Users can automatically encrypt Gmail connection

Update 12:35 p.m. PDT: I clarified this post to reflect the fact that this involves encryption only between a user's browser and Gmail's servers.

Gmail now can be set to encrypt communications between a browser and Google's servers by default, an option that makes the e-mail service harder to snoop on but also potentially slower.

Users already could encrypt communications with Gmail servers (by going to https://mail.google.com), but on Thursday, the company added an option to use that encrypted connection automatically.

Gmail now can be set to encrypt communications with its users by default.

(Credit: Google)

"Your computer has to do extra work to decrypt all that data, and encrypted data doesn't travel across the Internet as efficiently as unencrypted data," Gmail engineer Ariel Rideout said in a blog post Thursday. "That's why we leave the choice up to you."

The encryption comes through use of HTTPS, a secure version of the HTTP protocol that governs how Web browsers fetch information from servers. It's not simple to snoop on somebody else's network traffic, but it can be done when the communications aren't encrypted.

HTTPS encrypts communications only between the browser and Gmail's servers. It's not like PGP (nee Pretty Good Privacy) or GPG (GNU Privacy Guard) software that encrypts e-mail all the way from source to destination.

The Gmail login process is always encrypted.

(Via Google Blogoscoped.)

[protagonistic]

I have been able to encrypt my GMail traffic for years. All that was needed was GPG.

[rucknrun]

Me too but all I did was use https. Originally to avoid my work blocking http://mail.google.com.

[n3td3v]

I've been using HTTPS on Google Groups for years and haven't seen a slow down in performance, https://groups.google.com so I don't see why there would be any difference with the speed on Google Mail.

[pacoverde]

I hope people don't misinterpret this article as meaning they can now automatically encrypt all of their GMail *email*. This article is about encrypting their *browser* *session* with GMail over https; that is not the same thing as end-to-end encryption of your email, as might be provided by GPG or S/MIME email encryption.

[mike.gw]

Glad you pointed this out, beause I was wondering how they handled decryption on the part of the receiving e-mail server in a seamless way.

[Shankland]

Thanks for the input--you're right that I should have been a bit more explicit about which part of the communication chain is encrypted. I'll add an update.

[zaznet]

Yeah, the topic made me think it was some kind of built in end to end encryption of messages between Gmail users. I don't find the option to always default to https as very news worthy.

[KOFury]

So what? Other webmail providers have had secure HTTPs viewing for years. The title of the story, in my opinion, is completely misleading and will lead to harmful results. The average, non-technical business person, after reading this article are going to turn on HTTPS and will send confidential messages thinking "Wow, my email commnications with gmail are now encrypted". Hey people, GMail does *NOT* provide end-to-end encrypted email! Don't fall for the hype.

[Africord]

Gmail has encrypted their pop/smtp service from the very beginning. See http://mail.google.com/support/bin/answer.py?answer=75291