I already blocked Google years ago from my life, just a shady company, not much better or even worse than Facebook.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Some Third-Party Email Apps Let Employees Read User Emails
- Thread starter MacRumors
- Start date
- Sort by reaction score
I see. So server-to-server (not just client to server) uses SMTP that can use SSL, and SMTP will call back to the relevant server to verify the sender address, so that's safe. I think that wasn't the default for a while because I used to be able to send spoofed emails to myself, but I forget which provider I was using. Oh yeah, and my private email had that issue, lol.
Hmm, then I don't understand all the complaints in this thread saying the protocol is insecure. It's sometimes insecure by default / silently insecure in cases of misconfiguration, is all. But in theory it's the same security as anything else if you do everything right.
[doublepost=1530601480][/doublepost]
You can't use S/MIME with the Gmail client*, but you can with your own client and Gmail servers, right?
* except enterprise customers
Last edited:
I’ve taken a similar stance - but not actively blocked them, more like uninstalled most of their apps and try to use Apple versions where possible.
The problem with facebook and Google seems to be that even if you avoid being a user, they have insidious methods to obtain your data and sift through it…
Examples: offline credit card transactions with Google / non-user ‘shadow’ profiles with facebook.
I guess you don't understand words the article uses like:
"Google no longer scans the inboxes of Gmail users itself as of last year for privacy reasons"
You'll get there.
You're right. So I decided to delete the account from the phone and do it again.
It is doable.
Heck, you could probably use an Android phone without using ANY Google services if you really wanted.
I use gasmask (App) and Little snitch and a VPN, the block list in Gasmask contains 1000's if not 10.000's of shady links.
He should have left the "s" out after read.
Using iOS Mail app with gmail doesn’t help. The problem is google. If you don’t want to sell your data to get the service you have to pay it for yourself. Get FastMail, it has native push service with iOS and they don’t want your data. If you don’t care about push service then you have many other options. The key word is “paying with money”. If the service is free then you are paying with your data.
Apple (just like every other company that offers "services" through the Internet) has access to your files (if you store them in iCloud), your photos, the GPS data of all places you visit, your heart and health values (if you have the watchie thing), the music you listened to and the location where you listened to it (through Shazham), and an endless collection of data that is stored in your iOS devices (as well as in the Mac if you don't cut the iCloud door). In the future, if you drive an Apple car, they'll have access to all your trips/driving data.
Of course, you can believe that Apple (or any other services company, put the name here:______) won't make any use of the huge amount of data you're sharing with them for free. That's the first stage: believing they won't make use of it. Later, they convince you they're making your life better and safer, and that's the second stage: believing that they are using the data for saving your life and for running your life better than you'd ever do, and that they should choose what's important in your life and what isn't. Finally, it comes the third stage: realizing they used your data in a way you really didn't like (like in this Edison case, or like in the Facebook case) and that you want to decide on your life rather than Apple/Google/Facebook/Whatever deciding for you.
Unfortunately, when you arrive to the third stage, it's too late: you shared all your private data, and they used it in a way you didn't like. My advice: Don't even enter the first stage (yes, not easy to achieve, because all the society is blindingly sharing all their private data with companies in an irresponsible way, and it's very hard to find devices and systems that let you not to share any data).
Not unexptected. That's precisely why I a) run my own mail server and b) check the logs when I setup a new mail client.
If (b) comes up with connections from an IP other than my own:
Since mail is basically the key to all other accounts, having an insecure (untrusted) server or mail client is not an option.
And even with my own server I archive my emails locally, i.e. in a PST.
B2T: Afaik they could be sued for violation of the telecommunications act in almost any country. At least in Europe hiding such significant permissions in the EULA or T&C renders them null and void in front of court.
[doublepost=1530605544][/doublepost]
That is, if Apple is telling the truth. Frankly, I think they do. Apple has no benefit in looking into peoples pictures, however they would take a huge hit in reputation and likely sales (as Apple is considered a secure plattform) if they had a decent leak of data.
Although, yes, at the end of the day the only really secure storage is on your local encrypted device or local encrypted external hard drive, that you hopefully backup frequently.
If (b) comes up with connections from an IP other than my own:
Since mail is basically the key to all other accounts, having an insecure (untrusted) server or mail client is not an option.
And even with my own server I archive my emails locally, i.e. in a PST.
B2T: Afaik they could be sued for violation of the telecommunications act in almost any country. At least in Europe hiding such significant permissions in the EULA or T&C renders them null and void in front of court.
[doublepost=1530605544][/doublepost]
Generally, I'd fully agree with you, but especially Apple is using client based asymmetric encryption to store your files in the cloud. Without the users password or recovery key the files can't be decrypted.
