Google released a report a few weeks ago detailing which companies encrypt their outgoing communication. It reveals that many email providers don’t follow encryption procedures, making secure communication open to snoopers. Making your emails as open as a postcard in mail.
When you send an email to your friend, you’re hoping that she is the only person who can read it. But like any distance communication, the message has to transmitted before it can reach your recipient. And a lot can happen over the transit. Snoopers and hackers can easily intercept and delve into what you think, is a secure communication channel.
But thankfully, a growing number of email providers are working on changing that. They do this by adopting the Transport Layer Security (TLS) protocol. This procedure encrypts your emails during transit and makes it harder for others to read what you are sending.
Unfortunately, communication has two end points, the transmitter and receiver. So for a single email to be completely encrypted, both the sides must use TLS. So even if you are using a safe email provider, if you’re recipient is not, then your email will be compromised.
The report given by Google shows that Apple is not encrypting many of the iCloud communication. This stands in stark difference as Apple services are known to be secure and safe. In face all communication with iMessage and FaceTime are completely encrypted. It leaves us to wonder how this company with a knack for detail left this particular detail out.
Following Google’s report, NPR also published a report of it’s own yesterday. And this exhaustive list pulled in email providers, social media connections and even instant messaging applications. Unfortunately for Apple, it didn’t score well here either.
But in true Apple spirit, the company immediately responded to NPR, stating that the fix will be arriving soon. Thought they did not disclose a date, email encryption is on the way to iCloud emails.
Apple encrypts iMessage from end to end. It recently announced it is taking steps to make it more difficult to track its users’ identity on Wi-Fi networks. Apple encrypts e-mail from its customers to iCloud. However, Apple is one of the few global email providers based in the U.S. that is not encrypting any of its customers’ email in transit between providers. After we published, the company told us this would soon change. This affects users of me.com and mac.com email addresses. We found that many app installations and iOS updates are sent unencrypted to iPhones. The configuration files that let your telecom company control aspects of how your iPhone works is also unencrypted. Apple says these updates are authenticated and can’t be changed. All pre-login browsing/shopping traffic from the Apple Store is unencrypted, including all HTML content, images, etc. So if you are a huge Abba fan the NSA could find out.
However Facebook and WhatsApp scored high on the security board. Almost all communication on Facebook is encrypted if you access their website. However on Android phones running 4.1.1, content and images are left unencrypted since the phones themselves do not support encryption. Interestingly, WhatsApp messages are also encrypted, but unfortunately they store users phone numbers in plain text.
Twitter stood out as the best company in providing secure communication. However cookies and session parameters were stored in plain text. Twitter responds saying,
“never-ending journey … where [we] continually try to keep moving the bar up”
Google recently upped it’s security game too. They continue to increase site-wide encryption for Gmail. In fact 75% of outgoing emails are now encrypted.