ureadit

If you have a free Google Gmail account, you may want to take notice of a slight change in the way Gmail operates. Google just announced that they are turning on HTTPS by default. What does this mean?

HTTPS stands for Hypertext Transfer Protocol – Secure. The “S” part, which stands for “Secure,” ensures that your communication with the Google Gmail server remains secure from prying eyes. As Google states, “Banks and credit card companies use this same protocol to keep your online accounts safe.” How does HTTPS keep your communication secure? 

There are several considerations when looking at digital security, two of which are:

Why is this important? If you’re sitting in a coffee shop with your laptop and working on personal emails through the coffee shop’s wireless connection, you wouldn’t want someone else in the same coffee shop looking in on your personal stuff. This is very easy to do if you’re not encrypting your data. All a potential spy needs to do is pull the wireless signals out of the air with his own laptop and read what’s going on. On the other hand, if you and the Gmail server are encrypting the data, that guy sitting conspicuously in the corner sipping his cup of coffee and staring at his laptop cannot spy on you. If he were to try, he would only see gibberish like, “ajJi3@ka(dsfBxk_0jDS%adf”.

What was not well known before Google made this recent announcement was that HTTPS was always an option; however, its default state was set to “Off” and not “On.” How does all this affect you? It doesn’t, really. As soon as your PC receives a web page from the Gmail server that begins with “HTTPS”, it will know that the rest of the message will be encrypted, and it turns on its own encryption engine automatically without bothering you.

Now what keeps the spy from turning on his encryption as well? Well, he could, but then, he wouldn’t know what “key” is being used between you and the Gmail server. When the Gmail server begins its conversation with your laptop, it sends out a “public” encryption key that both you and the spy can access; however, when you respond with your login name and password – which the spy presumably does not know – it will be encrypted with that public key. If the spy were to try and read what you’re sending back to the Gmail server, he would not be able to decode the encrypted data that you’ve encoded with the public key. Why? Because the public key used for encryption cannot be used to unencrypt the data that you send back to Gmail. That data can only be unencrypted with a “private” encryption key, and only the Gmail server has possession of that private key.

To make a long story short, you should use the HTTPS option with your Gmail account, if you’re not using it already. To check whether or not you’re using it, go to the “Settings” page on Gmail and check the box that says “Always use https”, as shown in the screenshot at the top of this article. Make sure you hit the “Save Changes” button at the bottom of the settings page. From that point forward, all your communication between you and the Gmail server will be safe from prying eyes.

Best,

Dan

TrackBack URI for this entry

Name

Email

Website

Title

Comment

smaller | bigger

Write the displayed characters

Add Comment