/* Style Definitions */
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-fareast-font-family:”Times New Roman”;
mso-bidi-font-family:”Times New Roman”;
Imagine your attic has an extra door that you share with a
nosy neighbor. Usually it stays closed (the door, of course). Closed doesn’t
(always) mean locked. Because neither you nor the neighbor has the key. You
assume that your neighbor doesn’t sneak in your house, but how would you be
able to tell if you are down in the living and the upstairs door is open (not
This is pretty much the principle that led to the HTTPS (Hyper
Text Transfer Protocol Secure) – to protect you and your data from nosy people
(not necessarily limited to your neighbors).
HTTPS stands for the use of an ordinary HTTP over an
encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
connection. When a user connects to a Web site via HTTPS, the Web site encrypts
the session with a digital certificate, and establishes a secured connection which
makes it impossible for a third party to eavesdrop.
Why should that be so important? Coming back to the nosy
neighbor, would you like to have him in upstairs when you call at the bank to
check your balance and have to go through that procedure where you recite you
name, address, card number, password and so on? Probably not. HTTPS is the
protocol you would like to use when you check your e-banking and e-commerce
account or when you purchase goods and services on-line. But what about e-mail?
Google, for instance, doesn’t think that you need https://
by default for the entire e-mail session – meaning all the time you spend
on-line for reading or writing e-mails – but only when you log in to your
account: “We use https to protect your password every time you log into Gmail,
but we don’t use https once you’re in your mail unless you ask for it”.
In the same blogpost,
Gmail Team motivated that “https can make your mail slower. Your computer has
to do extra work to decrypt all that data, and encrypted data doesn’t travel
across the internet as efficiently as unencrypted data. That’s why we leave the
choice up to you”.
One can tell if they are connected to a secure website if
the website URL begins with https:// (instead of http://) and displays a
padlock icon to indicate that the website is secure, as it also displays
https:// in the address bar.
Ideally, you should always turn this option on, even for
e-mail. Or, if you prefer, to change the locker to that attic door and thus
make sure that the nosy neighbor is confined to his own quarters.
When you write, read, send and receive e-mails over an
unencrypted connection, chances are that you also send some sensitive content.
However, in the absence of a secured connection, the data that gets to and from
the Gmail’s servers in clear could easily be intercepted by a thir party and
your session hijacked.
Same principles apply for the so-called in the cloud
applications from Google, like Google Docs and Google Calendar. Think about the
nosy neighbor getting his fingers on your sales report or… your hot dates
calendar : D
So, to permanently enable this feature in Gmail, follow the
1. Sign in to Gmail.
2. In the upper-right corner of the page, choose Settings.
3. In the Browser Connection
category, check the option Always use
4. Click Save Changes.