An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to gostips@gmail.com.

January 13, 2010

Gmail's HTTPS Access Is Enabled by Default

Unlike other popular webmail services, Gmail allows you to read your messages using a secure connection by visiting https://mail.google.com. In 2008, Gmail added an option that redirected you to the https version and now this option is enabled by default.

"Using https helps protect data from being snooped by third parties, such as in public wifi hotspots. We initially left the choice of using it up to you because there's a downside: https can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data. Over the last few months, we've been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do," explains Gmail's blog.

To disable this feature, go to Gmail's settings page, select "Don't always use https" and click on "Save changes". If you can't use Gmail offline when this feature is enabled, try this workaround.


Even if this feature is restricted to Gmail, there's an interesting side-effect: if you open Google Calendar, Google Docs, Google Sites and Google Reader by clicking on Gmail's navigational links, you'll use the https versions of those services.

3 comments:

  1. If you use Gmail Notify and enable HTTPS for Gmail you must "patch" it by changing it.
    http://mail.google.com/support/bin/answer.py?hl=en&answer=9429
    The change is only a registry setting where the address is changed from http to https.

    [HKEY_CURRENT_USER\Software\Google\Gmail\Flags]
    "url"="https://mail.google.com/mail/"

    ReplyDelete
  2. In Singapore I was automatically redirected from https to http. In the Hotel as well as in the Airport.

    ReplyDelete
  3. I've been using https on Calendar and Reader for a while now. One thing this did change was the iGoogle Gmail module. It used to complain if https was forced, but not anymore.

    ReplyDelete

Note: Only a member of this blog may post a comment.