I’m continuing to write about each one of the lessons I’ve learned. However, the list is long and I’m not writing as frequently as I’d like. So for those of you who are impatient and just want to see the bullets, here is a PDF of the PowerPoint slides.
tech, life, and more
Archive for August, 2009
After helping multiple people set up a gmail account, I noticed that SSL is disabled by default for the gmail web interface. The login is encrypted, but the rest of the browser traffic including your email data isn’t. Why Google did that makes no sense, I recall seeing something about them saying it will slow down users’ computers. I think this is one of the few stupid things that Google is doing. I say I don’t mind a minor slow down (frankly, I don’t think the slowdown is noticeable anyway) to secure my email traffic. Do you mind your email flowing between your browser and the gmail servers in the clear on a hotel or conference center or coffee shop wifi network? Not only could others read what you are reading, but they could also copy your session cookie and hijack your login session without knowing your password. Of course you don’t mind an unnoticeable slowdown to encrypt your email traffic. Duh!
Fortunately, this is really easy to fix. In gmail web interface, go to “Settings” and then go to the “General” tab. At the bottom select the radio button “Always use https”. Don’t forget to click “Save Changes”. There, fixed. Now all your web traffic to the gmail servers will be encrypted.
Google, there really is no excuse for avoiding SSL as the default. Yes, it will put a bit more load on your servers, but security is our friend.
[Note: this applies only to the web interface, not the IMAP or POP interface.]