If you like to be mobile with your computer, then you probably have used public Wi-Fi or perhaps even a pay-per-use Wi-Fi hotspot. If so, then you should be careful about how you read email while connected to one of these public access points. Most public Wi-Fi providers do not require you to make a secure connection to their wireless router. This leaves your transmissions easily readable by eavesdroppers. You can protect yourself with a very simple change to your web browsing behavior.
In a previous post, I discussed some of the mistakes that should be avoided when setting up your home’s wireless router (read Are You Making These Mistakes with Your Home Wi-Fi). One such mistake is leaving your access point “open”. Since public Wi-Fi access is usually “open” and you usually don’t have a choice about how to connect to a public access point, you should take precautions when surfing sites that may contain personal information.
Since communications between your laptop and the public access points are made over the air in an unencrypted manner, your email can be read by anybody who is savvy enough to start a free network sniffing program that is freely available for downloaded on the Internet. How much more careful about what your read at one of these hotspots would you be if you knew it was possible for someone to see the data that was being sent to our browser? How much personal information do you store in your email account?
HTTPS Browser Connections
There is something simple and easy you can do to ensure that you’re reading email securely. You can browse to your Gmail account without fear of prying eyes or network hackers. Simply use the HTTPS protocol when accessing your web email. HTTPS encrypts the data from your computer all the way back to the server you are browsing. Since the data is encrypted, even if someone is sniffing the network, they will not be able to determine what you are reading. The data simple looks like a bunch of random bits with no meaning.
Gmail and Yahoo
Both Gmail and Yahoo mail automatically redirect your browser to their “https” versions for login. This means that when you send your username and password to authenticate, it will be encrypted and secure. You can see this when browsing to mail.google.com or mail.yahoo.com. Go ahead and try it. Type “http://mail.yahoo.com” or “http://mail.google.com” in your browser’s address bar and see where you end up. You’ll notice that your browser now reflects the new address which begins with “https://”. Your browser is now using the HTTPS protocol to communicate with the login server.
A Gmail Advantage
The login process is only the beginning. Yes, your login information is secure, but unless you specifically tell the browser to use the “https://” address, your security encryption ends at the login for Gmail users. Browsing to http://mail.google.com will encrypt the login information only, but browsing to “https://mail.google.com” will not only encrypt your login, but your entire session as well. All the information sent to and from your computer to Google mail will be protected along with your username and password. This is one advance Gmail has over Yahoo mail. Yahoo mail will not encrypt the entire session even though you specify “https://” in the address bar.
A Secure HTTPS Session
Notice the “lock” icon in your browsers status bar. It is usually located somewhere near the bottom right of your browser window. If the lock icon is present, it means that your session with the web server is encrypted. Gmail uses will see the lock for the entire session (if they have browsed to the “https://” version of the page), but Yahoo users only see it at the login screen.
Other Web Email
Most mail programs provided by your ISP or hosting service do include web email. Try to access your web mail via the HTTPS address and see what happens.
Be careful when browsing at public Wi-Fi hot spots. Try to use the HTTPS protocol for web mail because it can protect your privacy and security. At this point, it looks like Google has the advantage over Yahoo in this department. Don’t forget to bookmark https://mail.google.com and https://mail.yahoo.com to ensure you always use the secure pages when possible.