Source linked

Apple's Hide My Email Bug Exposes Real Addresses in 100% of Tests

techcrunch.com@market_structure1 hour ago·Cybersecurity·1 comments

Researcher Tyler Murphy found that every Hide My Email address he tested could be unmasked, and Apple has known for over a year without a fix.

applehide my emailtyler murphyeasyoptoutsprivacyemail security

Every Hide My Email address Tyler Murphy tested — 100% of them — could be traced back to the user's real email. That's not a corner case; that's the feature being broken by design.

Every Hide My Email Address Tested Was Leaky

Murphy, co-founder of data-removal service EasyOptOuts, found a bug that lets anyone unmask the disposable address Apple generates to protect your identity. He told 404 Media that in limited tests with volunteers, every single address was exploitable. The vulnerability hasn't been publicly detailed to avoid wider abuse, but Murphy confirmed all exploitation attempts succeeded.

Apple's Hide My Email is supposed to let you sign up for services without exposing your actual inbox. It's a core piece of the company's privacy marketing. A bug that leaks the underlying address in every case makes that promise hollow.

Apple Sat on This for Over a Year

Murphy reported the problem to Apple more than twelve months ago. No fix has shipped. That timeline is damning for a company that charges a premium on the back of privacy claims. TechCrunch reached out to Apple for comment; the company hasn't responded yet. 404 Media independently tested and verified the vulnerability.

This isn't Apple's first privacy stumble. In 2022, iPhone apps were caught sending analytics data even with the setting turned off. In 2023, Apple's MAC address randomization feature was found to expose real MAC addresses. Pattern recognition doesn't require a machine learning model.

Murphy notes that public people-search sites already make it trivial to connect an email to a name, address, and phone number. A working Hide My Email at least adds a layer; a broken one gives users a false sense of safety. If you rely on this feature to stay off spam lists or worse, assume it's not working until Apple proves otherwise — and that proof has been overdue for a year.


Source: Apple's Hide My Email feature has a bug that's been exposing real email addresses, researcher claims
Domain: techcrunch.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

Comments load interactively on the live page.