In a move that’s likely to make mass-surveillance of its email customers a whole lot harder to pull off, Google announced that it’s just beefed up security for Gmail by only using an encrypted HTTPS connection for all incoming and outgoing messages.
Gmail Security Engineering Lead Nicolas Lidzborski wrote in a blog post last night that while HTTPS encryption has been available since Gmail’s start, and the default option since 2010, it’ll be the only way any messages move through Gmail from now on.
“Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet,” he writes.
Going beyond any kind of National Security Agency monitoring, this means hackers lurking on public WiFi will have a tougher time getting past the HTTP encryption, as well as employers who might be tempted to snoop.
Lidzborski adds that there’s more — all email messages moving internally will also be encrypted.
“This ensures that your messages are safe not only when they move between you and Gmail’s servers, but also as they move between Google’s data centers—something we made a top priority after last summer’s revelations.”
And by “last summer’s revelations,” he’s likely referencing Edward Snowden’s leak of NSA documents, that eventually showed that the NSA had been tapping the fiber-optic cables between big tech companies’ data centers.
This protection will only be available for messages kept within Google, however, points out CNNMoney — so if you’re emailing your friend with a Yahoo! account or something, your message won’t be HTTPS encrypted on its way into that user’s inbox, because other companies don’t necessarily support encryption between email providers.
Yahoo! said last year it’s working on encrypting emails moving between its servers, but hasn’t mentioned inter-email provider encryption. Microsoft is working on both.