Anytime you are on a public network, you are more vulnerable to having your data stolen than if you were on your own home private network, unless you take the proper security precautions. If you have a Gmail account, Google would like to help you with those security precautions.
It was just a couple of weeks ago that Gmail started offering users the option to track Gmail activity and remotely sign-out of their accounts. It’s one way for users to keep their account secure, and now they’ve introduced another – the option to always use https. Gmail says they have supported https since day one (it keeps your mail encrypted as it travels around the web), but only to protect passwords at login. Https isn’t used after the login when you are reading and writing email because it tends to slow things down. Now Gmail users can opt-in to always using https, even though it may make checking email slower.
To opt-in, all you have to do is go to your settings, and then scroll down to the bottom of the “General” tab and look for the “Browser Connection” setting. Here you can select to always use https or never use https. Not everybody will have this option today because in typical Google fashion, it’s slowly being rolled out.
People have been using https connections with Gmail for a while now, but they’ve had to use a Greasemonkey script like this one that has been installed over 32,600 times (which is a lot for a Greasemonkey script!), or a Firefox extension like this one. What Google has just done is important because for those who used the aforementioned methods, once they went to another computer, they would have to remember to manually type the “https” into their browser. Google’s efforts to make an https connection always available should be applauded because it gives users more confidence that their mail and information is safe, even when they are on public networks.
Now it would be nice to see Google roll this out to some of their other services like Google Calendar or Google Docs.
See this comparison ([windowssecrets.com]), but IMO, Gmail is the best currently with features that matter the most.
Nice to see they’ve enabled the option within gmail settings to do this. Https settings like this has become the norm on private torrent sites, as well as their trackers, as privacy is a big issue there. Glad to see other websites and services are taking this step finally.
Interesting though, that users haven’t been able to force a constant https connection. I’ve been doing it for at the very least 6 months, maybe even the last year, for all my gmail browsing, not just the login process. Granted, I had to make sure that each varying URL was manually typed in as https, as after login google would redirect me to an http connection. But after I did that once, and ensured that I never visited gmail under an http connection, it automatically remained under https for all my gmail browsing.
I’m and privacy and security nut, so unless there is no encrypted option for browsing, instant messaging, email, bittorrent, etc., I’ll force myself to ensure it’s encrypted.
I strongly recommend the CustomizeGoogle addon. It gives a great deal of added functionality (blocking Google ads, streaming search results, added privacy measures, etc), and it includes the ability to make Google Docs, Google Calender, Gmail, and all(?) others use https.
for Firefox: [customizegoogle.com]
for Opera: [smir.de]
Customzie Google is a great extension, and in fact I linked to it in this article.
I grew fond of Gmail when it first came out and I bought my invite for it on eBay. It has a flaw here or there, but overall it’s an excellent online mail solution.
Hmmm, the speed at which Google is introducing new features in GMail as lately is picking up, and not only that, but also the rolling out is going faster as well… maybe they’re planning to release the “Final” version?
Nah, since they’re adding all of these new features it will need to stay in Beta even longer.
At this point I think “Beta” is just part of the service name. If they removed it now it would be like completely changing the name of Gmail, and then the universe would cease to exist. 
Yeah, absolutely – I just wanted to further explain some of it’s usefulness.
Thanks again!
Really a great feature, especially when you’re always checking email at hostspots or on public computers and forget to visit the secure site. Thanks for posting this.
My connection was already using HTTPS. Strange.
Great move. I am one of those people who got so used to CustomizeGoogle (and thus browsing Google Services in https) that I forget it when I’m on another computer.
That’s exactly why this is so useful — for those who use multiple computers, even if on occasion. It’s easy to forget sometimes, isn’t it?
Is there any reason not to use the secure https option?
None that I can think of.
Actually, I believe that it has been said that using https can increase load times for the user and add additional demands for the server (Google, in this case). …there are load time analyzers out there, so feel free to do some experimentation to see if I’m right or not – for example: [addons.mozilla.org]
Of course, it is worth saying that a potentially slightly longer load time is by no means any concern when weighted against such easily improved security!
You’re right in that load times can be a little slower, however from experience, I’ve never noticed a difference.