Encryption may appear to be a topic left to hackers and tinfoil hat wearers best, but avoid being fooled: It is a critical section of contemporary life then one that’s very important to everyone, business users especially, to understand. And something of the accepted places where encryption is most relevant and misunderstood is in the realm of email.

If you are using Gmail for electronic communication – be it for business purposes, for personal use, or some mix of both – it’s really worth your while to learn the way the service does and doesn’t secure your details and what actions you can take to make sure you are getting the amount of privacy you need.

Prepared to dive in?

Gmail encryption: How Google protects most messages

Google’s standard approach to Gmail encryption is something called TLS, or Transport Layer Security. So long as the individual with whom you’re emailing can be utilizing a mail service that also supports TLS – which most major mail providers do – all messages you send through Gmail will undoubtedly be encrypted this way.

What that basically means is that it will likely be incredibly difficult for one to look at a note while it’s on the way from point A to point B. It doesn’t, however, guarantee that the message will stay private or available and then the intended recipient once it reaches the destination mail server. Google itself, for example, has the capacity to see messages connected with your account, that is what allows the business to scan your email for potential spam and phishing attacks – and to offer advanced functions like Smart Reply, which implies responses predicated on an email’s contents.

(Google used to scan messages for ad targeting, too, nonetheless it stopped doing that in 2017. And when you’d rather not need those smart suggestion features in the picture, by the real way, it is possible to always turn them off in your account – though that wont have any direct influence on the Gmail encryption approach or when and how that extra layer of security is applied.)

If the individual with whom you’re corresponding is utilizing a mail server that doesn’t support TLS, meanwhile, messages will not be encrypted at all. With paid Google Workspace accounts, administrators can choose to allow only messages with TLS encryption to be sent or received – though that’d include its own group of undesirable consequences, as you can imagine, with regards to having your outgoing messages bounce or having certain incoming messages never achieve your inbox.

Gmail encryption: A next-level option

Beyond that basic type of encryption, Gmail supports a sophisticated standard referred to as S/MIME – or Secure/Multipurpose Internet Mail Extensions (gesundheit!). It’s available only for paid Google Workspace Suite accounts, so if you are utilizing a regular free Gmail account, it generally does not apply to you.

For folks with enterprise-level Workspace setups, though, S/MIME (which might or may not have already been invented by way of a mime) allows emails to be encrypted with user-specific keys in order that they remain protected during delivery and will be decrypted only by the intended recipient.

Like TLS, S/MIME works only if both the sender and recipient are using a ongoing service that supports it – and, within an extra layer of complication, only when both ongoing parties have exchanged keys beforehand so the encryption could be properly configured. Like TLS, in addition, it doesn’t do anything to help keep a note secured once it’s reached its actual destination server (therefore again, within Gmail, Google itself can scan messages in its usual automated way).

Lastly, S/MIME must be enabled by way of a Workspace admin before it’ll work.

Gmail encryption: End-to-end encryption

Google’s been discussing adding end-to-end encryption into Gmail since 2014, but all that talk hasn’t amounted to much up to now (and may never, in accordance with some analyses). The only path to get that degree of protection in Gmail at this time is to depend on a third-party service such as for example FlowCrypt, that is available as a Chrome or Firefox extension on the desktop and in addition as its standalone mail client for Android. (An iOS app can be obtainable in a pre-release testing form.)

FlowCrypt adds a particular “Encrypt and Send” button into your inbox interface, that allows one to send encrypted messages utilizing the PGP (VERY GOOD Privacy – yes, that’s actually what it’s called) standard. Your recipient have to have FlowCrypt or another PGP system setup and will should also have your individual PGP type in order to decrypt and view your messages. Alternatively, you should use the app or extension to encrypt a note with a password, which you’d then need to provide to the recipient for some reason.

So, yeah: It is not exactly simple, and the third-party add-on implementation isn’t entirely ideal. Nonetheless it will get the working job done. And it’s really free – to a qualification: If you wish to unlock the service’s full group of features and remove most of its restrictions, you need to pony up $5 a month for reduced subscription. Company plans are also available, with rates varying in line with the final number of users involved.

Wait, think about Gmail’s Confidential Mode?

Yeah, don’t put much stock into that. Confidential Mode is really a feature Google added into Gmail within its 2018 revamp of the service. The essential idea is that it enables you to prevent someone from forwarding, copying, printing, and downloading whatever you send ’em and -, if you want, it enables you to set an expiration date and your message shall no more be accessible. You can develop a passcode also, delivered via text or email message, that’s required to be able to open the message.

That sounds nice at first glance enough, however the problem is that it generally does not do a heck of a whole lot with regards to actual security. Messages still aren’t encrypted in virtually any end-to-end manner, meaning Google along with other mail services have the ability to view and store them still. The “no forwarding, copying, printing, and downloading” bit doesn’t mean much, either, since anyone can still have a screenshot of a note if they are so inclined. (Google has said the feature is less about this level of security and much more about simply discouraging folks from accidentally sharing sensitive info where they shouldn’t.)

The same pertains to the message expiration dates – as does the truth that an “expired” message continues to exist is likely to Gmail Sent folder. Overall, Confidential Mode gets the potential to be ideal for what it is, nonetheless it doesn’t involve encryption or any kind of meaningful, higher-level privacy. Actually, the Electronic Frontier Foundation went as far as to state the mode could create a false sense of security and discourage users from finding much more serious solutions.

So how many other options there are?

If native end-to-end encryption and optimum degree of privacy is what you’re after, your very best bet would be to look beyond Gmail and toward a standalone email app called ProtonMail. ProtonMail is one of the best privacy and security apps on Android – and once and for all reason: It creates privacy a high priority with techniques no type of standard Gmail encryption can match.

First, ProtonMail uses an open-source approach to end-to-end encryption that ensures no-one away from intended recipient – not the people at ProtonMail – can ever see your messages. Beyond that, the app doesn’t need you to provide any private information to utilize it, and the business maintains no records of IP addresses or other things which could associate your identity together with your account. Its servers may also be hosted in Switzerland – in a “bunker 1000 meters beneath the Swiss alps,” believe it or not – which has its apparent set of security benefits.

So here’s how it operates: When you subscribe, ProtonMail offers you a custom email at its domain. After that you can use that address to send secure messages within the ProtonMail Android app, iOS app, or web interface. Once you email another person with a ProtonMail address, encryption is automatic. In the event that you email somebody who isn’t using ProtonMail, it is possible to elect to send the message unencrypted – exactly like any regular ol’ email – or it is possible to click a button to make a password and a hint that the recipient will require to be able to decrypt and read your message.

ProtonMail is free at its most elementary level, gives you an individual ProtonMail address, 500MB of storage, each day or more to 150 messages. You may get more storage, per day more messages, and access to advanced functions – such as for example email filters, an auto-responder system, and support for custom domains – starting at $48 a year.

It is not technically Gmail encryption, needless to say, nevertheless, you can import your Gmail messages or create Gmail to forward to ProtonMail – or simply use ProtonMail as a supplement to Gmail for the days if you want the strongest possible degree of protection. When privacy is really a priority and you also don’t desire to take a chance, it’s an excellent substitute for have.

Sign up for my weekly newsletter to obtain additional practical tips, personal recommendations, and plain-English perspective on the news headlines that matters.