Gmail

Initiatives were 'made a top priority after last summer's revelations'

Google has steadily improved the overall security of several of its apps and services, and the latest move is moving to HTTPS and encryption across all of Gmail. Starting today, every single time you send or check your Gmail, the transfer will be made over a secure HTTPS connection. That means that the communication between the device you're using and Google's servers is secure, and nobody will be listening in along the way. Google made this option the default back in 2010, but now there will be no option to browse insecurely when it comes to Gmail.

Further, Google will now encrypt any and all Gmail messages when they're moving between Google servers. That means when you send or receive email with another person using Gmail, your communication will also be completely encrypted. This is something Google says it "made a top priority after last summer’s revelations."

Of course Google can't do a whole lot about email that is sent to email addresses with services other than Google (that's up to you to handle), but it's great to see it doing everything it can for what it can control.

Source: Official Google Blog

 

Reader comments

All Gmail will now use HTTPS, messages will be encrypted when moving inside Google

24 Comments

I'm trying to think how people will spin this story negative. I'm coming up empty. Clearly, it's just a failure of imagination.

Well, that would be an indirect ancillary attack on this particular subject matter. It's to be expected with any similar article.

I was more speculating regarding the oddball user who might have some bizarre reason for wanting an unencrypted connection to Gmail due to some esoteric or antiquated purpose.

"Handing data over" might be a bit of a stretch, short of complying with FISA orders. Those, at least, I can't blame Google (or any other tech company for) since they literally have no choice.

Rather than getting mad at the tech companies for being brow beaten with court orders to surrender data, why aren't we more angry about these "secret courts" themselves?

Sounds good.... Now if Google would just add HTML type editing (Bold, Font color and/or highlighting, Underline, Italics, etc..) a lot of people would be happy :-)

Edit: Happier, not happy :-)

The Encryption will be designed to make it harder for any future Snowdens in the government to leak any more NSA data activities to the public so easily.

Winner Winner Chicken Dinner!

You obviously have no clue on how transport-layer encryption works but I salute you anyway. You found a way to spin it negative.

From the article: "Google made this option the default back in 2010, but now there will be no option to browse insecurely when it comes to Gmail." RIF.

Won't do a thing to stop the NSA, warrantless disclosures, disclosures with warrants, or Google from doing whatever they want to with your information, internally.

It will help with snooping by other entities (like man-in-the-middle employers or rogue access points and such), which is good. If you really care about security of Email, it really requires content strong encryption, and there is really no easy/standard/transparent way to do that quite yet (and it still won't protect meta data- who you talk to and when and how often).

There is a standard. It's called S/MIME. It's been out for ages. I used to work in the field. The problem is that it requires key management which people find tedious. In addition, even if you have a central key repository you still have to trust someone with this information and thus the conspiracy theories would never be quelled.

I am quite aware of S/MIME. But, as you point out, it meets only one of the three criteria I stated- "standard"; it fails the other two "easy" and "transparent".

Encrypting the traffic from place to place is a good first step. Now, they just need to encrypt the files as they’re sitting, stationary, on their servers. And, of course, only the owner/originator has the key.

They do encrypt the files on their servers. End-end encryption would be the only secure solution but it requires exchanging public keys with everyone who you exchange mail with and relying on the sender to encrypt every time before sending. It's not going to happen.

Google, Inc. can encrypt Gmail emails all day long or until the sun goes supernova.... the U.S. NSA will still be able to read any email it wants. As one of the top tier intelligence agencies in the word, the NSA no doubt has someone on the inside. It is extremely naive to think otherwise. Do some bad employees inside the NSA use the data for personal, illegal purposes? Of course there are. However, the rest of the 99.99 percent are there to defend the country against foreign enemies.

We always think that government agencies having their spies within Corporate America. And yet I wonder if Corporate America doesn't have a spy or two of their own planted in certain areas of government?

Sent via Cyberspace

I still do not have the latest of Google Play Store on my Sprint HTC One and 2012 Nexus 7, is this unusual?