Google turns on HTTPS as standard

HTTPS is currently available as an option in Gmail

Google has announced that it is to standardise around HTTPS for its Gmail service.

Sam Schillace, Gmail engineering director, said in a blog post that the company is turning on HTTPS as standard on the service to encrypt messages being sent in and out of its servers.

"We initially left the choice of using it up to you because there's a downside: https can make your mail slower, since encrypted data doesn't travel across the web as quickly as unencrypted data," he said.

"Over the last few months, we've been researching the security/latency tradeoff and decided that turning HTTPS on for everyone was the right thing to do. We are currently rolling out default HTTPS for everyone."

Google introduced HTTPS to Gmail in 2008 as an option, and has since been under pressure to roll it out elsewhere. Last year an open letter from security professionals prompted the company to promise HTTPS support on all Google Apps.

Users who are already on HTTPS need do nothing, Schillace said, and controls to turn it off are in the settings menu of Gmail.

People using HTTPS Gmail offline may experience some problems, he said, but the company is working on it. In the meantime a Google advisory suggests switching the offline Office applications so that they synchronise via the HTTPS server.