Google has just announced that HTTPS access would be “on by default” starting immediately. This is in response to the recently publicized attacks against Google and Gmail which are causing Google to reconsider their approach to China. While I’m happy that Google will now be encrypting Gmail-related communication by default, I’m a little surprised and disheartened that it took an attack to cause this to be implemented. Sure, https has been an option since July of 2008, but Google had previously warned of a security / usability tradeoff with turning it on: Because the downside is that https can make your mail slower. Your computer has to do extra work to decrypt all that data, and encrypted data doesn’t travel[…]