What is Digg?130 Comments
- BenHanby, on 10/10/2007, -10/+100This is quite interesting. When I'm logging into Google Mail, it's HTTPS. Then, once I get into my mail account, it switches to HTTP.
If I manually insert an 'S' into the URL, it will use the encryption. Why wouldn't they keep email communications encrypted? Strange, and a bit disturbing... - miken32, on 10/10/2007, -3/+78More overhead on their servers, and most people's mail has never been encrypted. If you're that paranoid, you're already PGP encrypting your mail.
- Jugalator, on 10/10/2007, -3/+41It's tougher on their servers.
- augurseer, on 10/10/2007, -1/+36i assume some of you have built a webserver once???
using HTTPS for everything is SO demanding on resources, if google encrypting everything it would bog down, dont forget 99 percent of the work is done on there server not your pc, and even if i packet sniff a line i wont get always every packet needed to rebuild ever word of an email, plus you can encrypt the emails YOURSELF.
i love HTTPS, but man the overhead of jsut all gmail being on HTTPS would kill the speed and use of all of google. - Kickboy, on 10/10/2007, -1/+34This singling out of Google has become annoying. Although the claims made in the article are justified, and I think Google should default to using encryption on majority of its services, there is a fine line between privacy and practicality. Next people will start bashing Google because their SEARCHES aren't encrypted.
Have you tried using encryption on Yahoo and Microsoft services? Some of them won't even work. At least Google gives you the option, however un-publicized it is.
For the record, I dugg the article because I do think people need to be conscious of these things... but the whole privacy paranoia thing is frustrating. Not to mention, if you really are paranoid about your emails you should be using PGP or no email at all. Email is inherently insecure because there is no encryption over networks, regardless of wether or not you use SSL to read them. So if somebody really was determined to get your emails, using SSL isn't going to help you much. - verge, on 10/10/2007, -4/+27Is this simpler? It seems so for me. Install Firefox
http://www.mozilla.com/en-US/firefox/
Install Customize Google
https://addons.mozilla.org/en-US/firefox/user/1962
For Video Explanations of the Extension.
http://www.customizegoogle.com/
The extension will disable click tracking, anonymize cookie info, enable https in critical areas (docs, mail, calendar, etc) just to name a few.
I've found it easier to the above, but just my input. - 15charmaxwtf, on 10/10/2007, -0/+17Either way, it is still more processing and that costs money.
- fuzzmeister, on 10/10/2007, -2/+16SMTP isn't encrypted anyway, so encrypting browser traffic to send an unencrypted message isn't all that important, unless you PGP encrypt the message.
- drunkentoad, on 10/10/2007, -2/+15"Remove the stone of shame. And attach the stone of Triumph."
- inactive, on 10/10/2007, -2/+12That's some interesting reasoning.
So what you are saying is since I have over a million dollars and I run a free community website that it is my responsibility to do things however the users (who are getting that service free of charge) deem I should do it?
Oh that's right, in Diggworld the rich must support those that are not as rich and we are also not allowed to profit. - backoff34, on 10/10/2007, -11/+20Why doesn't Google just automatically set it as https ...? Is there any reason whatsoever not to auto encrypt?
- gadgetuk, on 10/10/2007, -1/+9Long enough to be 100% correct in his assertion. Anyone who is all panicky about having their gmail arrive unencrypted probably isn't aware that "normal" POP/SMTP accounts send email in clear text.
He's not even being complimentary to Google, he's saying that the only reason they don't SSL all the mail traffic is to save the CPU overhead on the servers. I can't think of any other likely explanations either - unless maybe the NSA forced th...... - Scruffydan, on 10/10/2007, -0/+7since SMTP is plain text, I guess they don't see the point in encrypting your session, but if you are paranoid (like me) then just login to https://mail.google.com and your whole session will be encrypted
- defubar, on 10/10/2007, -6/+13There are other ways of doing this, but the Better Gmail extension for Firefox will make your gmail always use https:
https://addons.mozilla.org/en-US/firefox/addon/4866 - Stalks, on 10/10/2007, -0/+6That's great, the connection to the .Mac server shall be encrypted, but the final destination server, if its not another .Mac account will most certainly be transmitted as plain text over standard port 25. If you want to send something secure, encrypt it yourself.
- Scruffydan, on 10/10/2007, -0/+5if you want to use SSL for all your gmail activities then just log in at https://mail.google.com
your entire session will now be encrypted... of course once you send that email it is plain text( just line .mac or any other email service), so use PGP if you need to make sure no one reads your email - r3zonance, on 10/10/2007, -0/+5@Parsap
Yes, the keyword you used there was "ideally". - octophobic, on 10/10/2007, -0/+5Why waste money on things that give them no return on investment?
If people cared as much about encryption as they do disk space then you would see google and yahoo! competing over that instead. - arnoldrimmer, on 10/10/2007, -4/+9Totally Bull, everybody knows a normal E-Mail is nothing more than a Postcard. If you don't want that someone reads your Mails you need Programs like GnuPG or PGP.
- Cherubim, on 10/10/2007, -3/+7This is nothing new. Any moron knows that email services primarily use unencrypted traffic.
No Digg. - tdous, on 10/10/2007, -1/+5Log in to Yahoo Mail and it's the same, back to http. Also, see miken32's reply and try not to worry. There's nothing unique about this setup.
