Gmail’s Confidential Mode—everything you need to know

How does Gmail Confidential Mode work? Find out how to set up and use the security feature and discover whether there’s a safer alternative.
Gmail is one of the largest email services, with more than 1.8 billion users. Since people often send sensitive information via their personal or business Gmail accounts, the provider offers specific ways to fortify the security of their outbound messages.One of the security methods Gmail provides is the Confidential Mode, introduced by the provider in 2018. We’ll take a closer look at the feature and explain:
  1. What is Gmail Confidential Mode exactly, and how safe is it?
  2. What other ways are there to fortify the security of your Gmail account?
  3. Which email services offer more safety?
Elevate email privacy with Skiff MailSkiff Mail offers end-to-end encryption and advanced privacy features, giving you complete control over your confidential information
Sign up

What is Gmail’s Confidential Mode?

Confidential Mode is Gmail’s feature that helps protect sensitive information from being shared accidentally or without your consent. You can use the feature to:
  • Set an expiration date for the message—Choose a date after which the message will no longer be visible to the recipient
  • Set a passcode for the message—Enter the recipient’s phone number or email address to send them a verification passcode required to open the email
  • Revoke access to the message at any time—If you think that the email has been compromised or the recipient hasn’t opened it in a specific period, you can revoke access to the email, regardless of the expiration date
When the recipient receives an email, they cannot forward, copy, download, or print it if the sender activated the Confidential Mode. This feature also allows you to send attachmentsdocuments, photos, videos, and other files—securely. Once you activate the mode, the attachments will be unavailable for download without the accompanying passcode.Confidential Mode doesn’t transmit the message through regular email protocols but stores it on Google’s server, preventing it from being shared without the sender’s permission.

How to send a confidential email in Gmail

Sending an email in Confidential Mode requires completing six steps:
  1. Open your Gmail account and click on the Compose button in the top-left corner of the window
  2. Click on the Confidential Mode button—the tiny lock at the bottom of the window—to start composing an email in this mode
Source: Gmail
  1. Choose an expiration date on the pop-up screen. You can pick between:
    1. One day
    2. One week
    3. One month
    4. Three months
    5. Five years
  2. Set a passcode. You can choose between two options:
    1. No SMS Passcode—Recipients using the Gmail app will be able to open the message but not copy, print, forward, or download it. Recipients who don't use Gmail will be emailed a passcode necessary for opening the message
    2. SMS Passcode—Enter the recipient’s phone number, and they will receive a passcode by text message that they need to enter into the passcode field to gain access to the email

Security issues with Gmail’s Confidential Mode

While the Confidential Mode feature fulfills its purpose in theory, it is far from an ideal method for sending secure emails.The main issue with this feature is that Google keeps the email contents on its servers and can access them anytime. While confidentiality is somewhat achieved with respect to other users, you don’t get it from the provider. Even when the message expires and is no longer visible to the recipient, it will remain in the sender’s “Sent” folder, which Google can also access. For this reason, calling the message “expired” may sound misleading.The passcode option is another problem. If the recipient is a Gmail user, Google already has their phone number. However, if they’re not, by setting the password-protected email, you allow the provider to link the recipient’s phone number to their email address and the content of the message. The process is also rather complicated because you must inform the recipient to expect an SMS with the passcode to avoid confusion. There is also the issue of having to send a confidential email to someone whose phone number you don’t know.While Confidential Mode ensures that the recipient cannot forward, copy, download, or print the email, there is nothing stopping them from taking a screenshot and sharing it with others. It also doesn’t stop malicious software applications from copying or downloading messages and their attachments.This feature might be seen as the first step towards secure emails or an additional security layer, but it doesn’t provide true confidentiality. Security and privacy of your email correspondence can only be achieved through encryption.

How email encryption protects your messages

Encryption is the process of scrambling the content of an email into ciphertext that only authorized parties can read. Most email service providers—Gmail included—use some form of encryption, but not all types are equally effective.Check out the three most commonly used encryption forms:
TypeHow it works
Encryption at restKeeps your data secure while they’re stored on a device or a cloud
Encryption at transit Encrypts data while it travels across the servers until reaching the recipient but leaves it vulnerable while resting on servers
End-to-end encryptionEncrypts data at the device level and keeps it in the encrypted form until it reaches the recipient, the only person with the decryption key

How secure are Gmail’s encryption protocols?

