Prevent Plain Text Copies of Encrypted Emails on Your Mac
IT guru Bob Gendler spoke on Medium last week to share a startling discovery about Apple Mail. If you have an app set up to send and receive encrypted email – messages that should be unreadable by anyone who doesn’t have the correct decryption keys – Apple Digital Assistant will continue and save your emails as plain text on your Mac drive. …
Even more frustrating, you can turn off Siri on your Mac completely and your messages will still show up in the Mac database known as snippets.db. The process known as prompted will still comb your emails and dump them into this plaintext database. This problem, according to Gendler, is present in many iterations of macOS, including the most recent builds of Catalina and Mojave.
As Gendler writes :
“I discovered this database and what is stored in it on July 25th, and on July 29th, I began extensive testing on several computers with Apple Mail installed and fully confirmed this. Later that week, I confirmed that this database exists on the 10.12 machines up until 10.15, and behaves the same way, keeping encrypted messages unencrypted. If you have iCloud turned on and Siri turned on, I know that some data is being sent to Apple to help improve Siri, but I don’t know if that includes information from that database. ”
Don’t use Siri in your email
While Apple is currently working on fixing the issues Gendler raised, there are two easy ways to ensure that your encrypted emails are not stored unencrypted on your Mac. First, you can turn off Siri Mail Suggestions in the Siri section of System Preferences.
Second, you can start Terminal and enter this command:
defaults write com.apple.suggestions SiriCanLearnFromAppBlacklist -array com.apple.mail
There is also a third method you can use – setting a system-level configuration profile, which Gendler detailed in his post.
Regardless of which option you choose, you’ll want to delete the snippets.db file, since turning off Siri’s collection capabilities doesn’t automatically delete what has already been collected (obviously). You can find it by pulling out your Mac disk ( Go> Computer ) and doing a quick search for “snippets.db”.
Apple also told The Verge that you can also restrict which applications are allowed full disk access on your Mac – through System Preferences> Security & Privacy> Privacy tab – so they can’t access your snippets file .db. You can also enable FileVault to prevent your emails from showing up as clear text in snippets.db.