You Can Now Send End-to-End Encrypted Emails From Your Business Gmail Account.
Did you know you can configure Google to filter out junk? Follow these steps to improve your search results, including adding my work on Lifehacker as a preferred source .
Google doesn’t have the best reputation for user privacy, but every now and then they do something surprising. In April, the company began testing end-to-end email encryption for business users. On Thursday, the feature was officially launched . If you have a Google Workspace work account, you can now send emails protected by end-to-end encryption, even if you send them outside of Gmail. This allows you to send emails that only you, the recipient, and the IT department managing your account can access.
E2EE encryption is critical for those who want to ensure the complete privacy of their messages. Simplifying a complex technology like email encryption essentially means transforming the entire code into something completely unrecognizable. To decrypt it, you need a “key.” In the case of Gmail’s E2EE encryption, the key is shared by you, the recipient, and whoever manages your Google Workspace account. The keys to decrypt these messages are not stored on Google’s servers, so even Google shouldn’t have access to your encrypted messages. You can send, for example, sensitive corporate or medical information protected by HIPAA without worrying about the message being intercepted.
The only downside is that end-to-end encryption (E2EE) in Gmail is currently only available for business accounts. However, there is a way to send more secure messages through a standard Gmail account, but don’t expect E2EE-level protection.
E2EE for Gmail Enterprise Users
To send emails through your corporate Gmail account, make sure your Workspace administrator has enabled this feature. You’ll then need to tell Gmail that you want to send emails via E2EE. To do this, open Gmail and click “Compose” to create a new email. Select “Message Security,” then click “Enable” under “Advanced Encryption.” You can then compose your message as usual, adding recipients to the list.
If the recipient is another Google Workspace user, the message will be automatically decrypted when it arrives in their inbox. If the recipient is not a Gmail user, they will not be able to decrypt the message in their client. Instead, they will receive a link that opens a “limited” version of Gmail. After signing in, the message will be decrypted, and the recipient will be able to read and reply to it in this limited window. Please note that IT departments can open all E2EE messages in limited Gmail windows, even if the recipient is a Google Workspace user.
Use confidential mode to send “secure” messages for free.
If you don’t have a business account, sending emails end-to-end through Gmail is virtually impossible. To do this, you’ll need a dedicated encrypted service, such as Proton . However, you can add an extra layer of security to your messages before sending.
To do this, create a new message in Gmail and select “Confidential Mode” from the list of available options. This mode prevents recipients from forwarding, copying, printing, or downloading the message. You can also choose the message expiration date—one day, one week, one month, three months, or five years—and password-protect the message. In the latter case, Gmail will automatically generate a password and send it to recipients via SMS.
These additional security measures are certainly useful when sending sensitive information via Gmail, but they are not perfect. Again, it is not end-to-end encrypted, meaning messages sent this way can be intercepted and read. From a practical standpoint, nothing prevents users from taking photos of messages using another device, although the same can be said for end-to-end messages.
If you don’t have a corporate account, I wouldn’t recommend sending anything too important through Gmail right now. It’s better to use a dedicated E2EE platform, such as Signal, WhatsApp, or iMessage.