Google has made a significant change to its Gmail service today. The company announced Gmail will "always use an encrypted HTTPS connection when you check or send email." After last summer's revelations by Edward Snowden, Google was determined to stop mass surveillance by the NSA. This is a small step in that direction, but does not solve the problem.
This announcement by Google will help to stop surveillance of emails sent between two Gmail accounts, but it does nothing to address emails sent to and from other email providers. The NSA can still tap Google upstream at the ISP level. Unless a new encrypted SMTP standard is created, email is simply an insecure method of communication and there's nothing we can do about it.
Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you're using public WiFi or logging in from your computer, phone or tablet.
In addition, every single email message you send or receive—100% of them—is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers—something we made a top priority after last summer’s revelations.
In addition, every single email message you send or receive—100% of them—is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail's servers, but also as they move between Google's data centers—something we made a top priority after last summer’s revelations.
This announcement by Google will help to stop surveillance of emails sent between two Gmail accounts, but it does nothing to address emails sent to and from other email providers. The NSA can still tap Google upstream at the ISP level. Unless a new encrypted SMTP standard is created, email is simply an insecure method of communication and there's nothing we can do about it.