Republished on May 26 with a new report into Gmail’s user privacy decisions.
Google’s 2 billion Gmail users have a critical decision to make. But so does Google. And the tech giant’s might be the more critical. Gmail’s latest upgrade gives Gemini free reign over all your past emails and even your stored files. If you let it. That’s the decision you need to make. As for Google, it’s sitting on a critical decision of a different kind.
“Gmail is getting personalized smart replies that incorporate your context and tone,” Google confirmed last week. “Draft replies will sound authentically like you and match your typical tone, as the responses are created from past emails and Drive files.”
But as I’ve already warned, “we are still at the early stages of these changes, and we have no clue yet as to the privacy and security risks.” There is also an awkward disconnect: Gmail’s recent encryption upgrade clashes with its AI upgrades.
What Gmail users really need is Google’s ode to Apple’s HideMyEmail. which “is a service that lets you keep your personal email address private, whether you’re creating a new account with an app, signing up for a newsletter online, making a purchase with Apple Pay or sending an email to someone you don’t know well.”
For iPhone users, it has been described as “the best Apple product you aren’t using.” Spam is out of control despite AI hunting and filtering, the problem remains. But there’s a more important reason for this email address shielding.
Per How-To-Geek this weekend, “I seem to get emails almost every week informing me that one of my online accounts has been part of a data breach… That’s why using a service such as Apple’s Hide My Email is more important than ever.”
That’s fine for iPhone and Apple Mail, but what about Android and Gmail? There is a solution. First revealed last November, Android’s Shielded Email feature does the same as HideMyEmail. In late February, Android Authority revealed details of the new feature following a Play Services APK teardown.
Shielded Emails “will be part of Google’s Autofill system. Just think of all the apps or screens where Google pops up with its suggested autofill details based on your saved passwords and usernames; all of these should be the new home for Shielded Email.”
When the team “tried to sign up for Amazon,” they saw that “Gboard’s smart autofill bar not only suggested the usual email address it knows we usually use but also a new Use Shielded Email option.” It’s not yet live and so didn’t work. It will require email server-side integration if some kind. But it’s clearly in late-stage development.
With headlines still circulating after vpnMentor’s Jeremy Fowler discovered a data breach exposing “184 million logins and passwords,” the need for Shielded Email that’s actually used — and HideMyEmail that’s actually used — has never been greater. “I saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorization for the accounts.” This included “bank and financial accounts, health platforms, and government portals from numerous countries.”
Masking email addresses makes it more difficult for attackers to cross-reference your data and passwords and to socially engineer attacks in your name. It lets you turn off compromised email addresses. In tandem with strong, unique passwords and two-factor authentication (2FA), or ideally passkeys, it shuts doors into your life now wide open.
One of the most critical weaknesses in email is your address acting as the primary identifier for so many accounts. If this is masked you likely cannot be tracked across sites. But if you’re not using it, none of that matters. So while Google must decide on its release, when it comes you should use new addresses for all new platforms you use.
With perfect timing, coming just after Google’s new Gmail AI announcements, Android Authority provides a different perspective, with a “Survey [that] shows Gmail users would gladly sacrifice features for more privacy… Privacy seems to become a bigger deal every year as an increasing number of people aren’t cool with their data becoming a commodity. Proton Mail purports to offer more privacy than Gmail — unlike Google, even the Proton team can’t take a look at your inbox. As such, privacy-conscious users should want to flock to Proton Mail, right?” To find out, they polled their readers.
The results are interesting. “Around 73% of you said you would use Proton Mail instead of Gmail, with more than half of those people saying that they’d even pay for it. Less than 27% of you said you were happy with Gmail.” I suspect this would be very different across a larger base, but it does highlight the current Gmail tension that was brought to the fore by Google announcing Gemini can now access all your past emails and even Google Drive to better mimic your style and tone.” In the privacy world, that’s definitely what you mighty call a mic drop moment.
As PC Mag warned “I gave Gemini access to my Gmail, and it weirds me out.” And while this focuses on unexpected results, “Google collects a variety of information when you use Gemini, which includes your entire chat history. The company uses this information to improve its products and train its large language models. However, Google doesn’t use Gemini data from Google Workspace apps, like Gmail, for training, ad targeting, or selling. I appreciate the guarantee, but I don’t fully trust Google.”
All of this simply reflects email’s identity crisis. How does it better ape secure messaging platforms while remaining an open standard? Can it secure content while acting as a shop window for cloud-based AI innovations? And will the imminent tidal wave of AI-fueled phishing and malware attacks ever be kept at bay?
Email does need a rethink. But in the meantime your account needs a rethink as well. Use the new Shielded Email feature but also give some thought to the longevity and consequent vulnerability of the email address you use today. It might be time to open a new account and slowly shift from old to new, leaving the baggage behind.