Remix.run Logo
tjames7000 2 days ago

I've been going back and forth with Apple about it for a year. We don't feel comfortable releasing the exploit details even though they're being slow. We think enough people rely on Hide My Email for personal safety that it would be irresponsible.

bill_mcgonigle 2 days ago | parent | next [-]

Hopefully nobody in the criminal underworld has figured it out on their own.

Do you believe the mitigation would be difficult to engineer? If, say somebody else, publicly disclosed the unmasking technique how long would you guess it would take Apple to implement a verifiable fix?

chrisjj 2 days ago | parent | prev [-]

> We think enough people rely on Hide My Email for personal safety that it would be irresponsible.

I am guessing you haven't tried that excuse on the users your witholding is leaving exposed.

tjames7000 2 days ago | parent [-]

We're hoping that by notifying people that there's a vulnerability, people can stop using Hide My Email if it matters to them. I don't think that disclosing the exploit method will get Apple to fix it faster at this point.

chrisjj 2 days ago | parent | next [-]

The problem there is users cannot evaluate if it matters to them whilst all information needed to do so is being witheld.

ezfe 2 days ago | parent [-]

If having your personal email exposed would be a matter of personal safety or similar, then stop using it. If you're just using it for junk mail or to get a free trial then keep using it.

hunter2_ 2 days ago | parent [-]

Yes, but a mitigation suggestion like "keep using it, except don't do X specific sequence" (for example, send to a Yahoo address via the Reply button, or whatever the case may be) could be helpful as well, since it seems that bad actors (and/or good actors spilling the beans) will figure it out sooner than later anyway.

officeplant 2 days ago | parent | prev [-]

Its the only reason I even pay the $1 a month icloud plan, so might as well cancel it if its gonna be eternally broken.