Gmail uses two encryption protocols:
  • Transport Layer Security (TLS)—Gmail’s default encryption protocol available to all users. It secures messages in transit between email servers as long as the recipient’s provider supports it
  • Secure/Multipurpose Internet Mail Extensions (S/MIME)—A stronger type of encryption that secures emails in transit, available to premium users only. This encryption protocol can be difficult to set up and configure and works only if enabled by both the sender and the recipient
The problem with these two types of encryption is that they do nothing to protect the messages once they reach their destination servers. The provider also still has access to the plaintext copies of your emails—Gmail is especially notorious for collecting user data and selling it to advertisers. Furthermore, if malicious parties infiltrate the provider’s servers, they can steal the decryption key and access your emails.Gmail’s encryption standards don't provide the highest-level security for your online communication. The only way to have full control of your data is to sign up for a service with end-to-end encryption.
Choose a privacy-first approachWith the built-in end-to-end encryption, Skiff Mail ensures your sensitive data stays safe and confidential
Sign up

Why E2EE is the highest-level security standard

E2EE happens at the device level and protects your data all the way to the recipient. You can send private emails without the risk of your sensitive information being read by the provider or sold to advertisers.Unlike other types of encryption, E2EE allows the user to create and store the decryption key, so even the service provider can't access the messages. In case of a server breach, your data stays unreadable to hackers since the provider doesn’t store a copy of the decryption key.Here is the summary of the advantages of E2EE over other security methods:
  • Keeps your data safe from cyberattacks—Even if hackers compromise the server where your encrypted data is stored, they would only see your messages in the encrypted form
  • Ensures data is not tampered with—Hackers can’t tamper with the content of the message even if they intercept it since the attempts to do so would be obvious to the recipient
  • Enables complete privacy of your personal information—End-to-end encryption prevents everyone but the intended recipient—even the email service provider—from accessing your messages
If you value your online privacy and want to have full control of your personal data, choose an E2EE email service providersign up for Skiff!

Enjoy confidentiality in the fullest sense of the word with Skiff Mail

Skiff Mail is a privacy-first email service. The platform uses end-to-end encryption to ensure your online traffic can’t be analyzed or seen by anyone other than the intended recipient. Skiff implements two separate keys to secure your emails:
  • Public key—used for encryption and shared among users
  • Private key—used for decryption and safely stored on the recipient’s device
This method guarantees no unauthorized parties can see the content of your emails, not even Skiff’s own team. Start using Skiff today and protect your emails with superior security standards at no cost!The platform supports two-factor authentication (2FA) as an extra layer of protection. With this verification method, even if someone guessed your password, they wouldn’t be able to access your account without a one-time code sent to your trusted device. You don’t even have to provide personal information when signing up, ensuring your login data will never be stored on Skiff’s servers.Skiff is open source and completely transparent about its privacy policy. For a more detailed insight, read the whitepaper.In addition to the highest-level security methods, Skiff offers a generous free plan with no time limit. It includes:Skiff’s free plan completely meets the needs of an average user. Should your needs grow, you can expand your storage, get custom domains, and access other advanced features by upgrading to one of Skiff’s paid plans:
  • Essential—$3 per user/month
  • Pro—$8 per user/month
  • Business—$12 per user/month
While most privacy-first email providers sacrifice safety for functionality, Skiff provides an intuitive and modern interface even non-tech-savvy users can easily navigate.

Try out Skiff’s comprehensive product suite

Besides email, Skiff offers three more end-to-end encrypted products to supercharge your workflow—Skiff Pages, Skiff Drive, and Skiff Calendar:
Skiff PagesShare and collaborate on an unlimited number of documents in a secure environment
Skiff DriveStore, upload, share, and download all types of files without privacy concerns
Skiff CalendarSchedule and store your event entries in a private calendar
How to get started with Skiff MailSkiff doesn’t require you to give any personal information when signing up. Get started with three easy steps:
  1. Visit Skiff’s signup page
  2. Create a free account
  3. Start using Skiff Mail and other products
All Skiff products can be accessed via any browser, iOS, Android, and macOS apps.

Join the community

Become a part of our 1,000,000+ community and join the future of a private and decentralized internet.

Free plan • No card required