Google To Consider Full HTTPS For GMail
You may or may not be aware, but every time you log in to GMail you pass through an HTTPS, or Hypertext Transfer Protocol Secure, connection. HTTPS is a combination of the regular HTTP and a cryptographic protocol and is used to pass sensitive information over the internet. Google implements this into the login portion of GMail to protect your username and password. However, the rest of the service is unencrypted.
Google is considering changing this, though. According to Google software engineer Alma Whitten, “We’re planning a trial in which we’ll move small samples of different types of Gmail users to HTTPS to see what their experience is, and whether it affects the performance of their email. Does it load fast enough? Is it responsive enough? Are there particular regions, or networks, or computer setups that do particularly poorly on HTTPS?”
HTTPS is commonly used for financial web services, such as banks and credit card companies. According to PC Magazine, “security experts, [including] the Berkman Center for Internet & Society, MIT, and AT&T Research, asked Google to deploy round-the-clock HTTPS for Gmail, Google Docs, and Calendar.” Alma Whitten also said that “[f]ree, always-on HTTPS is pretty unusual in the email business, particularly for a free email service, but we see it as another way to make the web safer and more useful. It’s something we’d like to see all major webmail services provide.” She also stated that if things go well in the trial runs, we’ll likely see the switch to HTTPS for all GMail users in the near future.
This transition will be a positive boost in security for users of GMail’s various services. Many people don’t know it, but without any encryption you data can easily be intercepted by prying eyes—especially if you are using an open wifi hotspot, such as at a restaurant or hotel. With HTTPS implemented into these services, you can rest assured that your data is traveling much safer.
Are there any downsides to this change? The only things that I can think of are slight decrease in speed and POP/IMAP users might have to tweak their web client settings. The security benefits certainly outweigh the minor inconveniences.