Search the Community
Showing results for tags 'encrypted email'.
Found 3 results
Edward Raja posted a topic in Security & Privacy NewsApple may have known for months Apple stakes a lot of its reputation on how it protects the privacy of its users, as it wants to be the only tech company you trust. But if you send encrypted emails from Apple Mail, there’s currently a way to read some of the text of those emails as if they were unencrypted — and allegedly, Apple’s known about this vulnerability for months without offering a fix. Before we go any further, you should know this likely only affects a small number of people. You need to be using macOS, Apple Mail, be sending encrypted emails from Apple Mail, not be using FileVault to encrypt your entire system already, and know exactly where in Apple’s system files to be looking for this information. If you were a hacker, you’d need access to those system files, too. Apple tells The Verge it’s aware of the issue and says it will address it in a future software update. The company also says that only portions of emails are stored. But the fact that Apple is still somehow leaving parts of encrypted emails out in the open, when they’re explicitly supposed to be encrypted, obviously isn’t good. The vulnerability was shared by Bob Gendler, an Apple-focused IT specialist, in a Medium blog published on Wednesday. Gendler says that while trying to figure out how macOS and Siri suggest information to users, he found macOS database files that store information from Mail and other apps which are then used by Siri to better suggest information to users. That isn’t too shocking in and of itself — it makes sense that Apple needs to reference and learn from some of your information to provide you better Siri suggestions. But Gendler discovered that one of those files, snippets.db, was storing the unencrypted text of emails that were supposed to be encrypted. Here’s an image he shared that’s helpful to explain what’s going on: The circle on the left is around an encrypted email, which Gendler’s computer is not able to read, because Gendler says he removed the private key which would typically allow him to do so. But in the circle on the right, you can make out the text of that encrypted email in snippets.db. Gendler says he tested the four most recent macOS releases — Catalina, Mojave, High Sierra, and Sierra — and could read encrypted email text from snippets.db on all of them. I was able to confirm the existence of snippets.db, and found that it stored portions of some of my emails from Apple Mail. I couldn’t find a way to get snippets.db to store encrypted emails I sent to myself, though. Gendler first reported the issue to Apple on July 29th, and he says the company didn’t even offer him a temporary solve until November 5th — 99 days later — despite repeated conversations with Apple about the issue. Even though Apple has updated each of the four versions of macOS where Gendler spotted the vulnerability in the months since he reported it, none of those updates contained a true fix. If you want to stop emails from being collected in snippets.db right now, Apple tells us you can do so by going to System Preferences > Siri > Siri Suggestions & Privacy > Mail and toggling off “Learn from this App.” Apple also provided this solution to Gendler — but he says this temporary solution will only stop new emails from being added to snippets.db. If you want to make sure older emails that may be stored in snippets.db can no longer be scanned, you may need to delete that file, too. If you want to avoid these unencrypted snippets potentially being read by other apps, you can avoid giving apps full disk access in macOS Catalina, according to Apple — and you probably have very few apps with full disk access. Apple also says that turning on FileVault will encrypt everything on your Mac, if you want to be extra safe. Again, this vulnerability probably won’t affect that many people. But if you do rely on Apple Mail and believed your Apple Mail emails were 100 percent encrypted, it seems that they’re not. As Gendler says, “It brings up the question of what else is tracked and potentially improperly stored without you realizing it.” Source: Apple is fixing encrypted email on macOS because it’s not quite as encrypted as we thought (via The Verge)
CrAKeN posted a topic in Security & Privacy NewsTutanota celebrates privacy era Encrypted email service Tutanota says the privacy era has finally started, more than three years after the Snowden leaks, after the company gains half a million users in three months. In recent months, as the world has taken a turn towards more extremist political views, secure mail service Tutanota has seen an exponential growth in users and popularity. The trend, the company said, started back in mid-2016, but has taken off since the beginning of the year. According to Matthias Pfau, Tutanota co-founder, a year ago the service had 1 million users. At the end of 2016, the number had grown to 1.5 million, only to surpass 2 million already. "We are confident that this is only the start of a new trend; a new trend where people finally understand that privacy matters and look for secure alternatives for their online communications. This is very important because, with steadily growing mass surveillance, we need to encrypt our data so that no-one can spy on it. Tutanota encrypts the entire mailbox automatically so that everybody can use encryption without even thinking about it. That's why we, as well as other privacy-focused services, enable this trend. We hope that one day everybody will use an encrypted mailbox, simply because it is easily available!" Pfau told Softpedia over email. Privacy is key Not only is Tutanota becoming more popular, but so are privacy-focused search engines like Duckduckgo or Qwant. "Our users say they are sick of all this online spying that is going on. They are also sick of being constantly exposed to targeted advertisements. That's why they appreciate a secure mail service such as Tutanota so much. That's also why they use privacy-focused search engines like Duckduckgo and Qwant," said Matthias Pfau, Tutanota co-founder. What's driving the masses? Well, it seems that political extremism. The trend in politics we've seen over the past few months and years, in Russia, Hungary, Turkey and even the United States with some statements given by Trump thus far, people are more and more concerned about their privacy. Other worrisome actions have been taken in France, Austria and even Germany. Nowadays, Tutanota ranks higher than it ever has. Alexa places it in the 35,000s globally and 18,000s in the United States. Privacy-oriented search engines are also growing steadily, with DuckDuckGo ranking 506th at a global level (and 330th in the US) and Qwant ranking 4,020 globally (and 139th in the US). "Our emails contain a lot of sensitive personal data: Communication with banks and state agencies, appointments, services we subscribe to, private communications with friends and family. It is essential that this information cannot be abused - neither by attackers, nor by the authorities, nor by the mail service (i.e., Gmail, Yahoo) that hosts our mails. That's why we need end-to-end encryption. This way no-one can spy on our emails, and people are increasingly understanding this," Pfau told us. Source
Check it out ProtonMail :)