It seems that Google is deciding that when it comes to being screwed with, it is mad as hell, and not going to take it anymore.
Tired of having things messed with by hackers, wherever they might come from, the company is locking down Gmail by default, and forcing the user to remove the secure connection if they so desire. This absolves Google of any blame if the security protocol is removed, and gives it a bit of breathing room until the next set of attacks.
The news from PC Magazine lets the world know that the company takes everyone’s security (and privacy) seriously, which strikes a very good tone after the verbal gaffe made last month by the Google CEO.
At this point, Google only uses this encryption process, known as HTTPS, during the sign-in process in order to protect your password. HTTPS keeps e-mail encrypted as it travels between your web browser and servers and is mostly used for things like banks and credit card company Web sites.
In 2008, Google rolled out the option to switch to HTTPS at all times. Last year, at the behest of 37 privacy and security experts, Google said it was thinking about moving all Gmail users to 24-7 HTTPS as a security measure.
“Over the last few months, we’ve been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do,” Sam Schillace, Gmail engineering director, wrote in a Wednesday blog post.
Every time it takes a few extra seconds to get your mail, remember that you don’t want it being hacked, and resist the temptation to complain.
Why is this even an issue? While HTTPS makes your Gmail inbox more secure, that extra security can also affect performance, causing a delay in Gmail activities. As a result, those who believe their network is secure and do not want to risk Gmail delays can opt-out of HTTPS under the Gmail Settings menu.
“We are currently rolling out default https for everyone,” Schillace wrote. “If you’ve previously set your own https preference from Gmail Settings, nothing will change for your account.”
Customers who use offline Gmail will likely encounter problems, Schillace said. Specifically, offline Gmail might not sync your mail and shortcuts and bookmarks might behave differently when you’re online versus offline.
The easiest way to fix this problem is to opt-out of HTTPS, but for those worried about security, Google has posted a workaround on its Gmail Help page that lets you switch your offline Gmail so that it syncs with the HTTPS URL rather than HTTP.
With all the problems encountered today with security, this little bit of inconvenience is certainly worthwhile. Though you might have to change a few things, in the long run it’s a good thing. I haven’t tried getting my mail today, but I’ll report any problems – it can’t be any worse than when Hotmail changed to delta sync.