Google considers request to boost privacy

From CNET News.com: You may not know this but you can set Gmail to encrypt your session data by default to protect it from being sniffed over the network.

However, Google doesn't offer the ability to encrypt potentially sensitive data created in other Google apps like Docs or Calendar by default, which means the communications could be stolen or snooped on by someone using a packet sniffer on public Internet connections, such as open wireless networks, according to the letter addressed to Google Chief Executive Eric Schmidt and signed by a who's who of 38 experts in the security industry.

Granted, users of other free e-mail services, social networks, and many other sites are vulnerable to data theft and account hijacking, the letter notes. But Google is in a position to set a standard for others to follow, it says.
Google should enable HTTPS (Hypertext Transfer Protocol Secure), a technology used by banks and e-commerce sites, by default for Gmail, Docs and Calendar, or at least do more to educate users about the privacy risks and make it easy to turn on the HTTPS by default, the letter urges.

Not only do many people not understand the privacy risks in using unencrypted services, but they don't know that they have the HTTPS default option and finding the settings to change isn't that easy, the letter says. Users can access Gmail, Docs, Calendar and other apps via HTTPS by simply changing the "http://" in the URL address to "https://," but many don't know about that option, either.

View: Article @ Source Site