China Syndrome: Gmail Now Defaults To Encrypted Access

chinasyndrome01As you’ve no doubt heard by now, Google is ending its censorship in China and as a result, may have to pull out of the country. As you also may have heard, this is the direct result of the attempted hacking of some Gmail accounts. Google obviously takes its security seriously, and they’ve made that more clear by announcing that all Gmail accounts will now default to the encrypted version of the service.

Specifically, once Google is done rolling this out to its users (it’s in the process of doing it now), the default URL for Gmail will include HTTP Secure (you can tell by looking at the url and seeing if it begins with “https”). “Using https helps protect data from being snooped by third parties, such as in public wifi hotspots,” Google writes today on its Gmail Blog. And while this wouldn’t have stopped the type of Gmail hacking that it seems was going on in China, it does make the service significantly more secure. Anytime you hear the words “hacking” and “Gmail” in the same sentence, it’s not good for Google as it attempts to convince everyone in the world that cloud-based email is the way to go. So a move like this following the China situation is a smart one.

Google started offering the option to enable this method of access for Gmail all the time in 2008, but it was previously opt-in. Now it will be opt-out (which you will be able to do in the settings). So why didn’t they turn this on sooner? Because https connections are typically slower than regular http connections since the data must be encrypted and decrypted first. But Google is now saying that after months of testing the latency of https, it feels comfortable enough with the performance trade-off to turn it on for all.

They also warn that switching to https can cause some issues if you use Gmail offline access. Read more about there here, as well general Gmail security here.