Tuesday, January 12, 2010
In 2008, we rolled out the option to always use https — encrypting your mail as it travels between your web browser and our servers. Using https helps protect data from being snooped by third parties, such as in public wifi hotspots. We initially left the choice of using it up to you because there's a downside: https can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data. Over the last few months, we've been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do.
We are currently rolling out default https for everyone. If you've previously set your own https preference from Gmail Settings, nothing will change for your account. If you trust the security of your network and don't want default https turned on for performance reasons, you can turn it off at any time by choosing "Don't always use https" from the Settings menu. Gmail will still always encrypt the login page to protect your password. Google Apps users whose admins have not already defaulted their entire domains to https will have the same option.
To read about other steps you can take to protect your accounts and your computers, visit google.com/help/security.
Note: If you use offline Gmail over http currently, the switch to https is likely to cause some problems. Learn more about this known issue and how to work around it.