Gmail confidential mode’s fatal security flaw & why document DRM is better
Gmail’s confidential mode is meant to protect sensitive information from sharing, but like Google docs, its security is trivial to bypass. Here we show why, privacy implications, and what secure alternatives there are for businesses.
What is Confidential mode in Gmail?
Gmail’s Confidential mode was released in late 2019 and was immediately billed as a way to make emails more private and secure (beyond the basic TLS encryption). That assumption still exists today, and it’s not surprising — after all, you would expect something labeled “confidential” to keep your documents safe.
In reality, the strange implementation of Confidential mode in some ways makes it less private, rather than more. First, let’s take a look at what Google says about Confidential mode:
With Gmail confidential mode, your users can help protect sensitive information from unauthorized or accidental sharing. Confidential mode messages don’t have options to forward, copy, print, or download messages or attachments.
Confidential mode lets you:
– Set a message expiration date
– Revoke message access at any time
– Require a verification code by text to open messages
Sounds promising, right? Confidential mode can be a useful feature if used correctly. However, Google itself admits that despite removing the copying, printing, or downloading options, it doesn’t stop a user from performing them.
How secure is Confidential mode?
While yes, Confidential mode removes the options to perform these actions in the Gmail client, Google admits that it doesn’t stop recipients from taking screenshots of a message or attachment or using a “malicious tool” to copy or download them.
To be clear, Google’s definition of a malicious tool here is a very broad one. By malicious tool, the company means any application that can open its emails but aren’t under its control. For example, you can trivially bypass the printing, downloading, expiry, and copying controls by:
- ticking a few boxes in Firefox’s style editor.
- using the “save page as” button in your browser to download the email’s contents.
These methods automatically remove all controls, as the protection is dependent on you opening the email in Gmail. Attachments are not protected to begin with.
In practice, this means that at its best confidential mode only protects against non-technical users. At worst, it actively reduces security by creating a false sense of it. Confidential mode emails are not encrypted end-to-end, yet users may see them as a replacement for more effective security measures.
It also raises the question of privacy. Despite its “Confidential” branding, the lack of end-to-end encryption means that the feature doesn’t hide anything from Google. The company can potentially read and store your emails for as long as they want, no matter the expiry date you set. Indeed, we know for a fact that emails hang around after expiry because they long live on in the “Sent” folder.
A word on encrypted emails
So, if not confidential mode, what should you be using to secure business emails? Recently, there has been a rise in users utilizing end-to-end encrypted email services. By using pairs of private and public keys, such email services ensure that emails can only be opened by the account of their intended recipient. It also means that the email provider will be unable to read or store your emails.
Unfortunately, the protection this encryption provides doesn’t apply to documents. While yes, you’re making it harder for attackers to intercept an email in transit, that isn’t the primary way documents leak. You need to be able to prevent misuse after the recipient downloads and opens your file.
If you don’t trust a recipient 100%, which is nearly always the case, you can’t be sure they won’t just download the unprotected attachment and share it. If you’re sharing documents securely as a product, this is even more likely, with piracy rampant in the e-book market and beyond.
What about Google Docs security?
Hold on, you might be thinking. Google already has document protection in the form of Google Docs. Why can’t I just embed a Google Doc in my email and call it a day?
Google Docs does include some rudimentary document protection (but no expiry) by only allowing access to certain Google accounts and disabling the option, to download, print, and copy. However, there are several issues with its implementation.
The thing to understand about Google Docs is that it is a browser-based tool. Though there has been a trend toward web apps in recent years, the problem with this approach is that a browser simply can’t exert the same level of control over a user’s system and activities as an application can. In fact, browsers are designed to be manipulated for web development purposes, and you’d better believe that Google Docs can be manipulated, too.
Google also makes no attempt to stop users from using their browser’s print function (Ctrl + P) to print to a PDF, or from taking a high-quality screenshot.
Finally, assuming that all of these flaws are suddenly fixed (which is not really possible in the browser) a user can still leak a document by sharing their account details with someone else.
So how do you protect your document in transit and at rest, while also preventing unauthorized sharing? The answer is document DRM.
With a DRM solution like Locklizard Safeguard, the document is end-to-end encrypted before it’s sent to any users. The recipient is sent a license file in advance. This license key can only be activated on one machine and is required to obtain the decryption keys for the document. Once the decryption keys are securely transmitted, they are stored in an encrypted keystore that the recipient cannot access or share. Therefore, only authorized users can open the PDF.
