Gmail goes HTTPS by default

15 Jan 2010

You may remember back in June last year an open letter from 37 academics in the fields of security and computer science was sent to Google CEO Eric Schmidt, urging him to consider default encryption for Gmail.

Google said it would consider this and obviously took it on board because now the default setting for Gmail is HTTPS (secure hypertext transfer protocol).

In the past, Google, like other webmail providers, had not thought this necessary. In fact, the blog response to this open letter from Google’s software engineer for Security and Privacy Teams, Alma Whitten, said: “Free, always-on HTTPS is pretty unusual in the email business, particularly for a free email service”.

He then went on to say that Google sees it as “another way to make the web safer and more useful. It’s something we’d like to see all major webmail services provide.”

And here it is – in Gmail settings, users can access Browser Connection and have the option of choosing ‘Don’t use https’ or ‘Always use https’ according to their wishes.

The reasoning: “If you sign in to Gmail via a non-secure internet connection, like a public wireless or non-encrypted network, your Google account may be more vulnerable to hijacking.

“Non-secure networks make it easier for someone to impersonate you and gain full access to your Google account, including any sensitive data it may contain, like bank statements or online log-in credentials,” said Google.

By Marie Boran