July 10, 2007
Secure your Gmail Notifier
Posted Jul. 10, ’07, 6:34 AM PT by Derik DeLong
Category | Tips
Update: According to one of our commenters below who claims to work for Google, Gmail notifier does not send your authentication info in the clear. We’ll keep our eyes open for more info, but enabling this setting probably won’t hurt. -DM
I’m still hooked on Gmail’s conversation view for keeping up with my mailing lists. To keep on top of incoming mail in that account, I use Google’s Notifier application. For my purposes, it works well, keeping the unread email count in my menubar.
Unfortunately, Google configures it by default not to use https. That means that every time the application authenticates to Google’s server to check for new mail, your password is being sent in the clear over the internet. In most cases, this isn’t a problem, but if you’re using a public hotspot, your wireless router is unsecured, or you’re staying at a hotel, pretty much anyone in your vicinity could be capturing your username and password. Not cool.
A tip on Mac OS X Hints gives the solution (which also keeps you in secure mode when reading your email assuming you use the notifier’s Go to Inbox command).
Pull down the Notifier menu (either Calendar or Gmail), hold down Command and Option, and click Preferences on the menu. You’ll see a hidden settings editor. Enter SecureAlways in the Key field (upper and lower case must be entered as shown) and 1 in the Value field, then click Set. Quit Notifier and start it up again. From now on, all connections with both Gmail & Gcal will be https.
Hopefully Google will make this default in the future or at least reveal this preference in a more accessible location.
2 Comments
Leave a comment
Recent Entries
About MacUser
MacUser is your source for news, info, and opinion about Apple, the Mac, and the iPod. Our dedicated team of bloggers covers everything that is relevant to Mac users — and, okay, some stuff that’s not quite relevant, but is still a lot of fun.
Subscribe/RSS
- Blog Posts
- Blog Comments
- Podcast (RSS) (iTunes)
Tip us off!
- Email: macuser [at] macuser [dot] com
Recent Comments 
- the truth on iPod touch users get second classed again with the omission of new Maps features
- James Katt on Apple levels DMCA on iPodhash project
- AdamC on Apple levels DMCA on iPodhash project
- sf addict on Ch-ch-ch-ch-changes afoot at MacUser
- Paul Norton on iPod touch users get second classed again with the omission of new Maps features
- me on iPod touch users get second classed again with the omission of new Maps features
Categories
- Apple (234)
- Advertising (162)
- Events (235)
- Huh? (182)
- Humor (259)
- News (148)
- People (258)
- Rivals (405)
- Speculation (167)
- Steve Jobs (172)
- Stores (206)
- Apple TV (58)
- Business (451)
- Games (143)
- Geekery (460)
- Hardware (935)
- Accessories (79)
- Intel Macs (162)
- Ihnatko (18)
- Internet (463)
- Legal (244)
- MacUser (95)
- Macalope (8)
- Money (177)
- Music (344)
- Podcasting (100)
- Photography (74)
- Security (246)
- Software (1544)
- Updates (538)
- Tips (352)
- Troubleshooting (189)
- Video (403)
- Windows (219)
- iPhone (199)
- iPod (602)
- iPod Accessories (96)
- iPod Software (61)
- iTunes (128)
- iTunes Store (443)
Archives
- November 2008 (92)
- October 2008 (138)
- September 2008 (151)
- August 2008 (177)
- July 2008 (175)
- June 2008 (171)
- May 2008 (185)
- April 2008 (234)
- March 2008 (217)
- February 2008 (215)
- January 2008 (239)
- December 2007 (169)
- November 2007 (164)
- October 2007 (187)
- September 2007 (167)
- August 2007 (195)
- July 2007 (152)
- June 2007 (223)
- May 2007 (243)
- April 2007 (286)
- March 2007 (288)
- February 2007 (250)
- January 2007 (266)
- December 2006 (244)
- November 2006 (293)
- October 2006 (307)
- September 2006 (250)
- August 2006 (268)
- July 2006 (288)
- June 2006 (293)
- May 2006 (297)
- April 2006 (351)
- March 2006 (366)
- February 2006 (110)
- January 2006 (107)
- December 2005 (23)
Mac Publishing Sites
Links
This is not true; Notifier does not send your password in the clear over the internet. Disclosure: I work for Google, but please feel free to investigate this yourself.
I don't use this feature of gmail, but it would seem that someone should be able to capture their own packets using something like Ethereal/Ettercap/tcpdump/what have you, and find out first hand...