Donate
‹ Back
Deploy360 21 March 2014

Google Is Now Always Using TLS/SSL for Gmail Connections

Dan York
By Dan YorkDirector of Web Strategy

Gmail logoWe were pleased today to read that Google is now changing their Gmail service to always use TLS-encrypted connections. As they note in their announcement blog post:

Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet. 

The key point is the one I emphasized in bold in the text: attackers cannot listen in on your messages as they go between your mail client (which could be your web browser) and Gmail’s servers.   Obviously the messages could still be potentially viewed either on your client device or on Gmail’s servers… but this step is removing the ability for the messages to be viewed “on the wire”.

This is a great example of the kind of action we’d like to see to make communication over the Internet more secure- and why we launched our new “TLS for Applications” section of this site.  We want to encourage more application providers and developers to make the steps that Google has done here.

Kudos to the Google/Gmail team for taking this step!

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Google Takes First Step Toward End-to-end Email Security
Google Takes First Step Toward End-to-end Email Security
Open Internet Standards5 June 2014

Google Takes First Step Toward End-to-end Email Security

I was very excited when I read Google's announcement about their beta release of a Chrome extension that will allow...

Wired: It's Time To Encrypt The Entire Internet
Deploy36023 April 2014

Wired: It's Time To Encrypt The Entire Internet

Is it time to "dump the plain text Internet" and encrypt everything everywhere? That's the main thrust of an article...

Awesome News About HTTPS As A Ranking Signal, Google! Now Can We Please Get IPv6 And DNSSEC, Too?
Deploy3607 August 2014

Awesome News About HTTPS As A Ranking Signal, Google! Now Can We Please Get IPv6 And DNSSEC, Too?

The big news hitting the online marketing world today is that Google has indicated that the use of HTTPS in...

Join the conversation with Internet Society members around the world