Gmail Now Encrypts All Emails

[ARMOUR]

Gmail Now Encrypts All Emails as They Move to and from Google Data Centers

When it comes to Gmail, everything will from now on be encrypted, for both sending and receiving emails.

Google has announced that data transferred between computers and the Gmail servers will only be done through an HTTPS connection.

The webmail service has supported HTTPS since 2004, while an option to enable encryption as the default setting for an account was introduced some 4 years later. In 2010, Google made HTTPS connections the default options for users, something that very few people bothered changing.

Now, as a reaction to the entire NSA scandal and the agency’s efforts to make encryption obsolete, Google is fighting back and wants to make sure that conversations within its network are even more secure.

By enabling HTTPS for emails transferred to and from your computer and Gmail’s servers, Google is making sure that there’s no chance of someone disabling the option on your account or computer to intercept the data before it even reaches Google’s servers, something that’s been a particular favorite of intelligence agencies.

The announcement falls in line with a statement made by Google chairman Eric Schmidt who said that the company was very close to making sure that the NSA could no longer spy on its users.

SOURCE : READ FULL NEWS FROM SOFTPEDIA

[dcs18]

Have been using this Gmail encryption for quite a few years, now - in fact, even my Google is encrypted.

[AlexCross]

I see this more like " Hey, they have started to suspect how their data is used in the reality, let's give them the mirage of being safe".

Edited March 21, 2014 by AlexCross

[davmil]

Reserving, of course (as they admit), their right to scan the mail's content at & for any of their numerous reasons.

[anuseems]

The miasma of an ever-widening NSA/GCHQ/FBI/et al surveillance state has caused indignant companies such as Microsoft and Google to pledge end-to-end data encryption.

On Thursday, Google made good on the pledge, announcing that it is now, in fact, using an always-on HTTPS connection and encrypting all Gmail messages moving internally on its servers.

Google has supported HTTPS since it was launched, it pointed out.

The company made HTTPS the default with its Gmail service back in 2010 and then, later, did the same with many web queries using its own search engine.

Now, says Gmail Security Engineering Lead Nicolas Lidzborski, it's all encrypted between us and Gmail's servers, whether we're surfing oh-so-scary public WiFi or logging in from our gizmos, be they computer, phone or tablet.

Not only that, but once they get into Google's digestive system, Gmail messages will be encrypted internally, too, he says:

Every single email message you send or receive - 100 percent of them - is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers - something we made a top priority after last summer's revelations.

Google's protection has hitherto stopped when data got to the company's data centers: those treasure troves of information such as our web searches, emails, and browsing histories, for example.

The changes announced Thursday will make it tougher for snoops - be they the NSA or hackers - to pry open Gmail sessions.

But as the Washington Post points out, Google's new encryption only protects email if both the sending and receiving email providers are using it.

It doesn't cover data traveling between services - from one email provider to another, for instance.

The Post points to this LifeHacker tutorial on how to use encryption on email.

Of course, bear in mind that, encryption or no encryption, Google, like any email service provider, is compelled to hand over data whenever the government (legally) tells it to jump.

http://nakedsecurity.sophos.com/2014/03/21/google-switches-gmail-to-https-only/

Edited March 25, 2014 by anuseems