<div>Hello</div>
<div> </div>
<div>that is nor relly an encryption news, as the problem is not the ISP reading Gmail Emails, but Google reading Gmail Emails.</div>
<div>Is there any way to encrypt the Gmail accounts? Like with enigmail -> GENIG MAIL?</div>
<div>So ok, both users need to install this plugin and it would be not able to be uses in the webmail acoount I guess,</div>
<div>but for a normal Thunderbird users of Gmail it should be possible to use enigmail or any tother PGP encryption? Maybe <a href="http://retroshare.sf.net">retroshare.sf.net</a> or <a href="http://retromessenger.sf.net">http://retromessenger.sf.net</a> over Gmail? Whatever. Mime/SSL encryption.</div>
<div>That would be a nice plugin for Gmail, to exclude Google from reading my emails. maybe as flash integrated in the browser of the gmail web account. Sorry, maybe offtopic, but I thinkt hat is even more needed that surfing anonmous with tor.</div>
<div>The retention data od the IP is less interesting than the spy on CONTENT. Emails and Websites of course.</div>
<div>Max<br> </div>
<div><span class="gmail_quote">On 8/9/08, <b class="gmail_sendername">coderman</b> <<a href="mailto:coderman@gmail.com">coderman@gmail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">On Sun, Mar 9, 2008 at 5:23 PM, Jonathan Addington <<a href="mailto:madjon@gmail.com">madjon@gmail.com</a>> wrote:<br>
> I've been following the conversation regarding Gmail and SSL bits in<br>> other threads because, as you can tell, I use Gmail, and was under the<br>> impression that https:// will keep everything over an SSL connection.<br>
<br>an update of note: Gmail now supports an account option to enforce the<br>secure only bit on session cookies and keeps your entire gmail session<br>on SSL. this makes attacks like Mike Perry's active side jacking<br>
impossible, as the session cookie is no longer sent in the clear when<br>http:// non-SSL links are injected into browser content.<br><br>to enable this feature:<br>- at top of page select "Settings"<br>- scroll to bottom of section for "Browser connection:" preference<br>
- select "Always use https"<br><br>this will pass the Secure / secureonly option when settings the GX=...<br>session cookie used to identify your authenticated session. this<br>cookie will then never be sent over plain-text connections, protecting<br>
you from passive / active side jacking attacks.<br><br>be sure to use a somewhat modern browser that supports secure only<br>cookies. you can also verify correct operation with the "Live HTTP<br>Headers" plugin for Firefox.<br>
<br>best regards,<br></blockquote></div><br>