Google, which has found Gmail to be the target of hacking attempts from China, has been modified so that the Chrome browser always encrypted connections to the mail service.
Google Gmail has already changed to use encryption by default, as specified by the "https" at the beginning of a browser's address bar means that strangers sniff the network traffic can read your email. People can still get to the unencrypted version typing "http://gmail.com," but not more, to Chrome.
"From 13 Chrome, all connections to Gmail will be through HTTPS. This includes the initial navigation, even if the user types 'gmail.com' or 'mail.google.com' in the URL bar without the prefix https, "the programmers at Google, said in a blog post yesterday. He said the focus of defense against such attacks sslstrip, which can be used to hijack browsing sessions.
The technology used to apply encryption called TGV, which stands for HTTP Transport Security tight and allows a browser to specify that a Web site can only be used over a secure HTTP connection. HTTP, or Hypertext Transfer Protocol, is the standard that governs how Web browsers communicate with Web servers to retrieve a Web page.
The moves dovetail with Google's attempt to make security a major selling point of your browser. By improving the security of Chrome, the company benefits directly so that their services are less vulnerable and indirectly by making the Web a safer place for people to spend time personally and professionally.
Google is an important goal. It has been revealed that the attacks on Gmail, said it appeared to come from China - some in 2009 and again this year. To try to make it harder for the attacks, adding two-factor authentication of Gmail, which requires a code of mobile phone from a person and the common password.
Most people do not appreciate the measures Google is taking to ensure its Chrome browser-based operating system, Chrome OS, said Sundar Pichai, senior vice president of Chrome, in an interview at Google I / O, pointing to measures such as functioning plug-ins such as Flash and a PDF reader in a sandbox, using a boot process verified Chrome OS, and system of making Chrome OS encrypted file.
Chrome is also the vehicle for other ambitions of Google, for example to accelerate the Web. Aspects of this effort are improved SPDY called HTTP, a new capability of pre selected results pages to the screen much faster when a person clicks on the links, the technology called Native Client designed to run on the Web the software application much faster, and the image format that Google argues WebP is faster than JPEG.
It is not just making the Web faster and safer, however. When people use Chrome to conduct a search on Google, the company does not have any search result to share advertising revenue with makers of browsers such as Mozilla.
HTTPS access, Gmail is not just for safety measure only Google is doing.
Google is also trying to ensure that any user of Chrome and Gmail will be vulnerable to a problem raised its head in March when a subsidiary of a New Jersey company called Comodo was hacked, apparently by an Iranian.
Comodo and its subsidiary to issue digital certificates used by browsers to establish encrypted connections to Web sites, but the attack produced false certificates of encryption for Yahoo, Skype, Google and Mozilla. The theme of Comodo is a leading browser makers to rethink technology certificates.
Now, for some sites, like Gmail, Chrome can only get certificates from only a short list of suppliers, not the hundreds available on the global Internet. That list includes Verisign, Google Internet Authority, Equifax and GeoTrust, according to a blog post by Adam Langley, a programmer at Google. Add to the list is visible in the source code of Chrome.
In the long run, there is another important safety feature on the horizon: Google Chrome is the reconstruction of their technology, Native Client, gradually becoming more parts of the browser running on a more secure "sandbox", whose isolation computing resources of others makes it more difficult for attackers to take over a computer through a browser-based attack.
This measure will begin with a PDF reader Chrome, but will not activate until Google relies on technology, Pichai said.
A close cousin of security is privacy, for example, if a government wants to see if a dissident has visited a particular website. The browser makers are working to extend beyond the private browsing mode today, which leave no trace on the computer private browsing, ways that leave no trace on the servers, either.
For example, Chrome, Firefox and Internet Explorer all to find a technology to eliminate the local stored objects (LSO), which in practice means that it is harder for websites to track users through "Evercookie" . Cookies are text files that can be eliminated standard for browser users, but Adobe Flash Player, HTML techniques other plug-ins, and the new storage, there are more forms of Web browsers to store data even when normal cookies are deleted.
Evercookie are an open track down people. But there are subtle fingerprints of a browser leaves behind that can help identify who is using a browser, such as the Electronic Frontier Foundation Peter Eckersley documented in its report last year Panopticlick (pdf)
Chrome is based on the WebKit engine project which is also the basis of Apple's Safari. Now engineers are evaluating the idea WebKit 'track navigation resistant "to reduce the fingerprints.
An example, described in the documentation of WebKit navigation tracking resistance, refers to the user-agent string - the text of a Web browser sends a server to describe its version number, compatibility and system operation. Differences between individuals user-agent strings means that each one has enough information to reduce it to one thousand randomly selected browsers.
Even a thousandth of the total number of Web browsers is a huge number, of course, but there are plenty of other ways to narrow your search: time zone, installed plug-ins, fonts, and screen resolution, and more.
It is unclear how much appetite is not to hide fingerprints, however.
"I'm skeptical that doing these things will offer more than just a showcase, but definitely not want to discourage try," said Adam Barth WebKit developer, in a commentary. He asked for more information: "I would like to see us to track more difficult ... I would like to understand what you are buying and what we're paying for it."