General Question

talljasperman's avatar

Why does my E-mail accounts have the Http crossed out?

Asked by talljasperman (21919points) January 12th, 2011

It’s happening to two of my accounts… one is Gmail the other is a smaller one.

Observing members: 0 Composing members: 0

3 Answers

robmandu's avatar

Likely, it’s not HTTP, but HTTPS that’s crossed out on gmail.

That happens because your connection to Gmail is going over HTTPS (secure), but the emails you view may contain hyperlinks to third-party sites using plain old HTTP. As such, everything you’re seeing on the page isn’t really coming to you over HTTPS.

If you’re in the Chrome web browser, you can double-click the struck-thru lock icon to the left of the url and it’ll pop up an explanation. Other browsers should also provide explanation as well.

jaytkay's avatar

That started happening to me today, viewing Gmail in the Chrome browser.

“The identity of this website has been verified…However this page uses other resources which are not secure”

Seems kinda worthless as a warning, doesn’t that apply to most https pages?

robmandu's avatar

No, it doesn’t necessarily apply to most https pages.

A bank, for example, will always only ever refer to its own locally hosted https content.

Gmail, on the other hand, is delivering messages to you with links to external content hosted on other servers that are not Google’s and not usually over https. Those messages come from somebody else in the first place. You’re getting exactly what’s intended.

Your web browser doesn’t know the difference between a banking/commerce site, an email website, or some scam site that’s attempting to mask its nefarious activity by hiding behind legitimate content. So, to be safe, it’s warning you with the struck-thru https and lock icon that there’s something not obvious to you on appearance alone.

My $0.02: Google could theoretically elect to redirect those urls to an intermediate proxy server of their own and then preserve the pure https experience you might be expecting.

However, doing so would, some might say, break the way the web is supposed to work. where web pages – yes, even web-hosted email – are encoded in HTML and the entire point of the hypertext markup language is to allow in-line references to content elsewhere.

This is especially a concern if the link in email is meant to direct you to logon to a site, like Facebook, where you wouldn’t want a Google-proxy between you and your destination.

I’d like to have the choice myself. Google could conceivably make such a proxy feature a thing that you could opt-in for, via Google Labs, like they do with so many other Gmail improvements.

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther