If you have a Google Mail account, there’s a very quick+easy way to run it through an encrypted SSL connection. If you don’t know what this is, trust me that you do want to do this. According to Slashdot,
“A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas. Last week, Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, not just authentication. Users who did not turn it on now have a serious reason to do so, as Mike Perry, the reverse engineer from San Francisco who developed the tool, is planning to release it in two weeks.”
So then. Using the SSL-protected Gmail is as simple as going to https://mail.google.com/mail/#inbox. The ‘s’ in ‘https’ indicates that it’s on a secure connection. I feel more confident running it that way than over an unprotected connection. Although it’s possible to break an SSL wrapper, it’s a lot of work. I’d rather lock my front door than leave it wide open while I’m not at home. And this lets you do that with Gmail. Doing this doesn’t slow Gmail down at all, so you won’t notice any change in performance.
Also: A Slashdot comment noted that Gmail always uses SSL for logins, but it then drops back to unsecure http. Aapparently now you can set it to always use SSL regardless of the URL you visit it from, but my rudimentary search hasn’t turned that up just yet. That’s why I’m using the direct route.
Also deux, there’s good discussion of this matter over at governmentsecurity.org.
Finally: Found it. Go to Settings, and down at the very bottom of the page is “Browser connection.” Click on the radio button for “Always use https,” and then click Save Changes. It will not save it unless you do that last step.