A day after the beginning of the Google-China soap opera (still ongoing of course) and the reported mail hacks, came the news that Google was making Gmail more secure by enabling https access by default (reported here and here). While https access has been available to users since at least beginning of 2007 (earliest reference I found, check here), you had to go into settings to turn it for default use or use a different URL to login. The funny part is that even last year, privacy advocates had asked Google to enable it by default.
However, the announcement itself was prompted by the attack news. “The Gmail team decided, why wait?” he said. “We want our users to be as safe as we can make them be.”
– from Nytimes Blogs
The funny part? If this was ‘completely unrelated’ to the China issue and Google had planned it all along implies that Google was pretty much prepared for the transition. Indeed, the above comment mentions that it was in process for about 6 months, with ‘extensive testing and technical fixes’.
However, if you look at the bottom of the announcement page (here), you see that multiple applications from Google itself, including Gmail Notifier, Gmail for mobile, Google Toolbar, offline Gmail and the iGoogle email widget are all having incompatibilities/issues with the https default setting. Now if this was planned in advance, I dont think it would have been too difficult for Google to simply push out updates for these products. All that was needed was a check to switch to https inside the app automatically if it detected that the user account was configured as such!
Bottomline: While it may have been under consideration, this was clearly a sudden decision without the ‘extensive’ testing that is Google’s trademark. Why they dont they just admit it? Dunno…