Users can automatically encrypt Gmail connection
Gmail now lets users automatically encrypt all communications with Google's e-mail servers--that is, as long as they're willing to take a performance penalty.
Update 12:35 p.m. PDT: I clarified this post to reflect the fact that this involves encryption only between a user's browser and Gmail's servers.
Gmail now can be set to encrypt communications between a browser and Google's servers by default, an option that makes the e-mail service harder to snoop on but also potentially slower.
Users already could encrypt communications with Gmail servers (by going to https://mail.google.com), but on Thursday, the company added an option to use that encrypted connection automatically.
"Your computer has to do extra work to decrypt all that data, and encrypted data doesn't travel across the Internet as efficiently as unencrypted data," Gmail engineer Ariel Rideout said in a blog post Thursday. "That's why we leave the choice up to you."
The encryption comes through use of HTTPS, a secure version of the HTTP protocol that governs how Web browsers fetch information from servers. It's not simple to snoop on somebody else's network traffic, but it can be done when the communications aren't encrypted.
HTTPS encrypts communications only between the browser and Gmail's servers. It's not like PGP (nee Pretty Good Privacy) or GPG (GNU Privacy Guard) software that encrypts e-mail all the way from source to destination.
The Gmail login process is always encrypted.
(Via Google Blogoscoped.)