Monday, October 22, 2007

Better GMail

If you use GMail, this FireFox add-on is essential: Better GMail. This is an entire suite of GMail augmentations, including everything from skins through encryption. By default, GMail only encrypts its authentication. This means that only your username and password are safe from people eavesdropping on the network; your mail is not. Whenever you open a message or view your inbox, all of that data is sent across the network "in the clear," visible to anyone who is looking for it.

Using Better GMail will force GMail to encrypt all data sent to and from your computer, including your email. I would strongly recommend installing better GMail if you use GMail for your mail. You may need to install Grease Monkey first.

It can also do a ton of other stuff that I haven't had the time to play with yet. I'd be very interested to hear if you have any success doing cool stuff with this add-on!

Thanks to Ira for telling me about this add-on.

Some background on this, for those interested:
The web uses two main protocols to transfer information from a web server to your browser: HTTP and HTTPS. The former is unencrypted and the latter *is* encrypted. When data is not encrypted (i.e. sent "in the clear"), it is susceptible to be intercepted in transit by someone maliciously listening on the network (or "packet sniffing"). It will appear to said eavesdropper in clear, plain text. He or she can see all of the data you can see on your screen. When the HTTPS protocol is used, the data is encrypted by the web server and decrypted by your computer (and vice versa when you are sending data to the web server). This means that, should someone intercept it in transit, it will be garbled junk. Useless. HTTPS is essential for web sessions where you would not want someone to be able to see your data: banking, etc.

The way you can tell if something is using HTTP or HTTP is by looking at the URL bar in your browser. If the background is yellow and the URL starts with "https://," then your session is encrypted; otherwise, it is not.


Richard said...

The CustomizeGoogle Firefox plugin can also force GMail over HTTPS, as well as Google Docs, Calendar, and Reader. It also secures a whole bunch of other Google transactions (for example, by removing click tracking and advertisements). And if you're really worried about what AJAX can do behind your back, there is always the NoScript plugin. I recommend them both.

Chris Mustazza said...

Great comment. I had heard of NoScript, but not CustomizeGoogle. I will be sure to test it out.