January 13, 2010 | By Peter Eckersley

Gmail Takes the Lead on Email Security

Last night, Google announced that Gmail sessions will now be fully encrypted with HTTPS by default. This is excellent news — EFF congratulates Google for taking this significant step to safeguard their users' privacy and security.

Previously, it was possible to encrypt your access to Gmail, but it required altering the default configuration. Now every Gmail user will get the benefits of encryption without needing to know that they need it.

With this development, Google has taken a clear two-step lead over its competition: other major hubs for personal communication such as Facebook, Yahoo! mail, Hotmail, and LiveJournal do not even make the use of HTTPS possible, let alone the default. A handful of smaller, specialist webmail providers do offer HTTPS, but Google is alone in bringing basic email security to the mainstream Web.

Frankly, it's time for Facebook, Yahoo!, Microsoft, and company to raise their game. If you are using those email services, then anyone using the same local network as you can read your communications or break into your account. And that's just not good enough.

P.S.: A great next step for Google would be to implement HTTPS for Google Search. Until that happens, the only way to get private, encrypted searches is by using a an HTTPS search engine like Ixquick or a third-party proxy to Google like ssl.scroogle.org, which requires users to trust the proxy operator. We understand that there are some latency costs to delivering search over HTTPS, and while new standards are needed to solve that problem, there's no reason not to offer optional search encryption in the mean time.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Volume 3.0 of @MuwatenRaqamy is now live in three languages! https://eff.org/r.9cze Subscribe today: https://www.digcit.org/sign-up/

May 27 @ 11:20am

Leaked TISA text reveals plans to ban FOSS mandates, globalize anti-spam laws, and limit protection of personal data https://eff.org/r.95nc

May 27 @ 10:39am

Why the Internet is broken again: part 1 of our explainer on the "Logjam" security flaw https://eff.org/r.fjm2

May 27 @ 10:35am
JavaScript license information