Google switching to HTTPS-only for Gmail, following NSA revelations

Internet giant Google has announced it will switch to using encrypted HTTPS-only for all customers reading, writing and checking messages, with all messages to also be internally encrypted.

Google points out that while it has always supported HTTPS, and has made it the default option since 2010, today’s update means messages will not be able to be accessed without using HTTPS.

The company is also highlighting additional security options available on the Gmail service, such as enabling two-step verification, which can be switched on through the company’s Security Centre.

In a statement, Gmail security engineering lead Nicolas Lidzborski hints the NSA revelations last year, which happened during the US summer, prompted the move.

“Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email… Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet.

“In addition, every single email message you send or receive – 100% of them – is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail’s servers, but also as they move between Google’s data centres – something we made a top priority after last summer’s revelations.”

Lidzborski also says the Gmail service had an uptime during 2013 of 99.978%, equating to roughly two hours of downtime for the entire year.