Comments on: Encryption is the answer

By: Harry Lewis

Harry Lewis — Sat, 20 Jun 2009 16:01:16 +0000

Assuming Apple has implemented https correctly, you’re safe.

By: shire_stalker

shire_stalker — Fri, 19 Jun 2009 16:55:35 +0000

Thanks for those further clarifications. I feel much better about having used the https log-in since it became available. It’s unfortunate that google isn’t doing more to encrypt given that most of the known problems out there have viable solutions (ie, the wifi sniffing mentioned above, or preventing phishing attempts with extended validation ssl’s green url bar).

One question, though, from the non-expert: how does this change while accessing Gmail through, say, an iPhone 3G network rather than a wifi connection? Obviously https is still an option, but is its preventative power affected at all from the change?

By: Harry Lewis

Harry Lewis — Thu, 18 Jun 2009 18:39:17 +0000

Konstantin and brian,

Sorry I wasn’t more specific; you are both correct. Both ends of the email communication have to to be using encryption for the communication to be secure along the whole path (plus the path between servers, if they are different). People have the same confusion about Blackberries — from the mobile device to the Blackberry server is encrypted, but of course if the mail is not destined for another Blackberry it will not be encrypted the rest of the way. But with Gmail, the most worrisome vulnerability is WiFi packet sniffing at the source, and using SSL solves that problem.

By: brian

brian — Wed, 17 Jun 2009 16:43:03 +0000

I’ve had https setup on my gmail account for a long time. One minor irritation is that the igoogle gadget for gmail doesn’t work when you have https turned on- I wish they’d fix that.

As another poster has pointed out, using https only protects your email as it goes from your machine to google’s server. From there on, it’s sent unencrypted to the recipients server. The chances that some hacker will be listening in on your Wifi network are much higher than that they’ll be listening to the traffic between Google’s server and the destination mail server, so it really does make sense to use https. However, it certainly doesn’t protect your email from snooping by the NSA.

By: Konstantin Pozin

Konstantin Pozin — Wed, 17 Jun 2009 15:00:18 +0000

This is inaccurate. Gmail does not have the option of encrypting mail that is being sent. HTTPS only encrypts communications between your browser and Gmail’s servers while you’re interacting with the Gmail web client. Once you hit send, your message travels across the Internet from Google’s mail servers to the recipient’s mail server. This happens over the SMTP protocol, in clear text.
Unless both you and your recipient use additional tools for encrypting and decrypting mail before it’s sent over SMTP, anyone who is listening in can read your messages in transit. This is what the NSA does.

By: XkiD | Encryption is the answer | blog.xkid.ro

XkiD | Encryption is the answer | blog.xkid.ro — Wed, 17 Jun 2009 14:32:10 +0000

[...] here: Encryption is the answer Posted in News | Tags: actually-know, double, file-today, fine-but, one-answer, one-encrypts, [...]