Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple's Craig Federighi Discusses Expanded iCloud End-to-End Encryption
- Thread starter MacRumors
- Start date
- Sort by reaction score
The fact that it can decrypt the stored email and present it you via their web-apps. Defeats the purpose of E2EE entirely. If you consider the website secure, then you should also consider iCloud Photos secure too?
Apple’s Mail can be configured to use secure channel when sending and receiving emails from servers that supports it. So that is a secure channel but insecure payload, and that only from your end to the server end. in any case, this is not as straight forward as I think you may think.
How you do come to that conclusion? Trust me. I know how it works. I write Linux kernel drivers that uses crypto engines for my Internet routers. You may want to hop on to the OpenWrt forum and find out.
What have I written that made you conclude that I have no clue how crypto works? Pls educate me.
And how does that give you any authority to talk about any of this?
It doesn’t. How are you an authority then? How is this relevant to the discussion at hand? Is this maybe a diversion from yourself on the topic at hand?
Last I checked, forum rules does not require anyone to have any authority for a friendly discussion. It seem to have rules saying not personal attack or some sort if I understand correctly.
Maybe answer my question please. How do you conclude what you did? It sure stings when I’m accused of a novice or idiot at crypto when I’ve spent considerable time and effort understanding (crypto, PKI, etc) it so that I can improve my router’s crypto performance. And I can quite confidently say that I understand crypto better than most.
All Apple mail clients support S/Mime, there are a few bugs, but in general it works. The problem is how to obtain S/Mime certificates. Would be nice if Letsencrypt would support that to.
I do not think, that Apple will ever support PGP encrypted mails, as the key handling is why to complicated for the average user.
I wish people would research / use a product before commenting on how it works or how "insecure" it is. Proton specifically asks you for a "mailbox password" when you log into your protonmail account. This mailbox password is what allows them to use your key to decrypt your mailbox for the web app. If you forgot this password, you lose all access to your mailbox.
Source: https://proton.me/support/what-is-the-mailbox-password
Once the key leaves your domain of control and gets set to a server, do you not think this is a weak link? Maybe think about that for a moment. The fact that a server can decrypt your data is already a big red flag there.
No system is full proof, even if you really use E2EE. Security and by extension the security of data is always about reducing the surface of attack.
I'll leave it up to your expertise to have a think about this if you still think it is as secure as you think it is.
With HTTPS, MITM is minimized. With proton not having access to my key and only me having access via "Mailbox Password", I think its totally secure.
I've done a lot of security related work both personally and professionally and I truly dont see a problem with this. We trust our "secure data" with a lot of companies that barely support 2FA let alone strong passwords (32+ characters, mixed, etc) and no one complains. From a security perspective, Proton is doing it right, especially more now since they added hardware key support recently for all devices, not just computers/web.
So how can you say Proton isnt secure when they do EXACTLY the above versus most email providers? I know your answer is going to be "nothing is truly secure unless you host it yourself" but thats not an answer, especially for email which is NOT easy to maintain because of email reputation and self hosted emails are always lower on the reputation list than established email providers like google, microsoft, etc.
At one point you have to trust the provider/vendor you are using and the technology available. My Network + VPN (optional, use when not on my network) + HTTPS + Vendor security / infrastructure is fine with me. I havent see any problems yet or have been hacked.
Curious to know who you use as an Email provider?
I did not say Proton is not secure, nor did I ever claim that they are secure. I just do not have enough information to claim one way or another. I'm not a security auditor with security policy to determine whether any system is secure.
The discussion is centering around claims that says Apple should do what Proton did so that Apple can advance the security of email. I'm saying that what Proton did is not equivalent to E2EE, as the server is able to decrypt emails stored centrally. The fact that a server program is able to obtain a user's key to decypt server side data will open up a vector of attack, and that's all I'm saying. I also pointed out that there are secure channels and secure payloads implementation. HTTPS/TLS are channel security. PGP is payload security. Two different approaches to secure different channels. I still stand by my thoughts that email security cannot be improved by any one party. Case in point, Proton did not change email much in way of worldwide email security. It takes the industry to move in lockstep to effect this kind of change.
If you read back my comments, they are just pointing out the issues at hand so that we can have a technical discussion.
I'm not concerned with email privacy with existing infrstructure, because I do not send sensitive details over email much. Those that I deem sesitive enough to be sent, I encrypt before I send, and there's not much of those. Decryption keys are sent over a separate communication channels. I will continue to do that even if there's E2EE encryption, maybe due to habit. Data at rest should be secured, if that data is important enough.