A newly disclosed privacy vulnerability in Apple’s Hide My Email feature can reportedly allow an attacker to uncover the real email address behind a generated alias. According to the researcher who found the bug, it was responsibly disclosed to Apple more than a year ago but remains unpatched, and independent testing has verified the issue.

  • kayazere@feddit.nl
    link
    fedilink
    English
    arrow-up
    5
    ·
    5 hours ago

    I use DuckDuckGo’s email hiding service. I have had sites reject signing up with a @duck.com email address. So services will definitely move to block Apple’s new subdomain only for aliased email addresses.

  • Anivia@feddit.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 hours ago

    Just get a cheap domain and configure a catch-all redirect. Obviously not a solution viable for normies, but should be easy for many Lemmy users.

    Almost every website will accept a custom email domain

    • muusemuuse@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      40 minutes ago

      It depends on the domain. I intentionally have a bizarre .party domain I use as a shibboleth to see if a company is worth using. If they don’t have a way to use my .party email, I assume they are lazily run and based their decisions either on outdated nonsense or are a gross data mining operation I should avoid anyway.

  • somebody_to_love@lemmy.today
    link
    fedilink
    English
    arrow-up
    10
    ·
    15 hours ago

    This is a good write up. Thanks for sharing. I use “hide my email” sometimes and it’s important to know that it’s possible to find the real address behind it.