Critics say Google isn't doing enough to protect its Gmail users
Google is under fire from critics questioning why the No. 1 search engine in the world doesn't make its e-mail service even more secure.
The letter was drafted by Berkman Center for Internet and Society at Harvard University student Christopher Soghoian, and was signed by security experts and professors from Purdue University, SRI International, Harvard University, BT Group, among others.
Security experts, lawyers and privacy advocates recently wrote an open letter to Google's Eric Schmidt, questioning why Gmail users "needlessly" face security risks.
"As more of us end up using insecure Internet access -- such as Wi-Fi in coffee shops, libraries, and so fort -- there's a real risk of session hijacking," according to Ben Edleman, Harvard Business School assistant professor and letter signatory.
Gmail already uses Hypertext Transfer Protocol Secure (HTTPS), but Google has it disabled by default with very few users aware of how to turn it on, the letter claims.
Google responded by saying it will test several different security methods in the future, including HTTPS, but didn't say when users can expect the increased security features to become permanent.
Gmail users interested in enabling HTTPS before Google can do so by logging into their Gmail account, then click on the "Settings" tab, scroll to "Browser connection," and then click on "Always use HTTPS" so the security feature will be enabled.
Yahoo Mail, Microsoft Hotmail, Facebook and MySpace also use HTTPS when logging a user into the service, but don't have the security feature available once a user is logged in, according to security experts. Normally only sites such as banks and credit card web sites have permanent HTTPS connections, but there is growing pressure for e-mail services and other sites to support HTTPS at other times besides log in.
