ProtonMail criticizes Gmail's confidential mode for being neither secure nor private
Privacy-focused ProtonMail has lashed out at Google, saying the "confidential mode" available in Gmail is "misleading" and "little more than a marketing strategy". It says that people "don't need to settle for fake privacy"
Pointing out that Gmail's confidential mode lack end-to-end encryption, ProtonMail says that the email service is "not secure or private". The company says that Gmail can still read your emails, and that expiring emails are not as secure as Google would have users believe.
- There will be no more tablets from Google
- Google confirms that second-hand Nest Cams could have been used to spy on people
- Google is bringing RCS messaging to users directly instead of waiting for carriers
While Google is criticized for using Gmail's confidential mode as a marketing strategy, very much the same allegation could be levelled at ProtonMail which is using its diatribe to encourage people to use its own email service. But that's not to say it doesn't have a series of valid points to make.
The company says that even though confidential mode is more than a year old, there is still confusion about what it is, and what to expect from it. What users should not expect, however, is security or privacy.
In a blog post, ProtonMail says:
Is it actually secure or private? Is it encrypted? When you turn it on, does it prevent Google from reading your messages? The answer to these questions is 'no'. In fact, the decision to call it "confidential suggests a level of security and privacy that doesn’t exist in Gmail confidential mode.
Gmail's confidential mode does not mean your messages are end-to-end encrypted. Google can still read them. Expiring messages aren't erased for good, and the recipient can always take a screenshot of your message.
Going on to point out some of the problems it sees with confidential mode, ProtonMail says:
Gmail's confidential mode does not make emails private because Google can always read them. When you send an email with confidential mode turned on, Google keeps the email contents on its servers. Other Gmail users can read the email in their inbox, but outside users only receive an email notifying them that a sender "has sent you an email via Gmail confidential mode" along with a link to a page on google.com.
Once the email expires, it is no longer accessible to the recipient. But the message remains in the sender's sent folder, which Google can also read. This is not an expiring email. It can still be accessed by Google and potentially exposed to governments or hackers
The company also points that "if you choose to set a passcode for your recipient, you must turn over their private phone number to Google".
Google is criticized for giving users a false sense of security:
The other supposed security benefit of confidential mode is the inability of the recipient to forward, copy, download, or print the email. "This helps reduce the risk of confidential information being accidentally shared with the wrong people", Google says. While it's true this may reduce the risk of accidental data exposure, it is not real security. The recipient can simply take a screenshot of the email.
Clearly ProtonMail is trying to recruit new users, but the highlighting of Google's inflated claims about Gmail's confidential mode is a welcome catalyst to important conversations about security and privacy.