* Posts by davelanders

1 publicly visible post • joined 16 Jun 2009

Google cloud told to encrypt itself

davelanders

Encryption not just for

"if the vast majority can't be arsed to turn on http, why should Google turn it on by default."

I understand this to a point, but at the same time it isn't only ignorant users passing highly sensitive info that are getting hurt by the lack of automatic https. An equal problem I see are users who may use the services casually but get caught by phishing scams because they can't tell the difference between google's log-in (or that of another legit site) and a fake one. Even if no "sensitive" material is compromised in such a hack, it still exposes personal information -- passwords, for example -- that can be used malevolently. The only way to start protecting against this is encryption, and OBVIOUS encryption, like extended validation ssl w/the green url bar.

And I think a lot of business folks use gmail for personal mail but not pro mail, like I do, but there could be some overlap (I occasionally email stuff between the two mailboxes). Although I do use what https there is.