X

Users can automatically encrypt Gmail connection

Gmail now lets users automatically encrypt all communications with Google's e-mail servers--that is, as long as they're willing to take a performance penalty.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science. Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland

Update 12:35 p.m. PDT: I clarified this post to reflect the fact that this involves encryption only between a user's browser and Gmail's servers.

Gmail now can be set to encrypt communications between a browser and Google's servers by default, an option that makes the e-mail service harder to snoop on but also potentially slower.

Users already could encrypt communications with Gmail servers (by going to https://mail.google.com), but on Thursday, the company added an option to use that encrypted connection automatically.

Gmail now can be set to encrypt communications with its users by default.
Gmail now can be set to encrypt communications with its users by default. Google

"Your computer has to do extra work to decrypt all that data, and encrypted data doesn't travel across the Internet as efficiently as unencrypted data," Gmail engineer Ariel Rideout said in a blog post Thursday. "That's why we leave the choice up to you."

The encryption comes through use of HTTPS, a secure version of the HTTP protocol that governs how Web browsers fetch information from servers. It's not simple to snoop on somebody else's network traffic, but it can be done when the communications aren't encrypted.

HTTPS encrypts communications only between the browser and Gmail's servers. It's not like PGP (nee Pretty Good Privacy) or GPG (GNU Privacy Guard) software that encrypts e-mail all the way from source to destination.

The Gmail login process is always encrypted.

(Via Google Blogoscoped.)