Google updates Gmail With “encrypted HTTPS connection”.
With the recent increase in necessary protection from government digital-spying, Google has decided to tighten up their Gmail encryption screws by removing the option to turn of HTTPS.
Google originally gave their users the option of encrypting their Gmail session through the use of HTTPS (Hypertext Transfer Protocol Secure) communications protocol back in 2008. Google would turn it on by default during 2010 for all users, but allowed them the choice of turning it off manually. This doesn’t seem to be the case another though.
“Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email,” Nicolas Lidzborski, Gmail Security Engineering Lead, wrote in a blog post Thursday.
He focused on the security benefits of having HTTPS permanently on “Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet,” Lidzborski wrote.
Furthermore, all messages that are sent or received by Gmail user will maintain its encryption while moving among Google data cents. That is “something we made a top priority after last summer’s revelations,” Lidzborski wrote, while implying to the recent press leaks from whistleblower Edward Snowden, a former contractor for the U.S. National Security Agency who became disgruntled with the surveillance methods and practices.
When he announcement for HTTPS became available for Gmail and later with it became defaulted to always be on, Google officials notice the security boost from using HTTPS would sacrifice performace by increasing latency to a certain point. This was not mentioned anywhere in their blog post.
When asked for a comment on the security performance tradeoff for permanent HTTPS, a Google Spokeswoman said that Gmail teams are working hard to alleviate any performance issue, and a this current moment the company believes it makes no sense to allow unencrypted HTTP connections. And anyways most of the users already use HTTPS, she added.