Thank China: Google moves to make Gmail more secure by default

Google has decided to make its Gmail service more secure by using more expensive encryption technology, according to a blog post today.

You can probably thank China for that. Yesterday, Google threatened to pull out of China after witnessing a concerted effort to hack into the Gmail accounts of Chinese human rights activists. Some of the attacks were successful. Now Google is making it harder to break into email accounts.

It is doing so with the secure service protocol that you may or may not be aware of, depending on how geeky you are. To date, the default protocol for Gmail was http, which is the beginning of the URL that you use when you sign on to Gmail. That protocol is not encrypted, so data passing between your web browser and Google’s services is not encrypted. The secure protocol uses https, which does encrypt the data to prevent snooping by third parties. If you’re in a public Wi-Fi location and you use http, then anyone with a little smarts can inspect the data, including your username and password (though not for Gmail), passing through the system. Clearly, this is not so cool if you’re a Chinese human rights activist.

Google previously left the choice of the default up to users, in no small part because https requires more computing power, making it more expensive for Google, and because it can slow the mail system, since encrypted data doesn’t flow through the web as quickly as unencrypted data. But over the last few months, Google has researched the security/speed tradeoff and decided that turning on https for everyone is “the right thing to do.” Now, https will be the default. You can still deliberately choose to use http if you want.