In an attempt to increase user awareness of the insecurity of the messages they receive, Google plans on notifying Gmail users when they receive an email sent from an unencrypted source.
Many services have shifted to HTTPS over the past decade, as secure socket layer (SSL) connections provide encryption that protects data from prying eyes as it travels from point A to point B. It has become standard for payment services in particular to incorporate this technology, so sensitive information such as credit card numbers doesn’t fall into the wrong hands.
But what about sensitive email data?
Unfortunately, even if your own email service runs on HTTPS, as Gmail, ProtonMail and many other services do, the emails you receive may not be protected if they are sent over a standard HTTP connection, which some email services are guilty of using, even today.
To address this, Google will now notify users when a message they have received was not encrypted, giving them advanced warning that the information contained within may, at some point, have been viewable by a third party. This, in turn, will allow users to proactively protect themselves against possible threats from the disclosure of that information.
If the people you converse with are other Gmail users, chances are you will never even notice this message since Gmail runs on HTTPS.
However, when you do receive a message from an unencrypted mail server, you will also see a warning that the message was insecure.
Google acknowledges that erasing all security threats will never happen. Even the protection offered by encryption can be compromised, as malicious users try to tamper with the initiation of secure SSL connections. According to Google, people have also tried to get around SSL by manipulating the routing information DNS servers provide when looking for Gmail, though this tactic only affects non-Gmail users. Tackling these security threats is an ongoing challenge for companies like Google, one that will be addressed one step at a time.
By allowing users to see just how much of the email they receive is insecure, Google will be taking the first step. The new feature may lead to increased calls for the adoption of HTTPS moving forward, for the services still lacking it.