HOW TO....

Why HTTPS is (always) good for you

Even when it comes to e-mail, g-mail, any-mail





/* Style Definitions */
{mso-style-name:”Table Normal”;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-fareast-font-family:”Times New Roman”;
mso-bidi-font-family:”Times New Roman”;

Imagine your attic has an extra door that you share with a
nosy neighbor. Usually it stays closed (the door, of course). Closed doesn’t
(always) mean locked. Because neither you nor the neighbor has the key. You
assume that your neighbor doesn’t sneak in your house, but how would you be
able to tell if you are down in the living and the upstairs door is open (not

This is pretty much the principle that led to the HTTPS (Hyper
Text Transfer Protocol Secure) – to protect you and your data from nosy people
(not necessarily limited to your neighbors).

HTTPS stands for the use of an ordinary HTTP over an
encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
connection. When a user connects to a Web site via HTTPS, the Web site encrypts
the session with a digital certificate, and establishes a secured connection which
makes it impossible for a third party to eavesdrop.

Why should that be so important? Coming back to the nosy
neighbor, would you like to have him in upstairs when you call at the bank to
check your balance and have to go through that procedure where you recite you
name, address, card number, password and so on? Probably not. HTTPS is the
protocol you would like to use when you check your e-banking and e-commerce
account or when you purchase goods and services on-line. But what about e-mail?

Google, for instance, doesn’t think that you need https://
by default for the entire e-mail session – meaning all the time you spend
on-line for reading or writing e-mails – but only when you log in to your
account: “We use https to protect your password every time you log into Gmail,
but we don’t use https once you’re in your mail unless you ask for it”.

In the same blogpost,
Gmail Team motivated that “https can make your mail slower. Your computer has
to do extra work to decrypt all that data, and encrypted data doesn’t travel
across the internet as efficiently as unencrypted data. That’s why we leave the
choice up to you”.

One can tell if they are connected to a secure website if
the website URL begins with https:// (instead of http://) and displays a
padlock icon to indicate that the website is secure, as it also displays
https:// in the address bar.

Why HTTPS is (always) good for you

Ideally, you should always turn this option on, even for
e-mail. Or, if you prefer, to change the locker to that attic door and thus
make sure that the nosy neighbor is confined to his own quarters.

When you write, read, send and receive e-mails over an
unencrypted connection, chances are that you also send some sensitive content.
However, in the absence of a secured connection, the data that gets to and from
the Gmail’s servers in clear could easily be intercepted by a thir party and
your session hijacked.

Same principles apply for the so-called in the cloud
applications from Google, like Google Docs and Google Calendar. Think about the
nosy neighbor getting his fingers on your sales report or… your hot dates
calendar : D

So, to permanently enable this feature in Gmail, follow the
steps below:

1. Sign in to Gmail.

2. In the upper-right corner of the page, choose Settings.

3. In the Browser Connection
category, check the option Always use

Why HTTPS is (always) good for you

4. Click Save Changes.

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples, messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.