Perhaps no company has been as vocal with its feelings about the revelations about the NSA’s collection methods as Google has, and the company has been making a series of changes to its infrastructure in recent months to make it more difficult for adversaries to snoop on users’ sessions. The biggest of those changes landed Thursday when the company switched its Gmail service to HTTPS only, enforcing SSL encryption on all Gmail connections.

The change is a significant one, especially given the fact that Google also has encrypted all of the links between its data centers. Those two modifications mean that Gmail messages are encrypted from the time they leave a user’s machine to the time they leave Google’s infrastructure. This makes life much more difficult for anyone–including the NSA–who is trying to snoop on those Gmail sessions.

“Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet,” Nicolas Lidzborski, Gmail Security Engineering Lead, wrote in a blog post.

“In addition, every single email message you send or receive—100 percent of them—is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail’s servers, but also as they move between Google’s data centers—something we made a top priority after last summer’s revelations.”

Google was in the process of encrypting the links between its data centers last year before the news broke that the NSA had the ability to tap those links and gather email messages and other data. That revelation enraged Google security engineers, and the company accelerated its plans to encrypt the links between data centers.

Gmail users have had the option to enable HTTPS only as the default connection option for more than four years. But the typical user may not have known that option was available. Now, users don’t need to think about it; they’re connections to Gmail will always be encrypted by default.

Categories: Uncategorized

Comments (4)

  1. DaveLessnau
    1

    Encrypting the traffic from place to place is a good first step. Now, they just need to encrypt the files as they’re sitting, stationary, on their servers. And, of course, only the owner/originator has the key.

    Reply
  2. Ed H
    2

    Full, seamless support in GMail for S/MIME would be nice, too. For both @gmail.com and hosted domains.

    Even better if it’s automatic for known hosted-by-Google domains. “Sending an email to another @gmail.com user? Automatically encrypted the entire way. Sending to a domain that uses Google Apps/Gmail to run their email? Automatically encrypted the entire way.”

    Reply
  3. Rave
    3

    This is all about BLA BLA BLA … They think we are idiots. It does’t mater if encryption is used or not. It’s very simple Google have signed a cooperation agreement with NSA but for stupid people they say it’s great and all is OK with SSL and HTTPs.

    Reply
  4. John
    4

    But this article said “Those two modifications mean that Gmail messages are encrypted from the time they leave a user’s machine to the time they leave Google’s infrastructure.” which is unsupported in the article, and by my research probably inaccurate. Wish it were so, though.

    Reply

Leave A Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>