Gmail users get full, always-on HTTPS

Google has made good on its word and has introduced default encryption for all Gmail users.

“Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email,” Nicolas Lidzborski, Gmail Security Engineering Lead, shared last week. “Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet.”

“In addition, every single email message you send or receive—100 percent of them—is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail’s servers, but also as they move between Google’s data centers—something we made a top priority after last summer’s revelations,” he explained, alluding to the spying revealed by NSA whistleblower Edward Snowden.

The always-on HTTPS means that Gmail will be a little bit slower for users, but not much. Also, the new security measures will protect the emails only if both the sender and recipient use Gmail, as most other email providers didn’t incorporate the same protection.

Finally, Lidzborski advised users to consider additional ways to keep themselves safe while using their email account, such as choosing strong passwords and enabling 2-step verification.