The more I use google’s services the more I find that they do not use SSL by default. As someone who knows how easy it is to eavesdrop on clear text I would love to see google encrypt everything with SSL by default. Most of their services will work with SSL, but you have to manually go to the right URL for it to work.
For example, by default gmail only encrypts the login process. This means that someone else can read your emails right along with you. On top of that there has been a few different exploits that allow someone to grab a users cookie and then login as them. The fix for the issue is simple, use SSL.
If you browse to https://mail.google.com your entire session is encrypted. The problem is having to type out the secure URL is quite a pain, typing gmail and then hitting control + enter is so much easier. If google were to encrypt everything is would make everyone’s life that much more secure.
For firefox users there is a fairly simple fix to this problem; a user script for greasemonkey called GMailSecure. To get this to work you will need to install the extension Greasemonkey. This is a neat extension that allows you to manually change the way a page is displayed. In a lot of ways it is similar to how Opera handles add-ons. It takes a piece of javascript or CSS and uses it on the page for you overriding the defaults of a page. In this case it redirects you to secure gmail.
I just wish that google would encrypt all of their pages with SSL allowing for a more secure browsing experience. They have all of my information, but that doesn’t mean I want some random third party to also have it.
