Gmail Encryption

One of the reasons I love Gmail (as if you needed another) is that since day one, Google has allowed you to encrypt your entire session.  Gmail has always encrypted your login information, but typically turns off SSL afterwards.  This has the unpleasant side effect of allowing anyone to view your mail (and calendar, and docs) when you’re in a public environment such as a WiFi hot spot.

Or, to be a little more menacing, it means that your employer — or your housemates, or anyone on your network segment — can read your personal emails.

I don’t know about you, but I don’t necessarily want everyone viewing my mail.  It’s mine.  It’s private.  Not yours.

Until now, the only way around this problem was to log in via https://mail.google.com.  This forces SSL encryption for your entire session, meaning that everything — not just your login information — gets encrypted.  A few days ago, Google added an option to always force whole-session encryption, no matter how you log in.  There’s really no reason not to enable this (there is a tiny performance hit that will be unnoticable for just about everyone on anything faster than dialup), so here’s how you do it:

  1. Log into your Gmail account
  2. Click “Settings”
  3. Set “Browser Connection” to “Always use https”

Done.  Your Gmail is now slightly more secure, and you no longer have to worry about the person across from you at the coffee shop intercepting that email from Aunt Edna.