Gmail is Always Playing Catch Up
In case you missed it, Gmail’s “big announcement” last week was that it would:
- Only allow secure (over https / SSL) web connections from users to its servers, and
- Make sure that all email traveling between its servers over the Internet uses SSL so it can’t be eaves dropped upon.
This is generally a very good thing. Its always nice when companies catch up to normal standard procedures by improving their policies. This makes the Internet an incrementally more secure and safe place.
Just be careful not to give them too much credit as this is really a case of playing “catch up” and not doing anything new or special.
Only secure WebMail connections
Accounts with LuxSci (and some other email providers) are required to use connections secured by SSL when connecting to WebMail (and even POP, IMAP, SMTP, Mobile Device ActiveSync, etc.) This ensures that your username, password, and data cannot be eavesdropped on when you are connecting to our servers from home, work, or Starbucks. This is a very good thing and has been available at LuxSci for years and enforced in all new LuxSci accounts for a long time as well.
Only secure inter-server connections
This change ensures that SSL is used to protect data flowing between Gmail servers over the Internet — so it cannot be eavesdropped on by anyone (e.g. government agencies). Similar insecure communications have plagued the likes of Google, Yahoo and other companies as their traffic has been read and searched by such institutions.
I frankly find it amazing that companies like Google have not always secured communications between their servers over the public Internet. Maybe they thought it would “cost too much” or maybe they were just not security focused.
LuxSci has always encrypted all sensitive cross-server communications over the Internet. Everything flowing between LuxSci servers (be it a database connection, email, or other specialized traffic) is encrypted over SSL-secured channels for security and privacy reasons. This is all old technology and old news.
Probably, Google is throwing a bone to the public to get some good publicity in the face of the general perception that they are not privacy focused and not really good for HIPAA compliance or sensitive business communication. Unfortunately, this “bone” really only once again serves to highlight what they have not been doing for all of these years. It also has nothing to do with protecting user data from inquires from the NSA and other government agencies; they can issue court orders that require companies to divulge data when needed for an investigation.
Google services have their place, but are certainly not appropriate for every business.
- LuxSci takes email privacy seriously … Google owns your Gmail data forever
- Is SSL/TLS Really Broken by the BEAST attack? What is the Real Story? What Should I Do?
- LuxSci as SMTP Relay for Gmail = LuxSci Encryption for Google
- What’s the latest with HTTPS and SSL/TLS Certificates?
- eBook: HIPAA-compliant Email Basics