Google switches Gmail to HTTPS only

Filed Under: Cryptography, Featured, Google, Privacy

Lock. Image courtesy of ShutterstockThe miasma of an ever-widening NSA/GCHQ/FBI/et al surveillance state has caused indignant companies such as Microsoft and Google to pledge end-to-end data encryption.

On Thursday, Google made good on the pledge, announcing that it is now, in fact, using an always-on HTTPS connection and encrypting all Gmail messages moving internally on its servers.

Google has supported HTTPS since it was launched, it pointed out.

The company made HTTPS the default with its Gmail service back in 2010 and then, later, did the same with many web queries using its own search engine.

Now, says Gmail Security Engineering Lead Nicolas Lidzborski, it's all encrypted between us and Gmail's servers, whether we're surfing oh-so-scary public WiFi or logging in from our gizmos, be they computer, phone or tablet.

Not only that, but once they get into Google's digestive system, Gmail messages will be encrypted internally, too, he says:

Every single email message you send or receive - 100 percent of them - is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers - something we made a top priority after last summer's revelations.

Google's protection has hitherto stopped when data got to the company's data centers: those treasure troves of information such as our web searches, emails, and browsing histories, for example.

The changes announced Thursday will make it tougher for snoops - be they the NSA or hackers - to pry open Gmail sessions.

But as the Washington Post points out, Google's new encryption only protects email if both the sending and receiving email providers are using it.

It doesn't cover data traveling between services - from one email provider to another, for instance.

The Post points to this LifeHacker tutorial on how to use encryption on email.

Of course, bear in mind that, encryption or no encryption, Google, like any email service provider, is compelled to hand over data whenever the government (legally) tells it to jump.

Image of lock courtesy of Shutterstock.

, ,

You might like

3 Responses to Google switches Gmail to HTTPS only

  1. Too late. And basically innocuous.

  2. private · 561 days ago

    But don't worry. The NSA probably has a key to the encryption

  3. Anonymous · 561 days ago

    Go to less tyranical countriesssssssss

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.