or Connect
AppleInsider › Forums › Mobile › iCloud › Apple implements transit encryption for iCloud email to prevent snooping
New Posts  All Forums:Forum Nav:

Apple implements transit encryption for iCloud email to prevent snooping

post #1 of 21
Thread Starter 
Apple appears to have completed an initiative designed to increase the security of its iCloud email service by adding end-to-end encryption for messages sent from me.com and icloud.com, according to new data from Google's Gmail.




A report from Gmail's security transparency project suggests that at least 95 percent of the messages sent to Gmail from users of iCloud mail is now encrypted, just one month after Apple initially promised that such a change would be forthcoming. The data is current as of July 10, and it is unclear how it may have shifted in the interim.

Apple is using industry-standard Transport Layer Security, or TLS, infrastructure for the encryption. With TLS, both sending and receiving servers as well as the email messages themselves can be verified for authenticity, nearly eliminating the possibility of email being unknowingly intercepted by a third party.

Unfortunately, due to the nature of the public-key cryptography that underpins TLS, both parties must support the feature in order for messages to remain unreadable. Messages sent from iCloud to private mailservers without TLS support, for instance, will still be delivered unencrypted.

The move is the latest in a series of technical alterations and public statements from Apple designed to restore public confidence in the wake of allegations from NSA whistleblower Edward Snowden that the company had cooperated with the U.S. government. Most recently, Apple beat back accusations from Chinese state media that iOS's location tracking functionality could be mined by foreign governments to reveal sensitive information or "even state secrets."

"Apple is deeply committed to protecting the privacy of all our customers," the company said in response. "Privacy is built into our products and services from the earliest stages of design. We work tirelessly to deliver the most secure hardware and software in the world."
post #2 of 21
If one believes that the NSA is eavesdropping on all these large tech companies, is it a stretch to believe that they've compromised PKI?
post #3 of 21

Kudos to Apple. However, I wish that Apple Mail was more responsive, quicker to update folder contents, and had a larger client base. I find myself using my mac.com/me.com email address less and less.

post #4 of 21
Edward Snowden needs to be thanked for risking everything to bring about positive change.
Edited by SolipsismX - 7/16/14 at 9:41am

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #5 of 21
Snowden gave every terrorist a heads up. The only people who should be thanking Snowden are terrorists and anti-American countries. Snowden is a narcissist and now a Putin prostitute.
post #6 of 21
Quote:
Originally Posted by AppleInsider View Post

...

Unfortunately, due to the nature of the public-key cryptography that underpins TLS, both parties must support the feature in order for messages to remain unreadable. Messages sent from iCloud to private mailservers without TLS support, for instance, will still be delivered unencrypted.

...

Not sure how specific this problem is to "public-key cryptography". By definition, anything encrypted using any kind of method will need both party support for it to work.
post #7 of 21
Quote:
Originally Posted by anantksundaram View Post
 

Kudos to Apple. However, I wish that Apple Mail was more responsive, quicker to update folder contents, and had a larger client base. I find myself using my mac.com/me.com email address less and less.

How/why do the number of clients using a particular service affect your choice?  Question is for my edification only.  Thanks.

post #8 of 21
Network externalities.
post #9 of 21
when iDevice to iDevice end user to end user (mail to me is encrypted in my public key and their private key which I can use their public key to decrypt) encryption is turned on (or MUA to MUA encryption in the general case), then I think we have achieved something. Apple has the pieces in place... they should just give us a 'trust this AppleID' which gives a key exchange for offline creation/reading. Bada Bing Bada boom.... No more feds reading our mails (unless they get our private keys off our phones... which would be pretty illegal, except in FISA court here in the US... but everything is legal in FISA court... sigh).

As it stands, MTA to MTA encryption only protects you from (extralegal or otherwise) wire tapping. MUA to MUA protects you from subpoena of your mail server.

End to End Encryption wouldn't look so suspicious if everyone used it.
post #10 of 21
>>>Edward Snowden needs to be thanked for risking everything to bring about positive change.

Yes he deserves a Nobel Price for it and not this other jerk. What was he called again? ah - Obama...
post #11 of 21

"Kudos", my ass.  More like: "It's about damned time!"

 

Quote:
Originally Posted by anantksundaram View Post
 

Kudos to Apple. However, I wish that Apple Mail was more responsive, quicker to update folder contents, and had a larger client base. I find myself using my mac.com/me.com email address less and less.

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply

   Apple develops an improved programming language.  Google copied Java.  Everything you need to know, right there.

 

    AT&T believes their LTE coverage is adequate

Reply
post #12 of 21
Quote:
Originally Posted by TheOtherGeoff View Post

when iDevice to iDevice end user to end user (mail to me is encrypted in my public key and their private key which I can use their public key to decrypt) encryption is turned on (or MUA to MUA encryption in the general case), then I think we have achieved something. Apple has the pieces in place... they should just give us a 'trust this AppleID' which gives a key exchange for offline creation/reading. Bada Bing Bada boom.... No more feds reading our mails (unless they get our private keys off our phones... which would be pretty illegal, except in FISA court here in the US... but everything is legal in FISA court... sigh).