Meanwhile, the viewer application can enforce printing, revocation, and expiry controls that actually work. With a secure implementation and no ability to install plugins or open developer mode, users have no route to bypass them. It additionally includes the following functionality:
- prevents copying and pasting into other applications
- stops editing and modification of content
- prevents printing
- blocks screenshots
- restricts access to devices to prevent sharing
- restricts access to locations to control BYOD use
- enables limited and degraded printing while preventing printing to PDF
- expire the document after a certain date or number of uses
- revoke user access remotely at any time
- logging of document views and prints
- add irremovable watermarks that are automatically populated with identifying user information at view/print time
How to encrypt & send a secure PDF via gmail using Locklizard
Create your DRM encrypted PDF
- Right-click on your PDF and select “Make secure PDF”.
- Open the “Document Access” tab and choose “Selected customers”.
- Choose the DRM controls you want to enforce.
Creating a secure PDF file using Locklizard Safeguard PDF DRM
Move through the tabs of Safeguard PDF Writer and add any DRM controls you want to add to your document. By default, Locklizard secure PDF files cannot be edited, copied and pasted, printed, or saved as unprotected PDF files. If you enable printing, then users cannot print to file drivers such as PDF and other unprotected file formats (otherwise they could easily remove the security).
- Press the “Publish” button at the bottom of the dialog to protect the PDF file. The PDF will be encrypted using AES 256-bit encryption and the DRM controls applied.
- To grant a user access to it, log in to the Safeguard Admin portal.
- Open the “Customers” tab and press “Add” in the sidebar.
- Enter the user information and click on the “Set Document Access” link in the “Manage Access” section.
- Select your document and press “OK”.
- Press the “Add” button on the customer account.
Keep the “Email license” checkbox checked to have the license file emailed to the user’s email address that you have entered. The user will be sent an email with their license key and instructions on how to download the secure PDF viewer software. You can also choose to untick ‘Email license’ if you’d like to share this information with them via other means.
Securely send your PDF using Gmail
Once users have installed the secure Viewer software and clicked on their license file to activate it, you can securely send PDF file attachments to them via gmail.
To do this, select the protected PDF file (.PDC file) and attach it to your email message.
Emailing a secure PDF attachment using Gmail that has been protected with Safeguard PDF Security
Of course, you can also send the PDF attachment using a different email client, or share the protected PDF file via your favorite workplace chat app, cloud storage, or another document-sharing solution. As only the recipient has authorized access, nobody else will be able to open the secure PDF document.
If you want to prevent users from opening the secure PDF file outside certain locations (such as the office) you can add country and IP restrictions in the Safeguard Admin portal.
The best choice for confidential document distribution
While Safeguard DRM isn’t a replacement for end-to-end email encryption (you still have to protect the text in the body of your email after all) it can work excellently in tandem with it. Together, they can provide an email experience that’s truly confidential – and not just meaningless buzzwords.
Is Gmail encrypted?
Gmail uses TLS to provide encryption of emails and attachments during transit. So as long as the person you email is also using a mail service that uses TLS then no one should be able to intercept them en route. However, once the email reaches the destination mail server, it is stored in clear text.
If you want to ensure only the intended recipient can view it, then you need to use end-to-end encryption – there are many companies that provide secure email software and services. Alternatively, you can encrypt attachments using a separate file encryption application such as PGP, or add encryption and DRM to PDF files using Safeguard PDF Security.
Can Google read my email messages?
Yes, they are NOT stored encrypted on the mail server but held in plain text.
Can you send a password protected PDF in Gmail?
In short, yes – but it is not very secure:
- Weak passwords can be easily cracked using password removal tools – so you need to use a strong password, which has to be remembered.
- You have to find a secure way to transmit the password to the user(s) that need to open it.
- Once recipients have the password they can remove it or share it with others.
- Any permissions or restrictions you apply, such as preventing editing or printing, can be instantly removed using free online tools.
Can you send a secure email in Gmail?
It depends on what you mean by secure.
- If you want only the intended recipient to view your email then an email service that provides end-to-end encryption is more secure.
- If you want to control what users can do with content (copy, edit, print, etc.) then you need a DRM solution.
Can I send a confidential email in Gmail?
Yes, but for the reasons outlined above, it is not recommended, especially for business use. Users can easily bypass confidential mode by using Firefox’s style editor or using the “save page as” button in the browser to download the email’s contents.