1. bookVolume 2022 (2022): Issue 1 (January 2022)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

User Perceptions of Gmail’s Confidential Mode

Published Online: 20 Nov 2021
Page range: 187 - 206
Received: 31 May 2021
Accepted: 16 Sep 2021
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Abstract

Gmail’s confidential mode enables a user to send confidential emails and control access to their content through setting an expiration time and passcode, pre-expiry access revocation, and prevention of email forwarding, downloading, and printing. This paper aims to understand user perceptions and motivations for using Gmail’s confidential mode (GCM). Our structured interviews with 19 Gmail users at UNC Charlotte show that users utilize this mode to share their private documents with recipients and perceive that this mode encrypts their emails and attachments. The most commonly used feature of this mode is the default time expiration of one week, and the least used feature is the pre-expiry access revocation. Our analysis suggests several design improvements.

Keywords

[1] Ruba Abu-Salma, M Angela Sasse, Joseph Bonneau, Anastasia Danilova, Alena Naiakshina, and Matthew Smith. Obstacles to the adoption of secure communication tools. In 2017 IEEE Symposium on Security and Privacy (SP), pages 137–153. IEEE, 2017. Search in Google Scholar

[2] Elham Al Qahtani, Yousra Javed, Heather Lipford, and Mohamed Shehab. Do women in conservative societies (not) follow smartphone security advice? a case study of saudi arabia and pakistan. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 150–159. IEEE, 2020. Search in Google Scholar

[3] Nora Alkaldi and Karen Renaud. Why do people adopt, or reject, smartphone password managers? 2016. Search in Google Scholar

[4] Wei Bai, Michael Pearson, Patrick Gage Kelley, and Michelle L Mazurek. Improving non-experts’ understanding of end-to-end encryption: An exploratory study. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 210–219. IEEE, 2020. Search in Google Scholar

[5] Joseph B Bayer, Nicole B Ellison, Sarita Y Schoenebeck, and Emily B Falk. Sharing the small moments: ephemeral social interaction on snapchat. Information, Communication & Society, 19(7):956–977, 2016. Search in Google Scholar

[6] Maya Cakmak and Leila Takayama. Teaching people how to teach robots: The effect of instructional materials and dialog design. In Proceedings of the 2014 ACM/IEEE international conference on Human-robot interaction, pages 431–438, 2014. Search in Google Scholar

[7] L Jean Camp. Mental models of privacy and security. IEEE Technology and society magazine, 28(3):37–46, 2009. Search in Google Scholar

[8] Kuan-Ju Chen and Hoi Ling Cheung. Unlocking the power of ephemeral content: The roles of motivations, gratification, need for closure, and engagement. Computers in Human Behavior, 97:67 – 74, 2019. Search in Google Scholar

[9] Karen Church and Rodrigo De Oliveira. What’s up with whatsapp? comparing mobile instant messaging behaviors with traditional sms. In Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services, pages 352–361, 2013. Search in Google Scholar

[10] National Research Council et al. Improving risk communication. 1989. Search in Google Scholar

[11] Emiliano De Cristofaro, Honglu Du, Julien Freudiger, and Greg Norcie. A comparative usability study of two-factor authentication. arXiv preprint arXiv:1309.5344, 2013. Search in Google Scholar

[12] Tech Desk. New whatsapp feature brings self-destructing messages: How it works. https://indianexpress.com/article/technology/social/whatsapp-self-destructing-message-available-how-to-use-6316569/, 2020. Last accessed 8 February 2021. Search in Google Scholar

[13] Serge Egelman and Eyal Peer. Scaling the security wall: Developing a security behavior intentions scale (sebis). In Proceedings of the 33rd annual ACM conference on human factors in computing systems, pages 2873–2882, 2015. Search in Google Scholar

[14] Rip Empson. Not-so-ephemeral messaging: New snapchat “hack” lets users save photos forever. https://techcrunch.com/2013/01/22/not-so-ephemeral-messaging-newsnapchat-hack-lets-users-save-photos-forever/, 2013. Last accessed 2 February 2021. Search in Google Scholar

[15] Michael Fagan and Mohammad Maifi Hasan Khan. Why do they do what they do?: A study of what motivates users to (not) follow computer security advice. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), pages 59–75, 2016. Search in Google Scholar

[16] Michael E Fagan. Design and code inspections to reduce errors in program development. IBM Systems Journal, 38(2.3):258–287, 1999. Search in Google Scholar

[17] Thomas Franke, Christiane Attig, and Daniel Wessel. A personal resource for technology interaction: development and validation of the affinity for technology interaction (ati) scale. International Journal of Human–Computer Interaction, 35(6):456–467, 2019. Search in Google Scholar

[18] Simson L Garfinkel and Robert C Miller. Johnny 2: a user test of key continuity management with s/mime and outlook express. In Proceedings of the 2005 symposium on Usable privacy and security, pages 13–24, 2005. Search in Google Scholar

