Google has redesigned Gmail with a new user interface, additional features, and security improvements. Gmail users will likely greet these changes the same way every update to a popular service is greeted--with a mix of intrigue and skepticism--but the real question is whether or not the privacy and security tools make up for the decision to effectively abandon efforts to make it easier to use end-to-end encryption in Gmail.
Back in February 2017, Google announced that it would no longer work on the “End-to-End” email browser extension project that it started in 2014, and would instead turn over the project to the community as "E2EMail." As we explained at the time, this decision showcased Google's moves to back away from promises made after the Snowden revelations made people care about words like "privacy" and "encryption."
That stance almost certainly stems from the fact that Google and other companies need access to your data if they want to remain in business. Utilizing true end-to-end encryption on a mass scale would limit those companies' ability to collect data and sell ads. So instead of implementing the most secure tools by default, they introduce features like Facebook Messenger's "Secret Conversations" or Snapchat's "ephemeral" content.
Google is doing something similar with one of the features announced today. As the company explained in its blog post:
Today, we’re introducing a new approach to information protection: Gmail confidential mode. With confidential mode, it’s possible to protect sensitive content in your emails by creating expiration dates or revoking previously sent messages. Because you can require additional authentication via text message to view an email, it’s also possible to protect data even if a recipient’s email account has been hijacked while the message is active.
These changes, along with built-in Information Rights Management (IRM) controls that let you decide what someone can or can't do with your email, should help Gmail become a little more private. But it's not clear that these messages are truly secure--Google doesn't say they're end-to-end encrypted, which means the company might be able to read messages sent in "confidential mode" or store them after they're set to expire.
We reached out to Google for more information about how these new features work and will update this story if the company responds.
