Mikey Campbell
Apple on Friday said it is working to implement an in-transit encryption solution for its email domains, offering additional protection for iCloud customers sending and receiving messages from people using other providers like Gmail.
Word of Apple's initiative came in a statement provided to NPR after the broadcaster ran a report on its blog looking into the steps big tech firms take to protect users' data privacy.
The story was based on an Electronic Frontier Foundation survey that asked companies like Apple, AT&T, Facebook, Google, Twitter and more about the encryption policies implemented in their products. Specifically, the EFF asked if the firms follow a recommended five-step plan the organization believes keeps consumer data safe.
Specifically, the group looks wants companies to use HTTPS, HSTS , forward secrecy, STARTTLS, and encryption of email while in transit.
While Apple's iMessage inherently supports end-to-end encryption, the company's other text-based communication methods are less secure. Users of Apple's iCloud email service enjoy protections similar to iMessage as long as the conversation is with another iCloud address, but there is currently no encryption method being used for emails in transit between other providers like Google.
As the publication noted in its follow-up, however, Apple is working on the issue and will soon have a solution ready to go.
After we published, the company told us this would soon change. This affects users of me.com and mac.com email addresses.
At issue is the STARTTLS extension, which allows for the encryption of text connections between providers. The caveat in using STARTTLS is that both sending and receiving email services must be using it in order to work.
Apple did not offer a timeline on when it plans to roll out end-to-end email encryption outside of iCloud, though Google has started offering specifics on who does and does not support in-transit encryption. As seen above, Google's Safer Email transparency report shows iCloud accounts are also unencrypted, though Apple has not commented on plans to upgrade emails coming and going from those domains as well.
Andrew O'Hara
Malcolm Owen
Wesley Hilliard
William Gallagher
Christine McKee
32 Comments
Wow, recently Apple has been jumping on the security bandwagon big time, and I couldn't be happier about this! The more security systems and encryption they pack into their devices and services, the better off everyone will be! Side note, screw you Google!
Apple knows that privacy and security are two of the Google's biggest weaknesses. Google tracks everything you do online and it stores everything you type or visit or upload and they encrypt nothing on their servers (because then they couldn't serve you ads and make their billions) so Apple is quickly becoming anti-Google.
Google Nest and their watch will display ads to you and will track you while Apple's products and services will be quite the opposite. That's Apple's biggest advantage and they're finally fully capitalizing on it.
This will also have the effect of undermining Google's ability to scan e-mails and integrate targeted ads. Go Apple!
[quote name="bighype" url="/t/180645/apple-will-soon-encrypt-icloud-emails-in-transit-between-service-providers#post_2550327"]Apple knows that [B]privacy[/B] and [B]security[/B] are two of the Google's biggest weaknesses. Google tracks everything you do online and it stores everything you type or visit or upload and they encrypt nothing on their servers (because then they couldn't serve you ads and make their billions) so Apple is quickly becoming anti-Google. Google Nest and their watch will display ads to you and will track you while Apple's products and services will be quite the opposite. That's Apple's biggest advantage and they're finally fully capitalizing on it. [/quote] That's BS. Google uses advanced security and encryption techniques. What you're talking about, targeted ads on Gmail.com have nothing to do with a lack of encryption.
This will also have the effect of undermining Google's ability to scan e-mails and integrate targeted ads. Go Apple!
Not if you send the email to a gmail account. It looks like apple will encrypt it if some how they know the recipient is using a Apple mail client. Once the email ends up in a gmail account google is free to read it. I am just curious if you use a apple mail client to retrieve your mail if the actual mail file on google servers will stay encrypted until you retrieve it.
This will just keep it from the prying eyes of your ISP, meaning that when the government ask your ISP to forward all your email to them, it will be encrypted and they will have to use more computing resources to see what you are up to.