Apple’s privacy promise is broken

7

It’s been a year. Apple still hasn’t fixed a hole in their flagship privacy feature. Or rather, it admits to knowing about it. They haven’t closed the door though.

“Hide My Email” is supposed to be a shield. It gives you a unique iCloud alias to throw at spam traps and sketchy sign-ups. Your real address stays safe behind the curtain. A clean layer of anonymity for your digital life.

The curtain is drawn back. EasyOptOuts, an online privacy firm, found that anyone can peek behind it. They can find the actual email address tied to that fake iCloud one. Just by asking.

“Apple Hide My Email is leaking addresses that are supposed to be hidden.”
— Tyler Murphy, cofounder of EasyOptOuts

They told Apple over a year ago. June 2024, if we trust the timeline here. Apple said they were handling it. Murphy waited. The flaw remained. So he went to 404 Media with the proof. Independent confirmation followed. The exploit works. 404 Media won’t share the specific technical method—they are responsible like that—leaving it live for now is a choice that feels risky. Why take that gamble?

Testing was blunt. Volunteers used their aliases. Every single one got exposed. One hundred percent success rate for attackers. That’s not a bug. That’s a design failure left rotting in the wood.

It gets worse if you use this service for serious reasons. Maybe you hate getting marketing newsletters on your personal inbox. Maybe you sign up for sites but don’t want them tracking you via your primary address. iCloud+ users paid for this convenience. Now they have to pay with their vigilance.

TechCrunch reported last June that Apple planned to shuffle domains anyway. Moving these aliases to “private.icloud.com.” The current “icloud.com” domain is shared with regular users, making the alias look real. The new domain would scream privacy mask. Which means websites could just block them. Instant uselessness for users who actually need the feature.

So here we sit. The mask slips. The domain changes threaten to make the feature irrelevant. Apple claims investigation continues through May. That’s old news by now.

Users are on their own for the moment. Maybe check those other privacy tools. Maybe assume the email isn’t safe. Apple says they’re working on it. We’ve heard that before.

The leak is real. The fix is distant. Trust erodes quietly.

Попередня статтяYour Wi-Fi Is Calling
Наступна статтяThe Gulf’s AI Week: 3D Cities and Unchecked Code