Google promises always-on encrypted HTTPS connection for Gmail

Google promises always-on encrypted HTTPS connection for Gmail

Summary: Gmail was also said to have been available 99.978 percent of the time during 2013, which averages to less than two hours of disruption per user throughout the entire year.


Encryption is the word of the week.

Google has made a new pledge to its users worldwide in an effort to reassure them that the Internet giant has their security and privacy concerns at the top of the agenda.

Starting today, Gmail will always use an encrypted HTTP Secure (HTTPS) connection when users check or send emails.

This latest security feature for the popular email service follows up a similar move in 2010 when Google made HTTPS the default connection option.

Nicolas Lidzborski, who leads the Gmail security engineering team, explained in a blog post on Thursday that this move means "no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you're using public WiFi or logging in from your computer, phone or tablet."

Translation: the NSA shouldn't be able to "listen in" or read one's private digital correspondence -- at least on Google's servers, which were cited to be one of the secret pipelines for the NSA's previously-secret, now-controversial PRISM data mining program.

Google, among other tech giants noted as sources for the scheme, have repeatedly denied compliance while also lambasting the federal government for these actions.

But Lidzborski didn't hint further at any of this, focusing on Gmail's performance instead.

In addition, every single email message you send or receive—100% of them—is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers—something we made a top priority after last summer’s revelations.

He added that Gmail was available 99.978 percent of the time during 2013, which averages to less than two hours of disruption per user throughout the entire year.

Yet Gmail's 2014 didn't get off to the best start, with a widely-reported (at least on Twitter) outage in January, which affected users around the globe for more than an hour.

As demonstrated by the Google Talk and Sheets outage earlier this week, the Mountain View, Calif.-based company usually doesn't comment as to the cause behind these downtimes, instead referring users to the Google Apps Status Dashboard for further updates.

Topics: Security, Data Management, Google, Privacy, Google Apps

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Yeah...right...

    They scan, read and catalogue your email... nothing more needs to be said.
    • You think

      another human being is in the slightest bit interested in any of your email?
      That would imply someone cares about your utterances.......
    • Interesting line from the Outlook Privacy Policy

      "We may access information about you, including the content of your communications..."
  • And all us dumb americans are supposed to believe NSA can't break HTTPS?

    • Depends...

      Depends on the size of the encryption key.

      The NSA themselves apparently use 384-bit prime modulus elliptic curve cryptography for top secret information. If they didn't believe that was secure, I doubt they'd be using it. Much of that same technology is available for anyone to use, although I'm not sure whether the specific cryptographic algorithm used by the NSA is available in the TLS protocol.
    • How about you do the math?

      How about you do the math and come back with the answer to your own question?
  • That won't stop Google spying

    I trust Google less than the Obama administration.
  • Low Hanging Fruit

    Of course, you realize, if you email your Aunt Kathy (or the majority of people, actually), and she's using an email service that doesn't provide encryption, your email will still be traveling unencrypted from her email provider to her. Or there could be dozens of hops between servers in the middle where the data is unencrypted.

    The only remedy is to use end-to-end encryption, such as S/MIME or Pretty Good Privacy (PGP) or its open-source equivalent, GPG (GNU Privacy Guard), or some other encryption scheme on your own. Of course, this takes STUDY and WORK, and 99.9% of people can't be bothered to sit and read up on Public Key Cryptography for a few hours when American Idol is on.

    Of course, NSA is probably the least of your worries. Hackers, Identity Thieves, and even your ISP are doing what they can to spy on you as well!

    A little bit of work on your part can make you part of the "non-low-hanging fruit". Remember the two men in the woods, when a bear shows up... one takes off his boots and puts on a pair of sneakers. The other says, "You can't outrun that bear!" He replies, "I don't HAVE to outrun the bear... I just have to OUTRUN YOU!!!"
  • They weren't doing this before?

    So first of all let's get this straight, they weren't doing this before?

    On the privacy thing, this always makes me laugh. You get something for free and you expect that's it? Of course they scan your emails and sell demographic data while providing advertising based on the contents. That's not someone reading your email, that's a computer analyising them for information that can help them target advertising to you. There's no such thing as a free lunch. If you're concerned about privacy then campaign for a paid opt out but don't expect anyone to give you something for nothing. Would you give something for free? Perhaps you'd let someone stay rent free in your spare room or drive them around for free? Let's get real.