Apple will soon encrypt iCloud emails in transit between service providers

2»

Comments

  • Reply 21 of 32
    chipsychipsy Posts: 287member
    solipsismx wrote: »
    You're weakening your argument. You first stated that NOTHING on Google's servers are encrypted which means that anyone with access to the server could access your data, usernames, passwords and CC info. So why would the NSA be involved, especially if previously between mail servers it was already sent unencrypted. It sounds like they already were getting what they want.
    You are right Google's servers are heavily encrypted (it's even encrypted during transit between servers why wouldn't it be on the server itself). The data between web browser and web server on Google websites is encrypted with an 2048 bit key. And Gmail has a good encryption record both between Gmail accounts and in-transit. BTW Google also launched an interesting Chrome extension earlier this month (in alpha at this moment in time) to allow for local end-to-end encryption for emails.
    https://code.google.com/p/end-to-end/
  • Reply 22 of 32
    plovellplovell Posts: 797member
    Quote:

    Originally Posted by SpamSandwich View Post

     

    This will also have the effect of undermining Google's ability to scan e-mails and integrate targeted ads. Go Apple!


    No it won't. The encryption in question is between servers. Google has access to the unencrypted copy of gmail, obviously. On its own gmail servers it can scan and insert ads all it wants to.

  • Reply 23 of 32
    solipsismxsolipsismx Posts: 19,566member
    darklite wrote: »
    You realise that almost every email provider scans your emails "to provide better service" in the form of a spam filter, right?

    As of 2013, Apple was filtering emails based on potentially spammy phrases and silently deleting them, rather than moving them to a spam folder a la Gmail:
    http://www.imore.com/apple-filtering-emails-contain-certain-objectionable-phrases

    Unfortunately they still have a long ways to go to catch up with Gmail.
  • Reply 24 of 32

    There's a difference between end to end encryption and point to point encryption.

    You and your recipient(list) need to work to get end to end encryption.

    No provider can do that, unless you're on the same platform.

     

    point to point encryption... just makes it harder to read in transit... therefore the attack must occur on/in/behind one or both of the 'points.'

     

    There is no reason to believe that encryption at rest means google can't read data.

     

    It may make it hard[er] for the standard admin to access your  mail, but google is able to decrypt and read all your mail whenever they want through the keys their servers have - unless _you_ encrypted it before it's stored on their machines (which is about every 3 seconds in gmail draft mode). 

     

    If Google can respond to a subpoena providing them your email, you're email is not encrypted so Google can't read it.

    Same for them doing postini spam/anti-malware checks on your email

    Or scanning for adwords.

  • Reply 25 of 32
    macxpressmacxpress Posts: 4,839member
    Quote:
    Originally Posted by SolipsismX View Post





    Unfortunately they still have a long ways to go to catch up with Gmail.

     

    Gmail sucks...end of story! I switched away from them a couple years ago.  I wouldn't trust Google any further than I can throw them. 

  • Reply 26 of 32
    Quote:

    Originally Posted by Chipsy View Post





    (it's even encrypted during transit between servers why wouldn't it be on the server itself).


    Google also launched an interesting Chrome extension earlier this month (in alpha at this moment in time) to allow for local end-to-end encryption for emails.

    https://code.google.com/p/end-to-end/

    because on the server it has to do what servers do: provide services.   Even between MTAs, it decrypts the message from the sender, and 'routes' it.  It knows sender and reciever, it sees all the headers. It has to know if it has to put it in your mail store.  If it does, and you're using default settings, it will 'scan' your message for it's postini rules for spam, malware, etc.   It can't do that unless it decrypts.

     

    Open PGP takes work by the end users to implement. the 1% of the internet that cares about this, already does this, without the Chrome Extension.  The 99% who can't or don't, won't.   At best, it makes google's internal mail harder to intercept, and better, harder to respond to in Subpoena [Emails between Eric and Sergey and Larry are encrypted and we don't have the keys... sorry - Google Legal].

  • Reply 27 of 32
    philboogiephilboogie Posts: 7,438member
    ...posting...

    Wiki
    Postini is an e-mail, Web security, and archiving service owned by Google since 2007. It provides cloud computing services for filtering e-mail spam and malware (before it is delivered to a client's mail server), offers optional e-mail archiving, and protects client networks from web-borne malware.

    Learn something everyday; thanks.
  • Reply 28 of 32
    _rick_v__rick_v_ Posts: 141member
    Quote:

    Originally Posted by bighype View Post

     

    Google encrypts traffic between your browser and their servers. They also encrypt traffic between their servers. But Google DOES NOT encrypt anything they store on their servers! NOTHING!