That is, if Apple is telling the truth. Frankly, I think they do. Apple has no benefit in looking into peoples pictures, however they would take a huge hit in reputation and likely sales (as Apple is considered a secure plattform) if they had a decent leak of data.
Although, yes, at the end of the day the only really secure storage is on your local encrypted device or local encrypted external hard drive, that you hopefully backup frequently.
Not anymore. (It doesn't excuse the fact they did), but they don't anymore....
Why are you blaming Apple for your own negligence of not reading the Terms & Conditions? Apple help you by protecting you from dodgy apps in the App Store and there is nothing wrong with these apps. Apple are not responsible to protect you form bad third party company ethics, which is whats happening here, thats your job. I also don't read all the T's & C's of every app I download so if I get burnt, thats my fault, nobody else's
Ok and you read the terms and conditions of every single product that you buy, as well?
If so, congratulations, you are in the minority.
My point is, is that with a curated App Store there’s a reasonable expectation that one of the reasons for doing this is to prevent you from bad actors - including allowing apps to rip away your personal data.
And it’s precisely this reason that we have the EU GDPR, as legal teams have got so clever at hiding what’s really going on in the t&cs and it had become normalised for apps and services simply not to make you fully aware of what was happening.
In the specific case of email services giving email apps access to your data...
Yes the mainstream ones make it clear what the (broad) implications are but it’s never made clear that app makers are then using your data.
And of course, if you want to use a 3rd party client you HAVE to allow full access.
We’ve had 3rd party email clients for decades and we were all fine using these because email apps never did what Edison did, until a few years ago.
So I guess you can call me naive, it’s jist that I’m not used to applications doing what they’re now doing, with our data.
Btw, I’ve never used Edison.
READ IT. I said "I also don't read all the T's & C's of every app I download so if I get burnt, thats my fault, nobody else's"
Btw, I’ve also never used Edison. And in Edison's case, it's not the app sharing your emails, it's the Company
Last edited:
Sure. My point is that as consumers, you’ve got a reasonable expectation that nothing nefarious is going on. At least I hope so.
No one would expect to buy a oven say, and buried in the terms and conditions, a clause saying that it’s going to stop working after 24 months with no reference to it in the marketing or product description.
I’m not a lawyer, but this is something to do with a product’s description being a fair and accurate description of what it does.
That’s besides the point.
With the gmail app, only google has access to your emails.
With a third party app, both google and said company get access.
It’s about limiting your exposure.
Ok, I just read the privacy policy on Edison’s site.
The email app is a front isn’t it?
Really what they’re doing is making a ‘cool’ and useful app - and marketing it as such - and using access to your account to then scrape loads of data from your email receipts about what you’re buying, what marketing emails that you’re getting and reading etc. and selling that data onto their partners.
There’s no mention in the App Store that that is what they’re doing.
And why is Apple letting them into the app store when the primary functionality - an email client - is basically a front to hide their true intentions?
The email app is a front isn’t it?
Really what they’re doing is making a ‘cool’ and useful app - and marketing it as such - and using access to your account to then scrape loads of data from your email receipts about what you’re buying, what marketing emails that you’re getting and reading etc. and selling that data onto their partners.
There’s no mention in the App Store that that is what they’re doing.
And why is Apple letting them into the app store when the primary functionality - an email client - is basically a front to hide their true intentions?
The headline implies that you know of others that do this. Can you share the others please?
Yes, I totally agree with that, but in this case the product itself does nothing wrong. It don't stop working, it works exactly as described. To quote your analogy, say you buy a Hotpoint smart oven from Curry's/PC World and Hotpoint abuse your personal data, It's not Curry's/PC worlds fault. It's the manufacturer fault, not the retailer. Do you expect Curry's/PC World to stop selling all Hotpoint products? Do you expect Curry's/PC World to investigate all their individual suppliers company ethics before selling their products? As long as the products themselves are safe and work as expected, then there ok to sell. Your blaming Apple for Edison's poor ethics and Apple are just the retailer.
thats one stupid thing to say. if you use apple mail with edison they can read your apple mail too.
I take your point.
What I’m getting at, is that Apple should require anyone in the App Store to be truthful and transparent about what they’re doing ie:
We provide this product for free to you and in exchange we’re going to data mine your email. You’re welcome.
(I joke, obviously it would be worded differently to this)
The thing that’s puzzling me, is that with the GDPR legislation, surely they should not be allowed to do this to users in the EU (as I am & you are I suspect).
Yep, Agree 100%, Full transparency with clear and precise intentions would be ideal, but probably almost impossible to enforce. GDRP legislation is designed to stop this kind of thing, maybe in time it will.
Yes i'm in the EU too, well for the next few months anyway, then who knows... I'm in the UK