All incoming and outgoing Gmail messages will use encrypted HTTPS connections to better protect them from interception by attackers or spying under a new policy Google recently announced for its Gmail services.
The new policy was unveiled by Nicolas Lidzborski, the security engineering lead for Google’s Gmail service, in a March 20 post on the Google Enterprise Blog.
“Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email,” wrote Lidzborski. “Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet.”
That means that Google will encrypt every single email message sent or received by each account user while it is moving internally through Google’s systems, he wrote. “This ensures that your messages are safe not only when they move between you and Gmail’s servers, but also as they move between Google’s data centers—something we made a top priority after last summer’s revelations.”
In the fall of 2013, it was revealed that the U.S. National Security Agency (NSA) had allegedly spied on data in Google and Yahoo data centers, according to an earlier eWEEK report. Google Executive Chairman Eric Schmidt harshly criticized the NSA over the revelations last fall, which were revealed among documents released by former NSA contractor Edward Snowden. The documents showed that the spy agency had tapped the communications links between the Internet and the data centers of large online service providers. The backlash against the surveillance and data-gathering activities of the NSA continues to gather momentum with calls for political action to limit the agency’s powers and new revelations about the extent to which the spy agency went to tap into Internet communications.
“Your email is important to you, and making sure it stays safe and always available is important to us,” wrote Lidzborski. “As you go about your day reading, writing, and checking messages, there are tons of security measures running behind the scenes to keep your email safe, secure, and there whenever you need it.”
Google’s “commitment to the security and reliability of your email is absolute, and we’re constantly working on ways to improve,” he wrote.
Google’s Gmail, now in its 10th year, launched its services on April 1, 2004.
In January 2014, Google unveiled a new feature that lets users communicate via email more easily between their Gmail and Google+ accounts. The changes allow Gmail and Google+ users to send an email to another user even when they don’t have that user’s actual email address. The feature suggests a user’s Google+ connections as recipients when they are composing a new email by displaying a list of contacts as the first letter of the name of a recipient is typed in. The sender’s email address is only shared with the targeted recipient and the recipient’s email address is only shared if he or she agrees to receive the message.
Google developed the new feature as a way to allow people who might know each other to communicate via email even in cases where they don’t have each other’s email addresses, while giving users control over who may contact them.