
Image Credits:Cheng Xin / Getty Images
Apple’s Hide My Email feature is a convenient privacy tool that uses disposable addresses to hide a user’s true email for the sake of online anonymity. Unfortunately, new research appears to show that a bug in the feature allows users’ real email addresses to be unmasked.
The bug was reported by 404 Media, which says that it has tested and verified that the vulnerability exists. Tyler Murphy, the researcher who found the bug, said that he warned Apple about the problem over a year ago and that it was unclear why the company had yet to remedy the problem. All of the attempts to exploit the bug have been successful, Murphy added.
“We don’t know the full scope of the issue, but in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable,” Murphy told the outlet. Details of the vulnerability haven’t been publicly disclosed, for fear that it will be exploited.
Murphy is the co-founder of EasyOptOuts, which offers a paid data-removal service that takes your information off of data broker sites. He told 404 Media that “publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk.”
TechCrunch reached out to Apple for more information and will update this story if it responds.
When it comes to the tech world, privacy tools are hard to come by and, unfortunately, even when they do exist, they don’t always work. Apple has been accused of this sort of thing before.
Case in point: The company was sued in 2022 after it was reported that iPhone apps continued to send analytics data to Apple even when the iPhone Analytics privacy setting was turned on.
Similarly, in 2023, researchers found another one of Apple’s privacy features to be effectively “useless.” The research claimed that a tool that was supposed to anonymize mobile users’ Wi-Fi connections by providing randomized MAC addresses (an easily trackable identifier) was simply exposing the user’s real MAC address.
Apple has built a large part of its reputation and branding on user privacy, so hopefully it manages to address the apparent Hide My Email bug with some expedience. If it can learn to better stand behind its privacy promises, that wouldn’t be the worst thing in the world either.
