While I’ve known that Gmail uses SSL to log in, someone recently pointed out to me that while my password is sent to Google fully encrypted, once logged in, all pages that I view are sent via http, meaning that all the emails I read and send can be scooped right out of the ether at any open hotspot.

One remedy I found is to manually change the address from
http://mail.google.com/mail/ to https://mail.google.com/mail/
and for that session, you should be using https and all the pages you view in Gmail will be encrypted. Very cool, but I have to remember to manually check this every time I log in. I smoked way too much weed as a teenager. Half the time I don’t even know what day of the week it is. No lie. How am I supposed to consistently remember this?

Looking further, I found this great extension for Firefox that takes care of the problem for me. CustomizeGoogle lets you set a whole mess of options for a variety of Google services. I won’t get into most of the details since they don’t apply, but check them out because a lot of them are pretty cool. One option that is relevant is that once installed, you can set an option for Gmail to always use https by default. Just check off that one option and from that point on, you have worry-free, encrypted Gmail sessions as a default. Pretty damn useful. CustomizeGoogle also lets you set an https default option for Google Calendar as well. Even sweeter.

Unfortunately, Safari, Konqueror and other browser users are out of luck (IE users, you deserve what you get.) with this extension, so unless there’s something else out there, they have to manually check the session every time or set a bookmark using https in the URL and be consistent about accessing Gmail through that bookmark.