A friend had sent me an article on Google changing its Gmail URL from using the non-secure http:// protocol to the secure but slower https:// after Chinese hackers broke into human rights activists’ Gmail accounts.
I know someone else who explicitly uses the https:// protocol to subvert the firewall at work, letting him use Gmail during the day. It’s a win-win because everyone should be using https:// anyway, as John Gruber at Daring Fireball told Google to do two-and-a-half years ago.
I know Google offers a dizzying number of redirects for Gmail login URLs, but I was curious to discover just how many of them will work. I came up with:
Non-secure Gmail URLs
- http://gmail.com/*
- http://www.gmail.com/*
- http://google.com/mail
- http://www.google.com/mail
- http://google.com/gmail
- http://www.google.com/gmail
- http://mail.google.com
- http://mail.google.com/mail
- http://mail.google.com/gmail
- http://gmail.google.com
- http://gmail.google.com/mail
- http://gmail.google.com/gmail
- http://m.gmail.com
Secure Gmail URLs
- https://gmail.com/*
- https://www.gmail.com/*
- https://mail.google.com
- https://mail.google.com/mail
- https://mail.google.com/gmail
- https://gmail.google.com
- https://gmail.google.com/mail
- https://gmail.google.com/gmail
The asterisks represent wildcards that apparently allow you to type whatever you want after the slash, and Google’s servers will know you wanted Gmail.
It appears all URLs ultimately redirect to https://mail.google.com/mail, which means explicitly using https:// may or may not get around a work firewall, depending on how the URL blacklist is written.