I understand you have questions about the security of the MobileMe service. I will be happy to describe some of the ways that MobileMe helps to protect the security of your data.
MOBILEME SITE
When you type your MobileMe member name and password in the MobileMe login page and click Login, your information is sent to Apple using secured 128-bit Secure Sockets Layer (SSL) encryption. This is true even though the MobileMe login page doesn't have the symbols that typically denote a secure connection.
In the account settings area of MobileMe, all of the pages that contain your personal information, billing information, credit card information, and so on are all encrypted as well.
MOBILEME MAIL
As with the rest of the MobileMe site, the login page for MobileMe Mail is encrypted. The messages you read or send are not encrypted, however.
If you change the beginning of the address of the MobileMe Mail from "http://" to "https://", you may notice that your browser now displays a lock icon. This does not make your connection any more or any less secure, however.
MAIL CLIENT ACCESS TO MOBILEME
The MobileMe mail servers support SSL connections. Many mail programs support this option as well. If you use the Mac OS X Mail program with your MobileMe account, you can enable SSL connections for both sending and receiving messages as follows:
1. In Mail, choose Preferences from the Mail menu.
2. Click Accounts, and highlight your MobileMe account.
3. Under Account Information, click Server Settings, and select Use Secure Sockets Layer (SSL). Click OK.
4. Under Advanced, select Use SSL.
5. Close the Accounts preferences window.
If you use a different email program, consult that program's help menu if you would like more information about how to enable SSL.
Apple and MobileMe do not provide certificates to encrypt specific mail messages. If you wish to get a certificate to use with your email, you can get one from an issuing authority such as Thawte:
http://www.thawte.com
iDISK
When you connect to your iDisk, the authentication of your MobileMe member name and password is done via Digest Authentication. This is a common, secure way to handle authentication for many HTTP-based services (such as webpages) or WebDAV servers (such as iDisk). For more information about Digest Authentication, you can search for the term in your favorite search engine.
Once you are connected to the iDisk and after the authentication process, the actual transfer of data is not encrypted. This includes publishing pages or photocasts with iWeb or iPhoto, using Backup, syncing with iDisk Syncing, publishing calendars with iCal, or simply copying a file manually to your iDisk.
MOBILEME IDISK
When you connect to your iDisk via a browser, the authentication of your MobileMe member name and password is secure (although some browsers may incorrectly indicate that the password is being sent "in the clear"). As with a regular connection to iDisk, once you are connected and authenticated with iDisk on the web, the actual transfer of data is not encrypted.
If you change the beginning of the address of the iDisk on the web from "http://" to "https://", you may notice that your browser now displays a lock icon. This does not make your connection any more or any less secure, however.
MOBILEME SYNC (10.4.10 or later)
All data synced with MobileMe Sync using Mac OS X 10.4.10 or later is encrypted with standard 128-bit encryption during the synchronization process.
WHY ISN'T EVERYTHING ENCRYPTED?
It is not always pertinent to encrypt everything. Depending on the computer you are using, encrypting everything could adversely affect the speed and ease of use. To keep webpages, photocasts, and webmail operating as quickly as possible, Apple encrypts only the information that is necessary to protect your account information and billing information.
WHAT ELSE CAN I DO?
There are several things you can do to help protect your data. Common suggestions include:
1. Keep your software up to date. If you have not done so recently, check Software Update in the Apple Menu for any updates. Be sure to install any available Security or Mac OS X updates. You can set Software Update in your System Preferences to check for new and updated software automatically.
2. Keep your MobileMe password secure. Your data, even if it is completely encrypted, is only as secure as your password. For more information, please see:
Protecting your MobileMe password
http://docs.info.apple.com/article.html?artnum=303904
3. Create an encrypted disk image. Mac OS X allows you to create encrypted disk images in which to store particularly sensitive files or folders. For more information, please see:
Disk Utility 10.5 Help (Mac OS X 10.4): Creating a disk image
http://docs.info.apple.com/article.html?path=DiskUtility/10.5/en/duh3.html
Thank you for allowing me the opportunity to assist you. You may receive an AppleCare survey email; any feedback you provide would be greatly appreciated.
