Jan 13, 2010

GMail Enables HTTPS by Default

I've always wondered why this wasn't the case to begin with...

To disable this feature, go to Gmail's settings page, select 'Don't always use https' and click on 'Save changes'. If you can't use Gmail offline when this feature is enabled, try this workaround.

Gmail's HTTPS Access Is Enabled by Default: "Unlike other popular webmail services, Gmail allows you to read your messages using a secure connection by visiting https://mail.google.com. In 2008, Gmail added an option that redirected you to the https version and now this option is enabled by default.

'Using https helps protect data from being snooped by third parties, such as in public wifi hotspots. We initially left the choice of using it up to you because there's a downside: https can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data. Over the last few months, we've been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do,' explains Gmail's blog.

Even if this feature is restricted to Gmail, there's an interesting side-effect: if you open Google Calendar, Google Docs, Google Sites and Google Reader by clicking on Gmail's navigational links, you'll use the https versions of those services.