Did you know you can customize Google to filter out garbage? Take these steps for better search results, including adding my work at Lifehacker as a preferred source.
Google doesn’t have the best track record when it comes to user privacy, but every once in a while, they do something surprising. Back in April, the company began testing end-to-end encrypted email messaging for enterprise users. On Thursday, it officially rolled out the feature. If you have a Google Workspace through work, you should now be able to send emails protected by E2EE, even if you’re sending the email outside of Gmail. That should make it possible to send emails that only you, the recipient, and the IT department that manages your account can access.
E2EE is essential for anyone who wants to ensure that their communications are totally private. To simplify a complex technology, encrypting something like an email essentially means scrambling all of the code into something completely unrecognizable. In order to unscramble it, you need a “key.” In the case of Gmail’s E2EE, you have a key, the recipient has a key, and whoever manages your Google Workspace account has a key. The keys to decrypt these emails aren’t saved on Google’s servers, so even Google should have no way to access your encrypted emails. You can send things like sensitive company information or medical information protected by HIPAA without worrying about prying eyes intercepting the message.
The only bummer here is that E2EE in Gmail is restricted to business accounts at this time. That said, there is a way to send more secure messages over a standard Gmail account—just don’t expect E2EE-level protections.
E2EE for enterprise Gmail users
Credit: Google
In order to send E2EE emails through your enterprise Gmail account, you need to ensure your Workspace admin turns it on. Once they do, you’ll need to tell Gmail you want to send your email with E2EE. To do so, open Gmail, and choose “Compose” to start a new email. Choose “Message security,” then, under “Additional encryption,” choose “Turn on.” From here, you can compose your message as you normally would, adding your recipients to the list.
If your recipient is another Google Workspace user, the message will automatically be decrypted when it reaches their inbox. If they aren’t a Gmail user, they won’t be able to decrypt the email in their client. Instead, they’ll receive a link that opens a “restricted” version of Gmail. Once they sign in, the message will decrypt, and they’ll be able to read and respond to it from this restricted window. Note that IT departments can choose to have all E2EE messages open in restricted Gmail windows, even if the recipients are Google Workspace users.
Use confidential mode to send “secure” messages for free
If you don’t have an enterprise account, there really isn’t any way to send E2EE emails through Gmail. For that, you’d need a dedicated encrypted email service, like Proton. However, you can add an extra layer of security to your messages before you send them out.
The Download Newsletter
Never miss a tech story
Jake Peterson
Senior tech editor
Get the latest tech news, reviews, and advice from Jake and the team.
The Download Newsletter
Never miss a tech story. Get the latest tech news, reviews, and advice from Jake and the team.
