Is Gmail encrypted?
Google automatically encrypts your emails in transit with Transport Layer Security (TLS) encryption standard. TLS is better than not using any encryption at all, but you should still take Gmail encryption with a pinch of salt:
- TLS encryption only works if the receiver has TLS encryption too. If they don’t, you are sending an unencrypted email.
- TLS encryption isn’t very strong. Your message might still pass through a hacked or a third party server. Whoever is sitting behind that server might be able to decipher and read your messages.
- TLS isn’t end-to-end encryption. This means that hackers can capture your email once it reaches the destination mail server.
- TLS doesn’t encrypt your message, which allows Google’s bots to crawl through your emails, read them, use the information found in them to create your user profile and share your information with third parties.
Every message in Gmail indicates whether it is encrypted or not. However, this doesn’t mean that your emails are only accessible to you and the recipient.
Gmail can view your messages and filter the ones that contain malware, phishing, or look suspicious. Even encrypted with TLS, your sensitive information can be stolen.
TLS is definitely better than no encryption, but if you’re looking for the ultimate security level, it’s not enough.
Can Google read my emails?
Not directly: Google’s employees don’t have access to your emails and can’t read them. However, Google’s bots scan your emails to collect more information about you. They use this data to show you relevant content later in ads, YouTube suggestions, search results, etc. You can turn ad personalization off in Ad Settings. It won’t stop Google’s bots from scanning your emails, but things you discuss in private emails won’t show up in ads when you go online.
How to encrypt Gmail
There are ways to give your Gmail an extra layer of encryption. You can do this by either getting a paid G Suite account and encrypting your emails with S/MIME encryption or using a third-party plugin and encrypting your emails manually. Let’s delve into them in more detail.
Google’s S/MIME encryption
Google offers paid G Suite Enterprise and G Suite Education accounts enhanced S/MIME encryption. With S/MIME, you can encrypt your messages with user-specific keys that you will then need to share with the intended recipient. Otherwise, they will not be able to decrypt the message. With this add-on, you will also be able to see the level of encryption your message will have. Just look for a lock icon next to your recipient’s name. (Green means that your message will support S/MIME encryption; Gray – TLS encryption; red – unencrypted.)
Even though it’s more secure than TLS, it still presents many vulnerabilities as the receiver also needs to use S/MIME, your message can again be hacked once it gets to the destination server, and Google still can scan your emails. It also creates an extra step you need to complete before sending an email, which might be frustrating for those who send hundreds of emails a day. The encryption isn’t set up by default so you’ll have to ask G Suite admins to do this for you.
Flowcrypt works as a desktop Firefox or Chrome extension and adds a ‘Secure Compose’ button to your Gmail’s interface. It encrypts your messages with industry-standard Pretty Good Privacy (PGP) encryption. Your recipient can use any email service provider as long as it supports PGP, but you will still need to share your private key for them to decrypt the message. Alternatively, you can set a password, but you will still need to share it with the recipient.
SecureMail is another plugin that works similarly to Flowcrypt but was developed for Google Chrome users only. Once installed, you should see a lock icon next to Gmail’s ‘Compose’ button. Make sure to click on that icon before composing an email or you will send your sensitive information unencrypted.
With SecureMail, you’ll need to set up a password and a password hint for the receiver to decrypt your message. These should be shared with your recipient through other communication channels. The receiver will also need to be a SecureMail user to decrypt your message.
This is another Chrome extension that offers PGP encryption, but this one might require more technical knowledge to set up.
If you used PGP encryption before and already have your public and private keys, you can import them straight into Mailvelope. If not, you’ll have to generate new ones. For the encryption to work, you will need to share your public key with the recipient as well as import recipients’ public keys to Mailvelope’s keyring, too. You can share your public key with others by uploading it on a public key server like the PGP Global Directory or the MIT Key Server.
Once this is set up, you can start composing your encrypted messages. Mailvelope will create a button next to the Gmail ‘Compose’ button. Once you click on it, a new window will pop up. Compose your message and then click ‘encrypt.’ Choose the recipient and transfer the encrypted text into Gmail. Mailvelope provides you with end-to-end encryption meaning that no one snooping on your traffic, not even Google, will be able to read your messages.
How to send truly secure emails
Unfortunately, none of the options discussed above provide a perfect solution if you care about your privacy. TLS and S/MIME encryption standards do not guarantee 100% security. Third-party plugins aren’t user-friendly, add extra steps to the emailing process, and don’t encrypt emails composed on a mobile device.
To send truly secure emails, you should look for a privacy-oriented email provider that:
- Has end-to-end encryption, meaning that your message will be encrypted the moment you compose it and can only be decrypted by the intended recipient. (Google promised to implement end-to-end encryption back in 2014. But since then the project has not been developed);
- Keeps your messages encrypted even if you send it to someone who uses a different email service provider;
- Has a zero-knowledge policy so that even their employees can’t see your encryption keys;
- Encrypts not just your message but your attachments too;
- Offers ‘burner email accounts’ for complete anonymity.
There are plenty of Gmail alternatives worth checking out, too.
Want to read more like this?
Get the latest news and tips from NordVPN.