Google (finally) enables default "https" access for GMail
Summary: A day after confirming a major security breach by Chinese hackers looking for GMail account information, Google has turned on default "https:" access for its popular Web mail service.
A day after confirming a major security breach by Chinese hackers looking for GMail account information, Google has turned on default "https:" access for its popular Web mail service.
Google had previously added the option for GMail users to "always use https" back in July 2008 but it was turned off by default.
Last June, a group of researchers and academics released an open-letter calling on Google protect users' communications from theft and snooping by enabling industry standard transport encryption technology (HTTPS) for Google Mail, Docs, and Calendar.
Now comes word that this is indeed happening:
We are currently rolling out default https for everyone. If you've previously set your own https preference from Gmail Settings, nothing will change for your account. If you trust the security of your network and don't want default https turned on for performance reasons, you can turn it off at any time by choosing "Don't always use https" from the Settings menu. Gmail will still always encrypt the login page to protect your password. Google Apps users whose admins have not already defaulted their entire domains to https will have the same option.
This Google page offers additional guidance on keeping your data secure.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
unlike M$ Google cares about security
Well, Google just proved you wrong
Huh?
Hotmail
No, he's not
Sad but apparently true
How is this an improvement?
know what it was, you obviously had nothing of
value to hide anyways.
unlike M$ Google cares about security
Does anyone really think these compainies care about our information? They only care what we think about them! That's what leads to revenue and bloated stock!
Why don't you ask..
and non-admin accounts the default, despite the
fact that their own followers keep claiming these
things can make up for some of the huge security
failings in Windows and IE..
At least Google is actually making some progress.
Not going [i]backwards[/i] in security (like MS <a href=http://google.com/search?q=7+UAC+injection>did with Windows 7</a>)
Sad to Say
So...
I suppose Google is also responsible for the behavior of every single government in every single country on this planet as well while they're at it? Or perhaps the powers that be in Google ought to be sent to prison because some idiot used Google search to find out ways to make a pipe bomb which they used to blow somebody up?
Sure the above paragraph sounds absolutely ridiculous but so does these comments blaming Google for the trouble in China or anywhere else for that matter. You notice that no one said a damn thing [i]before[/i] Google announced this? No one was banging their drum and shouting then were they?
Gmail has no security and privacy!
doh!
And standard security protocols normally used (ie, HTTPS - the little 'padlock') are pretty standard so the usual groups interested in this sort of thing (ie, NSA, CIA, KGB, etc.) can monitor if they're really motivated.
Finally, if one really needs to exchange ?ber-secret information, like those love notes to M at MI6, one needs to utilize a third-party encryption tool at both ends of the communications chain.
Personally I wouldn't worry, whitenight2010, I doubt any of the parties named in or about this article are interested in your communications. They never seem too interested in my ramblings either. :-))
You can have security between server and client but...
All HTTPS (and browser sessions enabled with SSL) does is encrypt the transmission of data between the two edge points. Certainly this makes it difficult to decode what's inside the packets between those two points.
But all a user is really doing is encrypting and downloading whatever the user is accessing. If it's an nasty and infected Adobe PDF file, you are still going to get a nasty surprise with unpatched client.
As for Google's policies and protection of your Data on its servers, that's a different equation and set of problems.
The equation is simple;
or disappear. This applies to all companies in the
U.S.; the only way Google could get around it
would be to go to another country.
You do know..
as well, right? If a company is based in the U.S.,
and the U.S. government demand access to your
personal info, they have no choice but to obey.
It's called freedom to use force against civilians
based on a hunch. If you don't like it go to
another country. It's not Google's or any other
web mail provider's fault.
Guess you do not use email ????
What do you mean "how does he think"?
that everything is perfectly safe as long as it
has a little sticker on it that says Microsoft.
That the mail just magically appears there, and
that Google is inferior for not having magic
technology.
Shouldn't Google have ALREADY
It's just another way to prevent idiots from hacking into your computer or seeing what you are doing.
Google has supported https for GMAIL...
put this url into the browser https://mail.google.com.