- forteller, on 10/10/2007, -0/+4Use http://www.customizegoogle.com/ extension for Firefox to use encryption also after logging in to all of your Google stuff. It also lets you remove click tracking and ads on search results, and a lot more.
- Scruffydan, on 10/10/2007, -0/+4if you want to use SSL for all your gmail activities then just log in at https://mail.google.com
- augurseer, on 10/10/2007, -1/+5i agree with kickboy, granted SSL would rock on many of googles services, and google does offer more SSL options than anyone else, but we msut be fair, do some encryption work yourself, PGP, then send email. encrypt yourself when using google apps, or gmail, or anything vital, but SSL isnt for every day tasks.
try SSL over TOR network, the slow will amaze you. - jtb4, on 10/10/2007, -0/+4Why on Earth would anybody send or store anything they care about the public seeing on Gmail? We already know Google mines your emails to show you targeted ads. Plus I'm not sure if you've ever tried it but hacking Yahoo, Google and MSN mail is not terribly difficult.
- capiCrimm, on 10/10/2007, -0/+4I have no clue why I'm getting dugg down? FireGPG makes it easy to encrypt, decrypt, sign, and verify any web page(including gmail messages). You digg up miken32, and there was a previous digg ( http://digg.com/software/FireGPG_Firefox_plugin_for_GPG_in_Gmail ) about it that got to the front page, yet you digg me down?
digg confuses me at times. - octophobic, on 10/10/2007, -0/+4I never found .Mac to be worth the money. Are you just fishing for more reasons to justify the yearly fee?
- ssulistyo, on 10/10/2007, -1/+4It is a threat in multiple ways as demonstrated at DefCon: http://digg.com/security/How_simple_it_is_to_hack_GMail
- osc1882, on 10/10/2007, -6/+9Could you ask a question so dumb it makes me want to punch you in the face?
- defubar, on 10/10/2007, -3/+6There are other ways of doing this, but the Better Gmail extension for Firefox will make your gmail always use https:
https://addons.mozilla.org/en-US/firefox/addon/4866 - craterburnsu, on 10/10/2007, -2/+5Not a movie, tt was from the an episode of the Simpsons.
- Niffer, on 10/10/2007, -0/+3I've been using the Gmail Notifier extension since I got a Gmail account and never realized it used an encrypted connection for me. Very good to know, and also a great extension for Gmail.
https://addons.mozilla.org/en-US/firefox/addon/173 - capiCrimm, on 10/10/2007, -2/+5yes, but interweb anonyminity will protectz me! lulz
- makis, on 10/10/2007, -0/+3what's the point here?
if i send an email to someone over https he will receive it over smtp, and read it using imap or pop3.which are in clear text.email is unencrypted by default.so what's google's mistake? - q1006662, on 10/10/2007, -3/+6It explains how, but not WHY... I changed my iGoogle page to https, but so what?
- gyronic, on 10/10/2007, -0/+3Is this really new to you people? Honestly?
- tdous, on 10/10/2007, -1/+3Feeble minded.
- tamarind, on 10/10/2007, -0/+2If I recall correctly, part of the point is to not reveal session cookies.
- mseneschal, on 10/10/2007, -0/+2If someone is ON your network and wants your data, you’re going to need a lot more than https. There are tools that will let you view that traffic just as easily as everything else. Fortunately, most people are not that important. No one really cares about your e-mails or IMs as much as you think they do.
- octophobic, on 10/10/2007, -0/+2When I log in and bring up my inbox it stays https. When I go to compose an email it's the same https.
- grexeo, on 10/10/2007, -1/+3Although server load does increase, bandwidth is the real issue. SSL/HTTPS uses around 50% more bandwidth than vanilla HTTP. Servers are relatively cheap whereas bandwidth is not - especially the premium bandwidth which Google swear by.
- harusp3x, on 10/10/2007, -7/+9Could Jesus microwave a burrito so hot that he himself could not eat it?
- coasterswim, on 10/10/2007, -0/+2I was about to comment on how my mail stays HTTPS the whole time and then I realized it was the extension doing its job.
- tdous, on 10/10/2007, -3/+5It's not an excuse and they're not putting anyones privacy aside. Yahoo and Hotmail or whatever it's called now, as well as most other mail services, pass through a secure login portal and return you to http to actually view your mail. Get over your irrational Google hate. Or at least research things before pronouncing your distaste for one of many companies who do it the same way.
- mmortal03, on 10/10/2007, -0/+2actually, use https://mail.google.com/mail/ , otherwise the certificate won't match up and firefox will let you know each time.
- inactive, on 10/10/2007, -0/+2OI! Just use this:
https://addons.mozilla.org/en-US/firefox/addon/4866
No more manually inserting an 's'. - jrbrewin, on 10/10/2007, -0/+2do people not realise you can just point your browser at httpS://www.gmail.com, and your entire session is secured?
- JohnnyXmas, on 10/10/2007, -0/+1If Google encrypted EVERYTHING going in and out, it would be a huge jump in server load. Be happy that they're nice enough to let you do it manually. Either way, we all know better than to send sensitive information via email, anyway.
- ilikejam, on 10/10/2007, -0/+1No.
Cracked Windows boxes and the Outlook address book are how spammers get your non-public email address. - 9a3eedi, on 10/10/2007, -0/+1I never heard of a Gphone! O___O
-
Show 51 - 100 of 126 discussions
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is