As it stands, MTA to MTA encryption only protects you from (extralegal or otherwise) wire tapping. MUA to MUA protects you from subpoena of your mail server.

End to End Encryption wouldn't look so suspicious if everyone used it.

One can already send S/MIME encrypted e-mail from iDevices. S/MIME support was introduced with iOS 5, so it's been around for a while.

 

Settings > Mail, Contacts, Calendars > Account (pick one) > IMAP (account) > Advanced > S/MIME (toggle on/off)

 

For additional information, please consult the Apple support document on the topic:

 

http://support.apple.com/kb/HT4979?viewlocale=en_US&locale=en_US

 

Admittedly, there is no easy way to enable/disable S/MIME on a per-message basis on an iDevice.

post #13 of 21
Quote:
Originally Posted by bubffm View Post

>>>Edward Snowden needs to be thanked for risking everything to bring about positive change.

Yes he deserves a Nobel Price for it and not this other jerk. What was he called again? ah - Obama...

 

Anybody who invokes any politician's name in their first five posts should probably just have their account closed.

post #14 of 21
Quote:
Originally Posted by mpantone View Post
 

One can already send S/MIME encrypted e-mail from iDevices. S/MIME support was introduced with iOS 5, so it's been around for a while.

[...]  

 

Admittedly, there is no easy way to enable/disable S/MIME on a per-message basis on an iDevice.

Less per message. More per user.   User sends me email... there is a 'magic 'detection they have an AppleID... (their public encryption key is downloaded to my contacts)...   Next time I send them a message, it's encrypted. period.  (yes there are still edge cases, and the old exchange mail webmail.bin file issue will pop its head , but it can work).

 

around, and insanely great, and implicit in all communications to iUsers is the key.

 

iMessage to iMessage users... encrypted.  just works.

 

if that were a feature of iMail (mac, icloud[and the repository for some not on an iDevice to read the message in a webbrowser with a one time key], idevice), Apple could make hay...

post #15 of 21
Quote:
Originally Posted by Arlor View Post
 

 

Anybody who invokes any politician's name in their first five posts should probably just have their account closed.

 

How about in their first 350 posts?

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #16 of 21
Quote:
Originally Posted by Arlor View Post
 

 

Anybody who invokes any politician's name in their first five posts should probably just have their account closed.

 

Sure, censorship is always a great solution

post #17 of 21
Originally Posted by bubffm View Post
Sure, censorship is always a great solution

 

No, but focus is a great solution, as the success of Steve Jobs and Apple will testify.

It's as much about what you leave out as what you include.

 

Edward Snowden is relevant to this thread as his actions revealed how the government agencies compromised the security of email services.

Obama isn't relevant as it's likely the government agency activity would have persisted (continues to persist?) whoever was incumbent in government or indeed, governments.

 

Another reason why Obama's name isn't relevant is the fact, as I've alluded to above, that email snooping is not unique to just government agencies of the USA, but to other government agencies around the world.


Edited by ChiA - 7/16/14 at 2:50pm
post #18 of 21

Per-message S/MIME is coming with iOS 8.

post #19 of 21
Quote:
Originally Posted by Arlor View Post

Quote:
Originally Posted by bubffm View Post

>>>Edward Snowden needs to be thanked for risking everything to bring about positive change.


Yes he deserves a Nobel Price for it and not this other jerk. What was he called again? ah - Obama...

Anybody who invokes any politician's name in their first five posts should probably just have their account closed.

Anybody who criticizes political commentary on any forum anywhere should, oh, never mind...

Someday someone will figure out a way to harness all the energy consumed by blog / forum posts for something useful, like mining bitcoins...

(clickbait advertising does not count as "useful"...)
post #20 of 21
Quote:
Originally Posted by impaler View Post

Per-message S/MIME is coming with iOS 8.

That's what I read as well. But why would I want to do that? What is 'wrong' with an all or nothing setting? Would you happen to know and explain me the benefits? TIA
I’d rather have a better product than a better price.
Reply
I’d rather have a better product than a better price.
Reply
post #21 of 21

Lack of an all or nothing setting really hurts some in the enterprise.  Those in federal government, for instance, don't need to encrypt every email.  Employees here should be signing most/all of them though.  The choice to do so would greatly cut down on people not even signing emails because that would require encryption.  Every business and industry has different requirements; giving the ability to do so will fix the problem that some have.  It's coming, and many are happy.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iCloud
  • Apple implements transit encryption for iCloud email to prevent snooping
AppleInsider › Forums › Mobile › iCloud › Apple implements transit encryption for iCloud email to prevent snooping