This is a pretty basic question, but is there some way that I can actually get to Google’s Gmail service via SSL and be able to connect with and use Gmail on open wifi networks without worrying about others tapping into and sniffing my information?
There is, actually, and it’s undocumented as far as I know, but don’t worry, it’s really easy to do.
The first thing to notice is that the Gmail sign in URL is secure. It starts with “https://www.google.com/accounts/ServiceLogin”.
Log in, however, and your default page will be unsecure, starting with “http://mail.google.com/mail/?auth=”:

To switch to a secure connection, click in your address bar (where your browser shows you the URL of the page you’re viewing) and manually add the ‘s’ to turn http into https. It’ll look like this:

That’s all there is to it. Just press Return or Enter and you’re back on the secure connection, and you’ll find that all subsequent pages you view in Gmail should be secure too.
To make it permanent, bookmark your secure Gmail inbox view page and use that to get to Gmail each time, rather than just typing in “mail.google.com”.
Easy, eh?
To learn more about wireless Internet security, by the way, you might want to check out Connect Safely, an extensive ebook on wifi security and privacy that I co-authored and highly recommend.

opolis, I understand that you’re just using this platform to promote your own service, but, really, seems like you have this backwards. Why would I trust my most personal and critical email to an unknown service and use something as reliable — and secure, btw, since it supports SSL encryption for all interaction — as Gmail for more rudimentary messages?
What I think you need to do with your new service if you want to really make a go of it is to alleviate any doubt I have about who you are, why I should trust your site, and why I should believe that a site promoted by someone who doesn’t even use their name is going to be anything other than a clever facade for spammers or identity theft.
hi dave: great article – what i was wondering, though, is the following. – shouldnt users rather use gmail, hotmail, yahoo and else to send “standard mails” (eg arranging to meet for coffee…) and then use free services, such as opolis secure mail to send sensitive mails / documents in encrypted format …?
HI DAVE CAN YOU TELL ME, IS IT TRUE THAT GMAIL IS ABSOLUTELY FREE. PLEASE CONFIRM. I DONT WANT TO GET IN TROUBLE…..
HAVE A NICE DAY DAVE
NIKKI
When my wife attempts to read her mail, she gets a message saying that she has been signed out of her account. This does not happen when I read my messages. How do I stop Google doing this?
Peter, yes, if you have SSL between your browser and Gmail, then your connection is secure. Mail messages you type in will be secure on their way to the Gmail server box, but once it leaves there it’ll be on whatever network wires route it to the destination server, and odds are it will not be secure.
Ezz, any URL that starts with “https://” is secure. In terms of your login problems, not sure what to say. Check for viruses and try logging in to your account from another computer. Good luck.
I actually have 2 questions regarding gmail secure login:
1) below is the url i got when i typed https://mail.google.com. Is this the actaul “secure” add?
https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&
rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fnsr%3D0
%26ui%3Dhtml%26zy%3Dl<mpl=default<mplcache=2
2) while i was reading an email via gmail, suddenly i received a window/prompter which states that the following:
“you have been signed out of this account. This may have happened automatically because another user signed in from the same browser. to continue using this account you will need to sign in again”
Qustion: does this mean my gmail account had been compromised and someone else is reading my email at the same time i was reading it?
what should i do now?
i dare not log in my gmail account for the past 2 days (this happened sometime this week)
i hope you could help me? Thank you so much..
Does this mean that your email is also encrypted in transit?
I was very interested in reading this entry on your blog, and skipped right over to Gmail to check it out. I already use the https login from my bookmarks, but noticed that my inbox was already https. I did not have to add the ‘s’! I know it was not secure before, but I guess it is now.
Maybe that is because I am running in HTML view only? I don’t know.
I live in China, and Gmail has really saved me the past several days, since the undersea fiber optic cables were damaged in the Taiwan earthquake. All the other mail servers, which tend to be based in the Americas, were down for us, and even now are still very very slow. But not Gmail, their worldwide servers are helping weather this storm. And having those communications secured (at least, more secured) from prying eyes is a great comfort when I have to keep up business communications.