Saturday, November 11

Google Chat

I use gmail and enjoy their in-browser chat client. In case you don't already know, that communication is in clear text ... sniff sniff.


A quick solution is to add an "s" to your url string (nothing new here).
httpS://mail.google.com/

When I have more time I will take a look at the cookie that's set by gmail chat and the related communication / reference. During a quick test last night, Wireshark complained about some of the captured traffic not being compliant ... more to come.

3 comments:

Trevor Reid said...

Thanks, I had been wondering for a while if using gmail in 'https' mode also applied to in browser chat.

To get the most protection both (all) parties to the chat would need to add the 's', right?

By now, Google has added a field in the account settings mail tab that switches you to 'https' on an *account* basis...a good practice so you are less likely to accidentally access your account from a public station and forget to add that lil' 's'

Sam said...

Re: "By now, Google has added a field in the account settings mail tab that switches you to 'https' on an *account* basis."

Actually you can find it under the General tab in Gmail Settings. (Since one picture worths ten thousand words... for those who would like to see step-by-step how to make your Gmail & g-Talk/Chat always secure - see a picture by following the link http://img58.imageshack.us/img58/5360/securegmail.jpg

Miline said...

So are we sure that httpS makes gmail chat encrypted?

Is it necessary to have httpS on both side of chat communication to have the conversation secure?