HTTPS Aloof On Gmail, Facebook And Other Major Websites

HTTPS Aloof On Gmail, Facebook And Other Major WebsitesGoogle does a disservice to its Gmail users by not turning on HTTPS by default — as doesn’t Facebook, MySpace, Hotmail, Twitter and other websites that require you to log on with username and password.

These and other sites not using SSL for their logon page could almost be called negligent in their [lack of] support for user privacy.

So why is the ‘S’ in HTTP’S’ important?

The ‘S’ in Hyper Text Transfer Protocol over Secure Socket Layer (HTTPS) is a means of hiding what you send from your computer as it travels across the internet to its destination [i.e. your Gmail account information]. HTTP’S’ gives your logon a private and secure ride across the world wild web — hidden from unwanted prying eyes.

Google does offer HTTPS as an option in their Gmail settings control panel. What this means though is that you [first] need to know it’s there, and [second] proactively go turn the option on. Only after you take these two steps will your Gmail username and password be secure.

Facebook too offers the option to logon with HTTPS, but its unadvertised and inconspicuously hidden. However, you can turn your Facebook logon into a secure experience by just adding an ‘S’ right after the ‘HTTP’ in http://facebook.com.

prntscrn_https_facebook.png

This magic ‘S’ works on other websites as well — like Twitter and Hotmail. Some sites, like Yahoo Mail, are secure by default.

Beware that even though you add an ‘S’ after ‘HTTP’, on some links, you may see an invalid security certificate warning — making your logon appear suspicious. Think twice before accessing a website that gives you “Error code: ssl_error_bad_cert_domain” or “invalid security certificate” warnings. Recheck your URL and accept an invalid certificate only if you are sure it belongs to the website you want to access.

So what does HTTPS mean to you? Each time you access a site that requires your username and password — and you are not redirected to a secure logon page — your personal information rides naked across the internet.

Are you concerned with logging in securely? Should any/all websites that require username and password enforce SSL?

  • YorickPeterse

    Problem with Twitter is that Firefox reports that the site is using an invalid security certificate, besides that Twitter is extremely slow when using https

  • http://techmiso.com/ Rich Chuckrey

    Speed is certainly a drawback in using SSL full-time. Ideally – websites that require username and password would have you land on a secure page or redirect you to one. Then they could make the switch to unsecured HTTP for the rest of your session — unless of course, your session is with a financial institution where you want ALL data encrypted.

  • YorickPeterse

    That would be the ideal situation yes, but too bad Twitter doesn't do that (as far as I can remember).

  • http://www.fotografaire.com Mom/LorriM

    On Google…I found a problem. When you go in to change the option to HTTPS, and then you send an email…it shows up with a “404 error”.

    I did this as recently as five minutes ago…sent two test emails.

    Good article!

  • http://techmiso.com Scott Jarkoff

    That is quite peculiar. The HTTPS option only ensures you always communicate with Gmail via HTTPS rather than HTTP, and should have nothing to do with sending email. May want to log out and log back in after that, just to ensure the session is set properly.

    Is this still acting funky for you?

  • http://www.fotografaire.com Mom/LorriM

    As of this morning, it seems to be fine. I wonder what the problem was.

  • GauVeldt

    One caveat to amateur websites or small business is the $100 USD per year fee to having a valid certificate. If a way can be found to have this available to the more financially challenged even in these bad economic times more sites would be found with HTTPS security enabled.

  • Kat

    I have never had a problem with facebook on my laptop before but recently its been playing up and the only way i can access it is by putting the https in the address but it dissapears as soon as i click onto something else and shows a http address along with it saying 'internet cannot display this webpage'. Has anyone any idea how i can fix this?