messages unless you use Pretty Good Privacy (PGP) or another secure form of communication.