The Hide My Email feature was designed to act as a buffer, generating unique addresses that forward correspondence to a user’s primary inbox to prevent tracking and spam. However, testing conducted by EasyOptOuts revealed that every address checked was susceptible to being linked back to its owner. While the specific mechanism remains undisclosed to prevent abuse, the vulnerability persists despite multiple communications with Apple’s security teams. Tyler Murphy, cofounder of EasyOptOuts, noted that Apple claimed to have addressed the flaw in March 2026, yet subsequent testing confirmed the exploit remains fully functional.
Apple’s internal response has been limited to statements that the company is still investigating the report. The uncertainty surrounding the fix comes as Apple prepares to transition Hide My Email addresses to a new domain, private.icloud.com, a move that some industry observers suggest could inadvertently allow services to easily blacklist or block users relying on the privacy tool. Until a patch is deployed, users who depend on these aliases for protection may need to seek alternative privacy solutions.
Comments (0)
No comments yet. Be the first!