Google rolled out its widely-anticipated “confidential mode” this week. But after a series of recent privacy mishaps, it’s the search giant that may want to go incognito.
The new feature allows Gmail users to set an expiration date for messages they send to other Gmail users, effectively allowing emails to “self-destruct” to prevent sensitive information from getting into the wrong hands.
But these messages are not really as confidential as they may seem. Gmail is not an entirely encrypted platform. It’s susceptible to “man in the middle” attacks, where users are tricked into divulging their account information to third parties who could read their messages without them knowing. And although recipients of these confidential emails won’t be able to copy, paste, download, or print the message, there is nothing preventing them from taking a screenshot to store the email’s content.
On top of that, expiring messages do not, in fact, disappear from the sender’s Sent mail folder, which makes them retrievable by anyone who can get access to their account. And remember: Gmail users can’t send these messages to anyone who doesn’t use Gmail.
Though confidential mode is meant to be an effort to protect user privacy, the Electronic Frontier Foundation (EFF), an international digital-rights nonprofit, took issue with the search giant’s terminology. “[W]hat ‘Confidential Mode’ provides isn’t confidentiality,” the EFF wrote in a blog post. “At best, the new mode might create expectations that it fails to meet around security and privacy in Gmail… At worst, Confidential Mode will push users further into Google’s own walled garden while giving them what we believe are misleading assurances of privacy and security.”
The release comes on the heels of two reports into Google’s privacy practices—one from the Associated Press and another from a Vanderbilt University computer science professor—that detail the ways in which Google may continue to collect information about you, even when you tell it not to.
It appears “confidential mode” is a half measure, potentially lulling users into a false sense of security while still leaving them open to attacks from bad actors. If the new mode deters Gmail users from taking additional, more effective, measures to protect their privacy, they are effectively taking one step forward and two steps back.