gmail https – not for everyone

A few weeks ago, Google added an option to force your Gmail connection to https instead of http. This feature was great news for people like me who use public networks a lot.
I was looking for that feature in my settings page but couldn’t find anything that looks like it. I stopped looking for it and today when looking for something else, I found the reason why I didn’t get this feature.
I’m using Google Apps for my domain, and apparently my Google Apps account simply doesn’t have this feature. Only my Gmail account has it!

This is how the setting page of my Gmail account looks like:

This is how my Google Apps setting page looks like:

I can’t think of a good reason for Google to make a Google Apps account less secure than a Gmail account. I can only hope that it’s a matter of time and it is not one of those features that will never be included in Google Apps.

In any case, if you are using Google Apps you can still use a secured connection.
Instead of going to http://mail.google.com/a/your-domain , take your browser to https://mail.google.com/a/your-domain.
That will make your connection https instead of http.

Google had supported https for Gmail from day 1. The thing is, it was kind of a secret and if you didn’t look for it, or didn’t have somebody to tell you about it, you would still be using http. As a matter of fact, I doubt it if more than a tiny fraction of Gmail users have ever heard of https and know if it’s good or bad.

Security should be built over security awareness. Without awareness real security will never happen. Employees who write classified documents should be aware of the document classification they work on. It is not enough to tell them that their document is classified. They need to know about classification and think about classification and understand what classification means when dealing with it.
The same way that people know not to keep their ATM card PIN code in their wallet, (the bank helped them to raise their security awareness) Google must help their users raise their security awareness and know not only that https is available for Gmail but also that https is so much safer than http and should be used by default.

I doubt it if the majority of people will ever use the secured connection for Gmail. Such a feature requires education and Google will never do that. Since https is significantly slower than http, and since most people don’t know about security and don’t really care about security, this feature is probably just another feature for the readers of this blog, and their family and friends.

Update: I checked gmail corporate user iphone vpn comment, and he is right. My gemstones shop uses the free version of Google Apps. The paid version has a feature called “SSL enforcement for secure HTTPS access” that is included in the paid version only (no.4 in “Collaboration application features”).To be honest, I don’t think I have the right to complain about something I got for free. I also have customers that are paying for premium features that cost me nothing, features that are there just to make the customers upgrade to the Advanced Plan. I guess this is not a mistake and someone wants me to upgrade. Fair enough.

Share
  • gmail corporate user

    “I can’t think of a good reason for Google to make a Google Apps account less secure than a Gmail account.”

    The *paid* version of google apps has the option to automatically enforce https connections. Is that a good enough reason for you? :-)

  • MrGutts

    No it’s not a good enough reason mr corporate user. Why in the hell would they offer it to everyone in the damn world gmail users and corporate users for free, but tell the free Google apps people to screw off?

    The most of the Google apps people help test the hole system for them, at least they could do was to give that feature to everyone. This was waaay before they started selling Google apps.