Recent news that the China-originated attacks on human rights' activists targeted their GMail accounts have gotten many folks thinking about the security of GMail.

First, you should make sure that you have GMail set to use HTTPS connections. This is less essential if you always check email from within a secure network. Especially if you use public, unsecured wireless, you need to check this setting.

From within GMail, click "settings," the "General" tab, "Browser Connection," and make sure its set to "Always use HTTPS." For new accounts, this is now the default, and its easy to make sure you existing account has it.

Second, you can go further using open source or free tools that provide "public key encryption" to truly secure confidential email. While still using your Gmail account, for now at least, this route generally proceeds through using Thunderbird desktop email and add-ons that encrypt your messages. CNet's Stephen Shankland offers a tutorial on how to do this in his article "Want really secure Gmail? Try GPG encryption." Find it on http://news.cnet.com here: http://bit.ly/93afRf

Steve has a longer tutorial on the why and wherefores of public key encryption available on request. It has not been kept uptodate, but is useful background reading.