January 13, 2010 | By Peter Eckersley

Gmail Takes the Lead on Email Security

Last night, Google announced that Gmail sessions will now be fully encrypted with HTTPS by default. This is excellent news — EFF congratulates Google for taking this significant step to safeguard their users' privacy and security.

Previously, it was possible to encrypt your access to Gmail, but it required altering the default configuration. Now every Gmail user will get the benefits of encryption without needing to know that they need it.

With this development, Google has taken a clear two-step lead over its competition: other major hubs for personal communication such as Facebook, Yahoo! mail, Hotmail, and LiveJournal do not even make the use of HTTPS possible, let alone the default. A handful of smaller, specialist webmail providers do offer HTTPS, but Google is alone in bringing basic email security to the mainstream Web.

Frankly, it's time for Facebook, Yahoo!, Microsoft, and company to raise their game. If you are using those email services, then anyone using the same local network as you can read your communications or break into your account. And that's just not good enough.

P.S.: A great next step for Google would be to implement HTTPS for Google Search. Until that happens, the only way to get private, encrypted searches is by using a an HTTPS search engine like Ixquick or a third-party proxy to Google like ssl.scroogle.org, which requires users to trust the proxy operator. We understand that there are some latency costs to delivering search over HTTPS, and while new standards are needed to solve that problem, there's no reason not to offer optional search encryption in the mean time.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Once again, @RIAA asks a court to order the entire world to block & filter an app they don't like. https://eff.org/r.pnjt #SOPApower

Oct 13 @ 4:48pm

The JPEG Committee is considering ways to improve image privacy and security. Adding DRM to JPEG would do neither. https://eff.org/r.6riw

Oct 13 @ 4:35pm

These 21 tech companies have come out unequivocally against crypto back doors. Obama should join them. https://eff.org/r.aonp

Oct 13 @ 4:15pm
JavaScript license information