     

     

     

    Fun fact #1–

    Email is typically only encrypted in transit, where it is considered "more vulnerable" to 3rd party eavesdropping.

     

    Fun fact #2–

    Typically, mail on the server is not encrypted by ANY service.  Or by companies, schools, or otherwise.  That is the norm.  It is generally too computationally expensive to encrypt the entire mail server database, and expect performance from said mail server.  (Witness, for example, reports of even security firms getting hacked, and all their internal emails are leaked to the Internet).  The fact Google is offering encryption for business subscribers is actually impressive.  *If* a company or organization IS encrypting the entire mail database (which can often be measured in terabytes), they probably have a very good reason to do so.

     

    Fun fact #3–

    Even if the database was encrypted, it may not matter depending on how the hacker managed to hack into the server.  i.e. if they hack the process that has access to the DB, they can still read its mail, regardless of if it was encrypted or not.

     

    Fun fact #4–

    Mail on you own personal computer (Mac or Windows, Mac Mail or Outlook or what have you), is ALSO not encrypted. (Unless you enabled FileVault on your Mac, or BitLocker on Windows).  Even if you did enable full-drive encryption in your operating system– depending on how the hacker hacked into your system (say, for example, he implanted a Remote Access Tool), he might have access to all your files anyway (including mail).

     

     

    Fact is, there's plenty of ways for your mail to be intercepted.  And as others have pointed out– if it's truly sensitive data, you don't want to send it via email. For example, our corporate policy is that you cannot send credit card information over email, when purchasing something.

     

    -Rick

  • Reply 29 of 32
    gatorguygatorguy Posts: 20,453member

    Open PGP takes work by the end users to implement. the 1% of the internet that cares about this, already does this, without the Chrome Extension.  The 99% who can't or don't, won't.   At best, it makes google's internal mail harder to intercept, and better, harder to respond to in Subpoena [Emails between Eric and Sergey and Larry are encrypted and we don't have the keys... sorry - Google Legal].
    Google is going to make OpenPGP a whole lot easier and more widely available.
    http://googleonlinesecurity.blogspot.com/2014/06/making-end-to-end-encryption-easier-to.html
    "Today, we’re adding to that list the alpha version of a new tool. It’s called End-to-End and it’s a Chrome extension intended for users who need additional security beyond what we already provide.

    “End-to-end” encryption means data leaving your browser will be encrypted until the message’s intended recipient decrypts it, and that similarly encrypted messages sent to you will remain that way until you decrypt them in your browser.

    While end-to-end encryption tools like PGP and GnuPG have been around for a long time, they require a great deal of technical know-how and manual effort to use. To help make this kind of encryption a bit easier, we’re releasing code for a new Chrome extension that uses OpenPGP, an open standard supported by many existing encryption tools."
  • Reply 30 of 32
    philboogiephilboogie Posts: 7,438member
    I presume a Chrome Extension is designed for the Chrome Browser. If so, I don't think many people here use that.
  • Reply 31 of 32
    gatorguygatorguy Posts: 20,453member
    philboogie wrote: »
    I presume a Chrome Extension is designed for the Chrome Browser. If so, I don't think many people here use that.

    AI members may not, but they wouldn't be representative of the average user. :) In fact in the overall market Chrome may be the leading browser.

    http://www.sitepoint.com/browser-trends-may-2014-chrome-exceeds-expectations/
    What about iOS users? "...but Chrome looks set to overtake Safari on iOS shortly."
  • Reply 32 of 32
    philboogiephilboogie Posts: 7,438member
    gatorguy wrote: »
    philboogie wrote: »
    I presume a Chrome Extension is designed for the Chrome Browser. If so, I don't think many people here use that.

    AI members may not, but they wouldn't be representative of the average user. :) In fact in the overall market Chrome may be the leading browser.

    In spite of IE most likely being the default on corporate PC's, I'm not surprised to see such a high percentage from Chrome. Especially how crappy FF has become.
    http://www.sitepoint.com/browser-trends-may-2014-chrome-exceeds-expectations/
    What about iOS users? "...but Chrome looks set to overtake Safari on iOS shortly."

    1) strange that Safari on iPad has an even bigger share than Safari on the desktop

    2) strange that they don't have any number on Safari for the iPhone nor for the iPod touch

    3) funny that there are still people on IE6
Sign In or Register to comment.