Apple's latest MobileMe announcement has me elated. In fact, I feel just as I felt when .Mac was first introduced: hopeful, excited and happy at the prospect of being able to rely on Apple for one more thing instead of shopping for vendors all around the Internet.
Of course, this supposes that MobileMe does not follow .Mac's and iTools' infamous path: six months to a year of activity, followed by a long slump, promises to be better, a faux effort to do something about it and, finally, abandon.
This time, however, given the tight integration between MobileMe and the iPhone, Apple's most promising platform from a business standpoint, I am ready to believe things will be different.
The big question, however, remains security. .Mac's security has always been lacking in many atrocious ways. While I am not aware of any instances of .Mac email being hacked or Homepage sites being defaced, iDisk and sync services have long lacked any form of encryption. Anti-virus updates, in the golden age of Virex efficiency, were carried out over a plain HTTP link, leaving Mac OS X users open to a potential plethora of nifty injection attacks. Apple knows all this and seems to consider it normal for user-oriented services.
Now that MobileMe promises to push me contacts and calendars, in addition to syncing my data, will Apple grant us a bit more privacy over the Internet? Without going into the possibilities of wiretapping on physical networks — and we all know how easy that is —, a typical MacBook Air, iPhone or iPod touch user, who is on WiFi or cell networks the very vast majority of the time, would end up spraying around personal information all day long if SSL is not implemented across the board.
Certainly, one is "better off" not putting any confidential data on the Internet. But what about that personal, non-classified kind of data individual users handle every day? Don't we all have doctor appointments, secret rendez-vous and the contact information of a few people the privacy of which we care about in our Address Books?
I've read the MobileMe teaser site and all I could find was a meager mention of the syncing server being "secure." This, however, remains suspiciously vague: we all know the server is secure, since it stands in an Apple-operated data center, behind an Apple-configured router. What, however, about the connections to and from this server?
Am I missing something painfully obvious? Have a skipped a page on Apple.com?
Most importantly, what is your take on the issue?
Categories
Mac
Comments (5)
Read More Entries by FJ de Kermadec.
You raise all the important questions. Apple's information policy on MobileMe security and/or privacy is dismal to absent.
Try to do a search for "MobileMe security" or "MobileMe privacy" on Apple's website and you get zilch.
We need to know about these areas:
1) security of any MobileMe connections
2) security of the Apple servers
3) privacy of all data stored on Apple servers
4) data-mining policies (see Gmail email analysis)
5) legalities of 3rd party access to our data - can the Feds snoop easily?
6) data retention after service has been canceled
I guess there is a reason they named it "the cloud" :->
Yes what about security Mr Steve???
I also couldn't find anything more specific on the apple page. I will wait to buy until they change something about this BIG issue!
MobileMe seems to be as unsecure as .Mac, the Web GUI at least is accessed without SSL, only the login gets encrypted and we all know that login only encryption is not sufficient.
I think MobileMe will be a big time hit as it includes integration with iPhone and iPod.
On general principle I refuse manufacturer tie-ins, whether it is MSN, .Mac, Adobe Stock Photos or now MobileMe.
Apple's track record for availability and reliability of .Mac is abysmal. Unlike Google, Yahoo or Microsoft, they can't even shield themselves behind the fig leaf that it's a free service and you get what you pay for. They would have done much better to partner with a company that actually has a clue about high-availability like Google.
I run my own email, blog, RSS aggregator and other online services as personal web apps on my own server. Unfortunately most people can't afford the time and financial commitment that involves.