July 19, 2006
Encrypt Gmail Traffic
By default, Gmail uses a secure connection (SSL) to check your credentials (username and password), but after that it redirects to a http connection.
Gmail encodes with gzip all the sent/ received data to transfer it faster, but this can be easily unzipped if a network sniffer monitors the traffic.
The https protocol uses more resources on both ends to encrypt and decrypt the traffic, so that's why Google didn't make it the default option.
If you want to encrypt your connection to Gmail, there is a simple option: bookmark https://mail.google.com, and use it instead of gmail.com or install a Firefox extension called Customize Google. The extension also switches Google Calendar to a SSL connection.
This is an useful trick for many sites, including meebo.com or box.net.
Updated: replaced https://www.gmail.com with https://mail.google.com to prevent a warning about the domain name in Firefox.
Related:
Create encrypted volumes
Do you trust your computer?
New features in Gmail
Gmail encodes with gzip all the sent/ received data to transfer it faster, but this can be easily unzipped if a network sniffer monitors the traffic.
The https protocol uses more resources on both ends to encrypt and decrypt the traffic, so that's why Google didn't make it the default option.
If you want to encrypt your connection to Gmail, there is a simple option: bookmark https://mail.google.com, and use it instead of gmail.com or install a Firefox extension called Customize Google. The extension also switches Google Calendar to a SSL connection.
This is an useful trick for many sites, including meebo.com or box.net.
Updated: replaced https://www.gmail.com with https://mail.google.com to prevent a warning about the domain name in Firefox.
Related:
Create encrypted volumes
Do you trust your computer?
New features in Gmail
Subscribe to:
Post Comments (Atom)
13 comments:
I'd rather let people see my emails...
Reply DeleteOh wait, I already let Google keep my emails for billions of years and read them in their spare time.
Another approach is to access https://mail.google.com/ in the first place so that you get the login page redirecting you directly through a secure connection.
Reply DeleteWith Firefox, you type this address once or twice and after some time, it proposes the address to you. (Eg. type 'mail' + down arrow + Enter).
Thanks. I've updated the post.
Reply DeleteWeird, Gmail automatically forwards to https:// when logging in. Seems this setting is default.
Reply DeleteNo, it's not. You have a https when you enter the password, after that it redirects to http://mail.google.com/mail.
Reply DeleteWhy isn't this the default behaviour for gmail? I don't just go to gmail off of my bookmarks, I go off of my calendar and google main page etc. I think every way you enter gmail should take you to the encrypted version.
Reply DeleteIf you use the GMail Notifier for firefox, it uses https:// automatically unless you choose to use "unsecure connections".
Reply DeleteI can't leave this alone as it came up near the top of a google search.
Reply DeleteThis method will not encrypt your messages as they traverse the internet between google and their final destination. It will only encrpt the traffic between your computer and the google server.
For real security you must encrypt the message at the source and decrypt it at the final destination.
@Dan:
Reply DeleteThe post doesn't say something else. It talks about "encrypting your connection to Gmail".
Will this encrypt from my employer's prying eyes at the office?
Reply Deletea google on "gmail encryption" brought up this result on the top of the page.....
Reply DeleteWhile this is certainly necessary, I also request the author to explicitly state that this article does not imply "Encrypting Email" and if possible provide a link to it anywhere if possible.... Thanks....
I want to know if Google bows under governmental pressure like Yahoo did...or will Google keep our emails safe from the prying eyes of communist dictatorships?
Reply DeleteWhile there are a lot of very valid reasons for continuing to use 3rd party encryption software, you do have to applaud Google for making this so incredibly easy. Still, as mentioned, this is not full fledged encryption. While this may be fine for many users, some will need to look elsewhere.
Reply DeleteNote: Only a member of this blog may post a comment.
[フレーム]