[19] Shirley Gaw, Edward W Felten, and Patricia Fernandez-Kelly. Secrecy, flagging, and paranoia: adoption criteria in encrypted email. In Proceedings of the SIGCHI conference on human factors in computing systems, pages 591–600, 2006. Search in Google Scholar

[20] Gennie Gebhart and Cory Doctorow. Between you, me, and google: Problems with gmail’s “confidential mode”. https://www.eff.org/deeplinks/2018/07/between-you-meand-google-problems-gmails-confidential-mode, 2018. Last accessed 5 February 2021. Search in Google Scholar

[21] Google. Protect gmail messages with confidential mode. https://support.google.com/a/answer/7684332?hl=en. Last accessed 10 January 2021. Search in Google Scholar

[22] Google. Send & open confidential emails. https://support.google.com/mail/answer/7674059?hl=en&co=GENIE.Platform%3DAndroid&oco=1, 2018. Last accessed 10 January 2021. Search in Google Scholar

[23] Nancie Gunson, Diarmid Marshall, Hazel Morton, and Mervyn Jack. User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Computers & Security, 30(4):208–220, 2011. Search in Google Scholar

[24] Todd Haselton. How to send self-destructing messages in gmail. https://www.lifewire.com/send-self-destructing-messages-gmail-4691876, 2018. Last accessed 5 February 2021. Search in Google Scholar

[25] Ding-Long Huang, Pei-Luen Patrick Rau, and Gavriel Salvendy. A survey of factors influencing people’s perception of information security. In International Conference on Human-Computer Interaction, pages 906–915. Springer, 2007. Search in Google Scholar

[26] Christopher Kotfila. This message will self-destruct: The growing role of obscurity and self-destructing data in digital communication. Bulletin of the Association for Information Science and Technology, 40(2):12–16, 2014. Search in Google Scholar

[27] Katharina Krombholz, Karoline Busse, Katharina Pfeffer, Matthew Smith, and Emanuel von Zezschwitz. “ if httpswere secure, i wouldn’t need 2fa”-end user and administrator mental models of https. In 2019 IEEE Symposium on Security and Privacy (SP), pages 246–263. IEEE, 2019. Search in Google Scholar

[28] Philipp Markert, Florian Farke, and Markus Dürmuth. View the email to get hacked: Attacking sms-based two-factor authentication. WAY, 2019. Search in Google Scholar

[29] Agnieszka McPeak. Self-destruct apps: Spoliation by design. Akron L. Rev., 51:749, 2017. Search in Google Scholar

[30] M Granger Morgan, Baruch Fischhoff, Ann Bostrom, Cynthia J Atman, et al. Risk communication: A mental models approach. Cambridge University Press, 2002. Search in Google Scholar

[31] Radia Perlman. The ephemerizer: Making data disappear, 2005. Search in Google Scholar

[32] Xuan-Lam Pham, Thi-Huyen Nguyen, Wu-Yuin Hwang, and Gwo-Dong Chen. Effects of push notifications on learner engagement in a mobile learning app. In 2016 IEEE 16th International Conference on Advanced Learning Technologies (ICALT), pages 90–94. IEEE, 2016. Search in Google Scholar

[33] Andy Phan. 6 of the best email service providers in 2021. https://www.currentware.com/best-email-service-providers-2021/, 2021. Last accessed 19 February 2021. Search in Google Scholar

[34] Martin Pielot, Rodrigo De Oliveira, Haewoon Kwak, and Nuria Oliver. Didn’t you see my message? predicting attentiveness to mobile instant messages. In Proceedings of the SIGCHI conference on human factors in computing systems, pages 3319–3328, 2014. Search in Google Scholar

[35] Justin Pot. How the new confidential mode works in gmail. https://www.howtogeek.com/352025/how-thenew-confidential-mode-works-in-gmail/, 2018. Last accessed 10 January 2021. Search in Google Scholar

[36] Joel Reardon, David Basin, and Srdjan Capkun. Sok: Secure data deletion. In 2013 IEEE symposium on security and privacy, pages 301–315. IEEE, 2013. Search in Google Scholar

[37] Ken Reese, Trevor Smith, Jonathan Dutson, Jonathan Armknecht, Jacob Cameron, and Kent Seamons. A usability study of five two-factor authentication methods. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019), 2019. Search in Google Scholar

[38] Karen Renaud, Melanie Volkamer, and Arne Renkema-Padmos. Why doesn’t jane protect her privacy? In International Symposium on Privacy Enhancing Technologies Symposium, pages 244–262. Springer, 2014. Search in Google Scholar

[39] Franziska Roesner, Brian T Gill, and Tadayoshi Kohno. Sex, lies, or kittens? investigating the use of snapchat’s self-destructing messages. In International Conference on Financial Cryptography and Data Security, pages 64–76. Springer, 2014. Search in Google Scholar

