2008/8/1 Brendan Kehoe <brendan at zen.org>:
> While we're on the topic of webmail clients, I'm curious ... I notice that
> GMail has an option to let you use regular http vs https for your GMail
> sessions, with it automatically redirecting you if necessary.
[...]
> To be a devil's advocate: does it matter, really? Except for sitting in
> Internet cafes or libraries, do you need to use SSL when using a webmail
> interface? Or even when downloading your mail? When's the last time you
> read about an ISP being hacked so people could sniff packets?
As others have noted, the mail will be bouncing through the
recipient's ISP's SMTP servers unencrypted, but the HTTPS does keep
your ISP from snooping, at least on the contents of your mail. While
it is fairly unlikely that an ISP will be hacked just to sniff
packets, as you have noted, that does not mean that ISPs in the US
(and probably elsewhere) are not hosting government-issued packet
sniffers and traffic analysis devices (the latter of which HTTPS will
not impede). The battle for privacy is all but lost, but being a
privacy-minded person, I'd rather make it harder to snoop on me
whenever possible.
Crypto is not a silver bullet, but it is an important part of an
overall privacy / security system.
--
Cheers,
Josh
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
