Interception Modernisation Programme
Tony Naggs
ukcrypto at chiark.greenend.org.uk
Fri, 10 Oct 2008 00:32:23 +0530
2008/10/9 Roland Perry <lists@internetpolicyagency.com>:
> Google Mail appears to stay https, however. Unless there is some leakage not obvious to the casual observer.
The behaviour changed just 2 or 3 months ago.
It used to be that the behaviour depended somewhat on which exact page
you used to login.
I found that after logging in over https it always dropped back to
http, very annoying to notice when you are using an open Wi-Fi
hotspot. Or in my case when I was using my laptop in a hotel in
Beijing - I don't want any nation's government to have such an easy
opportunity to snoop on my mails & contact lists.
There was a Gmail FAQ that gave an alternate login page URL which
mostly stayed in https but seemed sometime to drop back to http. (I
guess I could have mistakenly used the the wrong login page in these
cases.)
> Not consciously enabled, indeed when I now go into the "settings" screen *neither* of the radio buttons for https 'Browser
> connection' are lit up, which suggests to me I'm running on default settings.
Yes, that was how the setting appeared to me before I selected "Always
use HTTPS".
ttfn