Google Upgrades Security on Gmail
January 14th, 2010 admin
[From Google Upgrades Security on Gmail - Gadgetwise Blog - NYTimes.com]
Google is changing the default for its web mail service, placing security above performance.
In a blog post Tuesday night, Google said it would begin using Hypertext Transfer Protocol Secure, or HTTPS, technology to encrypt all traffic carried on its free Web-based e-mail service. HTTPS is a popular Internet protocol that combines the standard HTTP Web protocol with a layer of encryption based on the SSL/TLS protocol. It is commonly used by online banking services and shopping sites to protect secret customer data from interception by Web eavesdroppers.
Gmail has always used HTTPS to encrypt login pages, and thereby defend passwords, but encryption of e-mail traffic itself has been an option that users had to select. Now, Google will move all users to HTTPS by default, arguing that the security benefits of that outweigh the slight hit to the speed of e-mail delivery that the technology imposes. The performance impediment has been steadily diminishing as an issue because computing power, the speed of individual connections and overall Internet bandwidth have all expanded.
. . .
The move to HTTPS for Gmail was praised by some privacy advocates, who expressed hope that other popular Web-based email services, like Yahoo Mail and Hotmail from Microsoft, would soon follow suit. Making HTTPS use the default for all users is important because few people take the trouble to actively turn on security features, said Jeremiah Grossman, the chief technology officer of WhiteHat Security, a Web security firm. “It’s free security. Whenever that happens, we’ll take it.”
Posted in Operating Systems | No Comments »
Another default setting sets the program to automatically connect to the network when the application starts up. This ensures that file sharing starts immediately.
A third default setting treats users with fast computers and Internet connections as an “ultrapeer.” An “ultrapeer” helps other users download faster, but demands a greater load on the user’s computer.
All three of these default settings are used to promote file sharing. However, these are not the only defaults in Limewire. Limewire uses default settings for filtering search results by specific words, adult content, or file types. This setting affects free speech, essentially censoring certain Websites from its users.
Other default settings define the community of file sharers. Limewire has a default setting to share files only with people who are sharing files. Users can set the minimum number of files an uploader has to share. This feature defines the community’s boundaries. It can exclude “freeloaders” or people sharing only a few files. Limewire sets the default to one file and, thus, effectively allows everyone (including “free-loaders”) to share files. 
Finally, there is a default affecting social communication determining whether the chat feature is on or off.
Limewire’s use of defaults demonstrates how defaults can affect a wide variety of issues. As a matter of policy, defaults are good for a number of reasons. First, defaults provide users with agency. Users have a choice in the matter: They can go with the default option or choose another setting. Second, a default setting guides the user by providing a recommendation. However, there may be situations where users do not need or should not have options. We discuss these situations in more detail later, but the key point is sometimes we do not want to give a user choices.
If the goal is to encourage the use of encryption to secure APs, then the default should be set to enable encryption. Another approach, which is less powerful (but cheaper from the vendor’s perspective) is to use labels and improve configuration software to encourage the use of encryption. California followed this approach with the “Wi Fi User Protection Act”, which had the support of the wireless industry. The law states that: