SAN FRANCISCO, 14 JANUARY 2010 - At the risk of inconveniencing some users, Google has moved its Gmail to a more secure protocol. The timing of the action is seen as a response to Chinese hacking attempts against the online mail service.
Google had previously offered HTTPS access to Gmail as an option, but Tuesday said it has become the default and would be rolled out to users over the next several weeks.
HTTPS, which encrypts Web traffic, is more resource intensive and thus more expensive for Google to offer. The change was announced on the company's official blog, though without a mention of Google's dispute with China over e-mail hacking attempts.
"Using HTTPS helps protect data from being snooped by third parties, such as in public Wi-Fi hotspots," wrote Sam Schillace, Gmail engineering director.
"We initially left the choice of using it up to you because there's a downside: HTTPS can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data. Over the last few months, we've been researching the security/latency tradeoff and decided that turning HTTPS on for everyone was the right thing to do."
HTTPS stands for Hypertext Transport Protocol Secure. It is intended to prevent eavesdropping and so-called man-in-the-middle attacks on information as it traverses the Internet.
Default HTTPS use on Gmail will protect confidential business information, which HTTP doesn't attempt to accomplish. This is important to business users, especially those Gmail users whose business includes campaigning for human rights in China.
HTTPS is the connection protocol already used by financial institutions and other organizations that require secure connections to Web pages and applications. URLs for these connections begin HTTPS://.
For most users, the change should be smooth and perhaps even go unnoticed. However, users that are setup to use Gmail while offline could face trouble.
"If you use offline Gmail over HTTP currently, the switch to HTTPS is likely to cause some problems," the company warned. It offered a link to a page offering instructions for working around the issue.
My take: Though Google's reputation is justifiably tarnished by its near clueless handling of the Nexus One smartphone introduction, it's handling of the China issue--and willingness to sacrifice perhaps billions in long-term revenue--shows Google takes protecting its customers most seriously.
The Nexus One flap will eventually blow over. But, among those who pay attention, Google's noble defense of its customers will be remembered for a very long time.
