Mail Services Are not Secure and Gmail is a Good Example

In the world where technology plays an important role in people\'s life, it is important to be sure that no one breaks your privacy. One of the online tools that hijackers can use to break you online privacy is email. Online privacy is a very important issue that was still not studied well enough, but people are still worried about safety in the virtual world. It was revealed that the webmail service of the number one search engine, Google, cannot keep users' data safe. This was the reason why Google was asked to clarify why the company does not take actions in order to make its Gmail service safer.

A group of security experts, lawyers, and privacy advocates decided to write a letter to Eric Schmidt, Chairman and CEO of Google Inc. and ask him why users of the Google's email service have to face a risk of intrusion into their privacy. The letter was signed by 38 people, who want the company to consider using the secure version of the HTTP protocol in order to make Gmail users secure. In its response Google mentioned about the trials of the secure system it is going to carry out with a certain group of users.

Ben Edelman, assistant professor at Harvard Business School, and one of those who signed the letter to Google, outlined that a lot of people today end up with an unsafe Internet access, including Wi-Fi in coffee shops, which poses a risk of session hijacking. It is worth mentioning that each time a user logs in to Gmail, both their login and password are being encrypted while the information is transmitted back and forth using the secure version of HTTP, which is called HTTPS. At the same time, Mr. Edelman mentioned that the system turns off right after the sign-on is completed. The same works for other services of Google, including Google Docs and Calendar.

In case Google does not make its service more secure, it would be easy for hi-tech criminals to steal ID files, which are also known as "session cookies", being able to spy on the data that is unencrypted and that passes back and forth. Session cookies are generated each time these applications are being used. By using the cookies, the hijackers will be able to take the identity of the user. If we take Gmail's case, the risk would involve criminals sending emails from a user's account, and thus in the owner's name. Such vision looks rather frightening, believes Mr. Edelman. The letter revealed that the Mountain View-based company used HTTPS to protect private information of those who use Google Health and Voice applications.

The open letter also mentioned that despite the fact that Google does make it possible for users to use HTTPS whenever they are signed in on such services as Gmail, Docs or Calendar, very few really used it due to the fact that it is rather hard to find. The majority of users prefer to use default options and thus exposing themselves to high risk. "...unless the security issue is well known and salient to consumers, they will not take steps to protect themselves by enabling HTTPS," it was written in the letter. The risk would be eliminated only if Google could make HTTPS turned on continually.

Google's response said that it was analyzing whether it seemed feasible to use HTTPS all the time in its email service. However, before the company said and did it, Google wanted to be sure that the user experience of Gmail will not be greatly affected with HTTPS turned on. The number one search engine fears that in case it enables the encryption to work all the time, it could reduce the speed of response times because information was would be scrambled and unscrambled on a computer and the company's mail servers. "We're planning a trial in which we'll move small samples of different types of Gmail users to HTTPS to see what their experience is, and whether it affects the performance of their e-mail," said Google.

However, according to Mr. Edelman, not only Google puts users of mail services at risk. In fact, every company that provides webmail service has the same problem and they should take actions in order to prevent illegal intrusion, protecting the privacy of its users. Harvard Business School assistant professor believes that if the problem is not solved now, it could worsen as the service shifts to so-called "cloud computing".

Email plays an important role in peoples daily lives and it is important that companies providing such service make sure that the private data of their users is kept safe from hijacking, which is why there is an urgent need to take specific actions to solve the problem or the situation could become even worse with hi-tech criminals penetrating email accounts of different banks, other financial institutions and governments. Such intrusions could lead to chaos and the scenario doesn't look inspiring and with Google, as one of the most influential tech companies, having issues linked with privacy, people might as well think about other firms that provide similar services without providing enough security and the worries will grow, which is not very good considering that millions of people spend nearly half of their lives on the Internet.