HTTPS is now the default setting for Gmail users. Google's security decision follows revelations of efforts by attackers to improperly access the Gmail accounts of Chinese human rights activists.
Google
has opted to turn on HTTPS for Gmail continuously by default to protect
user e-mails.
The
move follows the revelation that there have been repeated attempts to access
Gmail accounts belonging to
Chinese
human rights activists, as well as calls from security and privacy experts
for Google to deploy the technology automatically to secure e-mail.
"Over
the last few months, we've been
researching
the security/latency tradeoff and decided that turning HTTPS [HTTP Secure] on
for everyone was the right thing to do," Gmail Engineering Director Sam
Schillace wrote Jan. 12 on the official Gmail blog.
"We are currently
rolling out default HTTPS for everyone. If you've previously set your own HTTPS
preference from Gmail
Settings,
nothing will change for your account ... Gmail will still always encrypt the log-in
page to protect your password. Google Apps users whose admins have not already
defaulted their entire domains to HTTPS will have the same option."
In
2008, Google gave Gmail users the option of choosing to use HTTPS by default. In
June 2009, the company announced that it would
consider
making HTTPS the Gmail default following an open letter to Google CEO
Eric Schmidt from nearly 40 security pros urging the company to enable industry-standard
transport encryption technology by default for Gmail, Google Docs and Google
Calendar.
Users
will retain the ability to turn off HTTPS if they have performance concerns,
Schillace said, explaining that those who don't want the feature can select "Don't
always use HTTPS" from the settings menu.
Email
Print
