HTTPS is now the default setting for Gmail users. Google's security decision follows revelations of efforts by attackers to improperly access the Gmail accounts of Chinese human rights activists.
has opted to turn on HTTPS
for Gmail continuously by default to protect
move follows the revelation that there have been repeated attempts to access
Gmail accounts belonging to Chinese
human rights activists,
as well as calls from security and privacy experts
for Google to deploy the technology automatically to secure e-mail.
the last few months, we've been researching
the security/latency tradeoff
and decided that turning HTTPS [HTTP Secure] on
for everyone was the right thing to do," Gmail Engineering Director Sam
Schillace wrote Jan. 12 on the official Gmail blog.
"We are currently
rolling out default HTTPS for everyone. If you've previously set your own HTTPS
preference from Gmail Settings,
nothing will change for your account ... Gmail will still always encrypt the log-in
page to protect your password. Google Apps users whose admins have not already
defaulted their entire domains to HTTPS will have the same option."
2008, Google gave Gmail users the option of choosing to use HTTPS by default. In
June 2009, the company announced that it would consider
making HTTPS the Gmail default
following an open letter to Google CEO
Eric Schmidt from nearly 40 security pros urging the company to enable industry-standard
transport encryption technology by default for Gmail, Google Docs and Google
will retain the ability to turn off HTTPS if they have performance concerns,
Schillace said, explaining that those who don't want the feature can select "Don't
always use HTTPS" from the settings menu.