[40] Bernd Rohrmann. Risk perception, risk attitude, risk communication, risk management: A conceptual appraisal. In 15th Internaional Emergency Management Society (TIEMS) Annual Conference, volume 2008, 2008. Search in Google Scholar

[41] Ira S Rubinstein. Regulating privacy by design. Berkeley Tech. LJ, 26:1409, 2011. Search in Google Scholar

[42] Scott Ruoti, Jeff Andersen, Scott Heidbrink, Mark O’Neill, Elham Vaziripour, Justin Wu, Daniel Zappala, and Kent Seamons. “ we’re on the same page” a usability study of secure email using pairs of novice users. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, pages 4298–4308, 2016. Search in Google Scholar

[43] Scott Ruoti, Jeff Andersen, Daniel Zappala, and Kent Seamons. Why johnny still, still can’t encrypt: Evaluating the usability of a modern pgp client. arXiv preprint arXiv:1510.08555, 2015. Search in Google Scholar

[44] Scott Ruoti, Nathan Kim, Ben Burgon, Timothy Van Der Horst, and Kent Seamons. Confused johnny: when automatic encryption leads to confusion and mistakes. In Proceedings of the Ninth Symposium on Usable Privacy and Security, pages 1–12, 2013. Search in Google Scholar

[45] Gavriel Salvendy. Human factors and Ergonomics. Lawrence Erlbaum Associates, 1999. Search in Google Scholar

[46] Steve Sheng, Levi Broderick, Colleen Alison Koranda, and Jeremy J Hyland. Why johnny still can’t encrypt: evaluating the usability of email encryption software. In Symposium On Usable Privacy and Security, pages 3–4. ACM, 2006. Search in Google Scholar

[47] Prabhishek Singh and Ramneet Singh Chadha. A survey of digital watermarking techniques, applications and attacks. International Journal of Engineering and Innovative Technology (IJEIT), 2(9):165–175, 2013. Search in Google Scholar

[48] Editorial Team. Enhanced control over files with document watermarking. https://www.virtru.com/blog/digital-watermarking/. Last accessed 28 August 2021. Search in Google Scholar

[49] Sonja Utz, Nicole Muscanell, and Cameran Khalid. Snapchat elicits more jealousy than facebook: A comparison of snapchat and facebook use. Cyberpsychology, Behavior, and Social Networking, 18(3):141–146, 2015. Search in Google Scholar

[50] Alexander JAM Van Deursen, Ellen J Helsper, and Rebecca Eynon. Development and validation of the internet skills scale (iss). Information, Communication & Society, 19(6):804–823, 2016. Search in Google Scholar

[51] Christof van Nimwegen and Kristi Bergman. Effects on cognition of the burn after reading principle in ephemeral media applications. Behaviour & Information Technology, 38(10):1060–1067, 2019. Search in Google Scholar

[52] Elham Vaziripour, Justin Wu, Mark O’Neill, Jordan White-head, Scott Heidbrink, Kent Seamons, and Daniel Zappala. Is that you, alice? a usability study of the authentication ceremony of secure messaging applications. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pages 29–47, 2017. Search in Google Scholar

[53] Virtru. The definitive guide to gmail encryption. https://www.virtru.com/blog/gmail-encryption/, 2019. Last accessed 26 May 2021. Search in Google Scholar

[54] Virtru. Demystifying gmail confidential mode. https://www.virtru.com/resource/demystifying-confidential-mode/, 2019. Last accessed 26 May 2021. Search in Google Scholar

[55] Ian Warren, Andrew Meads, Satish Srirama, Thiranjith Weerasinghe, and Carlos Paniagua. Push notification mechanisms for pervasive smartphone applications. IEEE Pervasive Computing, 13(2):61–71, 2014. Search in Google Scholar

[56] Rick Wash and Emilee Rader. Influencing mental models of security: a research agenda. In Proceedings of the 2011 New Security Paradigms Workshop, pages 57–66, 2011. Search in Google Scholar

[57] Jason Watson, Andrew Besmer, and Heather Richter Lip-ford. + your circles: sharing behavior on google+. In Proceedings of the eighth symposium on usable privacy and security, pages 1–9, 2012. Search in Google Scholar

[58] Alma Whitten and J Doug Tygar. Why johnny can’t encrypt: A usability evaluation of pgp 5.0. In USENIX Security Symposium, volume 348, pages 169–184, 1999. Search in Google Scholar

[59] Justin Wu and Daniel Zappala. When is a tree really a truck? exploring mental models of encryption. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), pages 395–409, 2018. Search in Google Scholar

[60] Zarul Fitri Zaaba and Teo Keng Boon. Examination on usability issues of security warning dialogs. Age, 18(25):26–35, 2015. Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo