The folks over at Wired.com have an entry up on how and why you should enable Gmail’s SSL feature that is worth a read:
Why? Because without it, anyone can easily hack someone’s account and in two weeks it is going to get even easier. Mike Perry, a reverse engineer from San Francisco, announced his intention to release his Gmail Account Hacking Tool to the public. According to a quote at Hacking Truths, Perry mentioned he was unimpressed with how Google presented the SSL feature as less-than-urgent. It is urgent, and here’s why.
The reason why is pretty simple. Without the SSL feature turned on Gmail only uses a secure connection for the initial login and then all session data is sent back and forth unencrypted. The problem with that is your session data includes your login information which kinda defeats the point of having it encrypted during the login. Someone sitting with a packet sniffer looking at your network traffic could snatch that info from the data stream and have full access to your account and all the archived emails. By turning on the SSL feature the entire session will be encrypted from beginning to end.
You can tell if your session is encrypted by looking at the address bar of your browser. If you see HTTPS: at the start of the address while reading your email then you’re encrypted. This feature is turned off by default so if you haven’t specifically turned it on then you’ll want to. You can do that by clicking on the SETTINGS link in the upper right corner of the Gmail screen and on the GENERAL tab (which should be the default that comes up) you scroll down to where it says BROWSER CONNECTION and click on the box for “Always use https.” Then just press Save Changes to update your account. You may need to quit and login to Gmail again to make sure it’s working.
You won’t notice anything different about how Gmail works from before, but you’ll be a little better protected.
I use Google Reader for my RSS reader and one of the features it’s had for awhile that I hadn’t used much was the ability to share feed elements with other folks by clicking the little “shared” button at the bottom of each entry. I hadn’t really been using it because I tend to blog about most of the stuff I find really interesting and I wasn’t sure I saw the utility of it. Then the Google Reader folks made a change where anyone who was in your Google contact list who also happened to use Google Reader would automatically be able to see any items you have marked as shared.
I have ***Dave in my contact list (because of Google Talk) along with Neil Turner and Webs and suddenly I was seeing their shared items and that’s all it took for me to suddenly see the utility of this feature. As it turns out not everyone is happy with Google’s decision to suddenly allow anyone in your contact list see your shared items. Some folks had been using it as a private mini-blog of sorts and it caused all sorts of problems when, for example, one fellow’s conservative brother found out his sibling was quite the liberal thanks to being able to see what he was sharing.
Still it’s not a bad idea and so I’ve started using it seeing as I wouldn’t put anything in the shared list that I wouldn’t blog about anyway. If you’re using Google Reader then you can access to my shared list simply by adding me to your Google Talk or Gmail contact list—which are, technically, one and the same thing—my Gmail address is . If you’re not a Google Reader user you can still see my shared items either by visiting this page occasionally or adding this RSS feed to whatever you use as an RSS aggregator.
Just thought I’d let you guys know in case your interested. I don’t have a lot of stuff in there, but there’s a few things and I’m adding new stuff all the time. Mostly it’s tech related stuff from the various blogs I read such as the Lifehacker entry on how to automatically remove ads from recorded TV with Lifextender which is a download for Windows Media Center. Now that I look at it quite a few of the items are from Lifehacker, but still the point is whenever I come across something I think is nifty but not enough for me to blog about it I’ll probably add it to the shared list. Oh, and feel free to add me to your Google Talk if you feel so inclined.
Google is playing for keeps in the email service arena these days and to prove it they just added a free Gmail IMAP functionality:
Gmail has allowed access via the web interface or POP access for quite some time now. POP allows e-mail clients to download messages from the server, but doesn’t reflect any changes on the server once the messages are manipulated on the client side. So if you download five messages, read four of them, and move three of them to other folders on your desktop e-mail client, those messages will remain unread and unmoved on the Gmail server. When you check the server again from a different device, you have to go through the whole process all over again with the same messages.
Such is not the case with IMAP—any changes you make on the client side are synced back with the server (when a connection is available), so that read items remain read and moved items remain moved on all devices checking that account. In other words, IMAP treats remote folders as if they were local, which is great if you use more than one interface for accessing and organizing your email (say, webmail from work, your iPhone on the road, and a mail client like Thunderbird at home).
Gmail Product Manager Keith Coleman has another theory on why webmail services haven’t made IMAP widely available, noting that most (including Google) are at least somewhat dependent upon advertising revenue from their web-based clients. “We thought that was a trend worth breaking,” he told Ars. “Initial reaction has been great so far.”
It’ll be interesting to see if this results in a substantial bump in the number of Gmail users. The number of folks who need or want IMAP is probably small, but still significant and they’re currently the only web based email to offer both POP and IMAP connectivity.
It’s been almost three years since Google launched Gmail onto an unsuspecting public and during a good portion of that time the only way to sign up was to get an invite from someone who was already using it. Then awhile back they opened it up to anyone who could receive a text message on their cellphone, which still left a lot of people overseas out of the fun unless they could get someone to send them an invite. Now all restrictions have been removed and anyone with a web browser can sign up for themselves.
So all you folks who are still sending me emails begging for a Gmail invite can stop now and go sign up. Anyone who sends me an email begging for an invite now will instead receive a reply viciously taunting you for being such a moron.
This has been a SEB Public Service Announcement.