Gmail recently rolled out a change to its settings, where now you can permanently turn on SSL encryption. Do it now—your personal data will thank you for it. Besides, it’s going to get a lot easier to hack Gmail sessions very soon, because some guy is planning on releasing a hacking tool to the public in order to force Google to implement better security. [monkey_bites]


Edit Your Comment

  1. dripdrop says:

    It would be helpful if you could tell those of us not in the know what exactly that means and how we can turn it on. Thanks!

  2. carblover says:

    i hope i don’t sound too clueless, but how do you change this setting? i couldn’t find it…

  3. thebluepill says:

    Go to Settings, its the Last option, “Always use HTTPS”

    Turn it on. Easy as Pie.

  4. dripdrop says:


    Hooray! Thank you!

  5. thebluepill says:

    BTW, You will need the new HTTPS version of the Gmail Notifier;


  6. JosephFinn says:

    It’s also in the Monkey Bites link (with screenshot).

  7. Google has been rolling out the setting in stages, so if it’s not where thebluepill says, keep looking for it in the days to come. (I think it should be pretty much rolled-out now.)

  8. admiral_stabbin says:

    THANK YOU! This is excellent information! I honestly haven’t read about this elsewhere on the internets, and, I appreciate that it was brought to me through one of my favorite sites.

    Thank you, Consumerist for keeping my ass out of trouble (again)! ;-)

  9. Michael Kohne says:

    It is definitely NOT rolled out to google apps users yet.

  10. Annath says:

    Any word on if this will be rolled out to GApps users? I want SSL. :(

  11. As soon as I did this, I got kicked out of Google chat and cannot log back in. I’m “experiencing technical difficulties”.

  12. pengie says:

    @thebluepill: Thank you!

    I’ve had a Gmail account comprimised once before, so anything else I can do to keep it from happening again (aside from coming up with an even more complicated, random password) is A-OK with me.

  13. Spamboy says:

    “Do it now-your personal data will thank you for it” — unless you turn on the setting and are unable to access said personal data because mobile Google Apps don’t yet support the feature.

  14. evslin says:

    @mhkohne: Looks like it actually is, it’s just not active for all Apps services or for non-premier accounts. These are the directions I used to force my e-mail into HTTPS:


  15. Xerloq says:

    When this feature hit my account, it was turned on by default, FWIW.

  16. I would have missed this, thanks Chris!

    @dripdrop: to answer your first question, SSL is the Secure Socket Layer. Along with Transport Layer Security (TLS) they are cryptographic (coded so that others won’t be able to tell what it is if they intercept it) protocols (a specific method of accomplishing a task, in this case getting two computers to talk to eachother). Whenever you see “https://…” you know it is using a secure protocol to deliver the page. This is important because that security works both ways. What the website sends to you is encrypted, and what you send them is too.

    Hope that helps.

  17. offbeat says:

    for those of you that use Google Apps to handle your domain’s email, the HTTPS feature does not yet seem to be implemented yet.
    i hope so, soon.

  18. stinerman says:

    I’ve been using Gmail over IMAP via a standard client-side e-mail program (think Outlook, Thunderbird, etc.). Gmail has support for SSL and TLS over IMAP as well.

  19. azntg says:

    Thanks for the heads up!

  20. Underpants Gnome says:

    Added bonus: My work blocks the chat functionality inside Gmail, but with SSL and [] it works just fine!

  21. Underpants Gnome says:

    @Underpants Gnome: Thats h t t p s : / / not ‘[]’

    /hates getting outsmarted by the comment engine :-(

  22. Don’t be fooled. Sure the connection between your computer and Google are secure then but between Google and who ever you send an email to – who knows?