Google challenged to make Gmail more secure

Recently and open letter was sent to Google CEO Eric Schmidt by security experts, lawyers, and privacy advocates asking why Gmail users are “needlessly” being put at risk.The 38 strong signatories want Google to start using the secure version of the HTTP protocol to protect Gmail users.

Ben Edelman, one of the signatories to the letter argued that because more people use insecure Internet access – such as wi-fi in coffee shops, libraries, there’s a real risk of session hijacking,” Edelman argue further that though Gmail login process is done on HTTPS but once the user login session is completed, all data transmission is done on regular HTTP which is not secure, hi-tech criminals using sophisticated snooping devices can capture sensitive data or even hi-jack a Gmail account users session and send messages pretending to be the user.

Google responded to the open letter by saying that it will look into whether it made sense to use HTTPS all the time in Gmail but a trial on a small number of its users will be carried out to ensure user experience is not markedly changed by turning on HTTPS all the time.

Google’s Gmail users are not the only email account users exposed this way, most other leading free email services providers are guilty not placing the entire email using session on HTTPS. The main reason providers give for this is that HTTP slows down user experience because a lot of encrypting and decrypting goes on from users computer trough the email services provider servers thereby slowing down user experience.

You can discuss this post and other email and Internet related issues at UK Webmaster Forum