Google flips the switch on SSL encryption for Gmail
Google announced Wednesday that it will start encrypting all its Gmail traffic when using a remote wireless server.
This comes within days of Google’s announcement that it might pull its offices from China after discovering concerted attempts to break into Gmail accounts of human rights activists.
Gmail users will now default to using HTTPS, the secure, encrypted method for communicating with a remote server. This is for the entire e-mail session, not just for log-in as was previously the case. Since 2008 this option has been officially available for Gmail users but Google hesitated at turning it on for all users because the encryption does slow down the service.
Gmail Engineering Director Sam Schillace wrote in the Gmail blog that “Over the last few months, we’ve been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do,”
When people were using fixed and trusted connections, such as home and work, this wasn’t as necessary but as Wi-Fi connections become more popular, hackers simply began using sniffing software to access people’s online activities.
Rest assured that the HTTPS does not encrypt your email messages, the e-mails sent to other people are transmitted as they have always been in plain text. It simply encrypts the communications it transit between Google’s servers and the user’s computer.
It was a coalition of privacy and security experts that called on Google publicly to make the change last June. They stated that Google was putting millions of people at risk by not using encryption as the default for their cloud computing services.
The HTTPS can be turned off in their account settings for users that really find it slows them down or that they just don’t need the added security/privacy. Just note that failing to use HTTPS increases your vulnerability to nasty hack attacks when using open or badly secured network, particularly a public Wi-Fi spot.