• On MovieTome: TRANSFORMERS 2 SPOILERS!
August 1, 2008 12:01 AM PDT

Keep your Gmail transmissions secure

When I mentioned in a post last week that I forward select messages from my office Microsoft Exchange account to Gmail, several people claimed that this puts the company's data at risk.

I failed to point out that the information in the messages was not at all sensitive: no invoices, strategic plans, credit-card numbers, customer records, etc.

But what if I had needed to access private information from this account on a system other than Outlook? Assuming that no company can be trusted, how could I use Gmail without worrying about security?

One part of the problem was addressed when Gmail began supporting HTTPS connections. Well, Google claims that Gmail has always supported HTTPS, but you had to add the "s" to the URL prefix manually to access the encrypted version of the service, and log in at "https://mail.google.com," not "https://www.gmail.com." (Note that Google Calendar also supports HTTPS.)

Now Gmail lets you encrypt all your connections to the service via a simple settings change. To secure your e-mail transmissions, click Settings in the top-right corner of the main Gmail page, scroll down to "Browser connection" at the bottom of the window, select "Always use https," and click Save Changes. The next time you open your Gmail in-box, the transmissions will be encrypted.

The "Browser connection" section of Gmail's Settings dialog

Make all your Gmail connections encrypted by choosing "Always use https" in Gmail's Settings dialog.

(Credit: Google)

The Gmail Help Center states that encrypting connections may slow down your page loads, but this is a small price to pay to secure your e-mail link, especially when you're computing in the great outdoors, whether using your own laptop or a public PC.

But does this truly secure your data? There are several Firefox add-ons that encrypt messages and attachments sent and received via Gmail. One of these is Gmail S/MIME by Richard Jones and Sean Leonard. Gina Trapani's Better Gmail includes encryption among many other useful Gmail enhancements.

Even these measures won't be sufficient to convince some people to trust Gmail specifically or Google generally. Nearly all of my remote connections to the office servers are made over a VPN link. When in doubt--even a little bit of doubt--encrypt.

Dennis O'Reilly has covered PCs and other technologies in print and online since 1985. Along with more than a decade as editor for Ziff-Davis's Computer Select, Dennis edited PC World's award-winning Here's How section for more than seven years. He is a member of the CNET blog Network, and is not an employee of CNET.
Recent posts from Workers' Edge
Create your own HTML e-mail newsletter
Combine your Firefox bookmarks and IE favorites
Fix glitches by updating your software
'Internet safety' may be an oxymoron
Fine-tune Vista's indexing options
Add a Comment (Log in or register) 4 comments
by fuzzyBSc August 1, 2008 1:16 AM PDT
Your email isn't really secure unless you encrypt it at the source using a Public Key Infrastructure or similar. SMTP itself is generally cleartext. Your secure network sends email over an possibly-encrypted link to a server that is hopefully either a google server or a server at your ISP. It may forward it on, etc. Encrypting your access to your mailbox doesn't help if someone has already intercepted your mail before it reached the mailbox as it passed from server to server.

The potential security problem doesn't end when the mail arrives at google's servers. Anything you can access through the gmail web interface (http or https) is likely also to be accessible to a subset of google's staff. Hopefully they are all good people, but how do you go about rating the risk of a bad apple?
Reply to this comment
by restoration85 August 1, 2008 1:27 AM PDT
Quote: "Anything you can access through the gmail web interface (http or https) is likely also to be accessible to a subset of google's staff. Hopefully they are all good people, but how do you go about rating the risk of a bad apple?"

Along that same kind of fear is the ability for a small group of network admins in a large company having access to workers' email. Often admins of a HRIS also have access to email. At some point individuals must trust that others are doing their job and accept the possibility of some privacy invasion.
Reply to this comment
by toddmw August 1, 2008 6:26 AM PDT
Strangely, when you use Google Apps for your domain, you don't get the option.
Reply to this comment View reply
Powered by Jive Software
Resource center from CNET News sponsors
Business. Ready.
Sony VAIO® Professional PCs.

Click Here!
A new grade in mobility demands a new kind of notebook. And Sony delivers.Tough, portable and featuring up to 7.5 hours of battery life, VAIO® Professional notebooks are built for business. Learn more.

Click Here!
Built tough for business.

Learn more about the rigorous quality testing Sony puts its notebooks through.

Protect your investment.

Find out why VAIO® tech support recently won a Laptop Editors' Choice Award, July 2008.

Long battery life.

See how VAIO® PCs will keep you productive longer when on the road.

Travel light

Check out our ultraportable line-up, starting at 2.87 lbs.

PCs for every need.

Find out which VAIO® notebook is right for you.

About Workers' Edge

Dennis O'Reilly has covered PCs and other technologies in print and online since 1985. Along with more than a decade as editor for Ziff-Davis's Computer Select, Dennis edited PC World's award-winning Here's How section for more than seven years. He is a member of the CNET Blog Network and is not an employee of CNET.

Add this feed to your online news reader

Workers' Edge topics

Featured blogs

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right