@neverwhisper:
Anyone with a packet sniffer on the same Hub and maybe on the same switch/router depending on how it is configured. If the packets are not hitting your computer you cannot sniff them. A properly configured switch/router should not bombard other computers with packets that are not to or from them, thus no packet sniffing is possible unless the packet sniffing is happening on said switch/router.

That said, WiFi is another matter. Since it is wireless, pretty much anyone--on the network or no--with the right apps can just pluck the packets out of thin air. Here is where https and/or better is important.

http is "fine" on a wired network, unless you do not want your network admins to have easy access.

Asatruer

@Bubarubu: Yeah..

The Gmail Notifier Stops working.

Mau

yeeha! finally, no more typing out the https url, or using recently visited url's.

jcoffman

Helpful, thanks.

Speedmaster

Unlike Better GMail, the native encryption option seems to break Gmail Notifier.

Bubarubu

To answer the above question? Anyone (and I mean ANYONE) with a packet sniffer on your network can see exactly what's on your gmail and gtalk if you aren't using https.

Use it. Now.

neverwhisper

I love this. Thank you, Google.

jwaller

Add this to gCal and I may not need the customizegoogle extension anymore.

mcatrage

I'm thinking Google should just adopt the Btter GMail Firefox extension and get it over with. We'd all benefit from that.

MikeRapin

Can someone explain how easily someone can snoop without this turned on? Is the difficulty level:
1. (Hopefully) Former NSA Employee
2. Computer Geek
3. Wannabe Computer Geek

If the answer is #3, someone please paste the WikiHow link - I wanna know.

Thanks.

baest

I strongly recommend the CustomizeGoogle addon (also mentioned o' so long ago right here on Lifehacker here). It gives a great deal of added functionality (blocking Google ads, streaming search results, added privacy measures, etc), and it includes the ability to make Google Docs, Google Calender, Gmail, and all(?) other possible Google sites use https (also hinted at here).

for Firefox: www.customizegoogle.com
for Opera: www.smir.de/cg

USBman

@baest: it definitely depends on the network you are on when you access your gmail. if ou are using a university's network, then you better believe there are wanna be hackers snooping your gmail. if you're at home, behind a router that you trust, that's a different story.

natenovs

@baest:

Even with https turned on, it's possible to sniff. You can poison the arp table so the victim thinks your computer is the gateway. Then, in place of gmail's certificate, send a self signed one. Then you'll be able to see what they're sending.

Of course, there's always the issue of if the end user will accept the error in their browser saying the cert may not be valid. Most users don't even know what it means however, and will just accept the fake certificate.

fintler

@Asatruer:
That's not correct as far as switches and hubs go :) There's a method you can use to poison the arp table so your computer appears as the gateway. Basically you send packets out telling everyone on the network that the default local gateway is located at your macs address. That way, everyone sends their traffic to you before you route it out over the real gateway. Therefore, you can sniff on most switched lans.

fintler

@baest: Some years back, I had the same curiosity as yours and I had installed a packet analyser called Ethereal (now called Wireshark) on my PC. Whenever I logged into any email account through http, I can literally read my username and password unencrypted in the IP packets. I don't remember those IP headers now. But yes, if some unwanted eyes get these packets, they own your email account too.

kaushalmodi

@Bubarubu:

I third this. Thinking of turning native off and turning better gmail back on.

petebocken

Crap, i think this also breaks the gmail app for blackberry. Good job google.

petebocken

Worth noting that this also appears to break the gmail notifier.

RUHere9927