Site icon Read Fanfictions | readfictional.com

“Hide my email” allows you to find the original address – for over a year | News

Email addresses are a sought-after commodity on the Internet – almost every service requires a valid and confirmed contact option when registering. However, it will only become clear much later whether you can trust the provider not to pass on the address to advertisers. Setting up a separate email alias for each provider by hand quickly becomes time-consuming – which is why it seems all the better that Apple integrates its own automation for this: “Hide my email” invents an address in the background for each portal and takes care of the administration. But this system apparently has a gap: a privatization provider can prove that the original can be found for every address that has been anonymized in this way.

The discoverer contacted 404 Media to substantiate the flaw in Apple’s anonymization service. The journalists created a new address, which they shared with Tyler Murphy, the co-founder of the privacy service provider EasyOptOuts and the discoverer of the loophole. After five minutes he replied with the official main address of the linked main account.

New addresses are created automatically in the browser or are managed in the iCloud settings.

Not fixed for a year
Murphy approached Apple with his discovery. The company responded that it wanted to investigate the error. That was in June 2025. It stayed quiet for a long time. But in March, Apple’s developers reported with the good news that the relevant systems had been adjusted and the problem had been resolved. Murphy couldn’t understand this – he was still able to determine real iCloud addresses. He contacted him again and an investigation was announced again.

Still advertised part of the paid subscription
Apple repeatedly asks the discoverer not to go public with his discovery in order not to endanger the safety of users. In May, Apple’s developers promised a change “in the coming weeks”. After more than a year had passed, Murphy felt further secrecy was no longer justifiable. At the same time, he did not reveal in detail how he scouted out the addresses. In the meantime, Apple consistently advertises enhanced privacy features for the “iCloud+” paid subscription.

Apple continues to advertise the feature – even though the company is aware of the security gap. (Source: iCloud)

Apple announces change of domain
A few weeks ago, Apple announced in the developer documentation that it would be making a change to the anonymization functions: From now on, email addresses will be kept under the domain “@private.icloud.com”; However, existing addresses remain active. The change sparked criticism on TechCrunch: The changed subdomain makes it easier for providers to recognize and block anonymized addresses.

Source link

Exit mobile version