Apple’s Hide My Email feature has a bug that’s been exposing real email addresses, researcher claims
Apple’s Hide My Email feature has a bug that’s been exposing real email addresses, researcher claims
研究人员称:苹果“隐藏邮件”功能存在漏洞,导致真实邮箱地址泄露
Apple’s Hide My Email feature is a convenient privacy tool that uses disposable addresses to hide a user’s true email for the sake of online anonymity. Unfortunately, new research appears to show that a bug in the feature allows users’ real email addresses to be unmasked. 苹果的“隐藏邮件”(Hide My Email)功能是一项便捷的隐私工具,它通过使用一次性地址来隐藏用户的真实邮箱,从而实现网络匿名。遗憾的是,最新研究显示,该功能存在一个漏洞,可能导致用户的真实邮箱地址被曝光。
The bug was reported by 404 Media, which says that it has tested and verified that the vulnerability exists. Tyler Murphy, the researcher who found the bug, said that he warned Apple about the problem over a year ago and that it was unclear why the company had yet to remedy the problem. All of the attempts to exploit the bug have been successful, Murphy added. 该漏洞由 404 Media 报道,据称他们已经测试并证实了该漏洞的存在。发现此漏洞的研究人员泰勒·墨菲(Tyler Murphy)表示,他早在一年多前就向苹果公司预警了这一问题,但目前尚不清楚为何该公司至今仍未修复。墨菲补充说,所有针对该漏洞的利用尝试均已成功。
“We don’t know the full scope of the issue, but in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable,” Murphy told the outlet. Details of the vulnerability haven’t been publicly disclosed, for fear that it will be exploited. “我们尚不清楚该问题的全部影响范围,但在我们对志愿者进行的有限测试中,100% 的‘隐藏邮件’地址都可以被利用,”墨菲告诉该媒体。出于防止漏洞被滥用的考虑,目前尚未公开该漏洞的具体细节。
Murphy is the co-founder of EasyOptOuts, which offers a paid data-removal service that takes your information off of data broker sites. He told 404 Media that “publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk.” 墨菲是 EasyOptOuts 的联合创始人,该公司提供付费数据删除服务,旨在将用户信息从数据经纪人网站上移除。他告诉 404 Media:“公开可访问的人员搜索网站很容易将邮箱地址与其他个人详细信息关联起来,因此依赖‘隐藏邮件’来保障安全的用户可能正面临风险。”
TechCrunch reached out to Apple for more information and will update this story if it responds. When it comes to the tech world, privacy tools are hard to come by and, unfortunately, even when they do exist, they don’t always work. TechCrunch 已联系苹果公司寻求更多信息,如有回复将更新本文。在科技领域,隐私工具本就难得,遗憾的是,即便它们存在,也并不总是有效。
Apple has been accused of this sort of thing before. Case in point: The company was sued in 2022 after it was reported that iPhone apps continued to send analytics data to Apple even when the iPhone Analytics privacy setting was turned on. Similarly, in 2023, researchers found another one of Apple’s privacy features to be effectively “useless.” The research claimed that a tool that was supposed to anonymize mobile users’ Wi-Fi connections by providing randomized MAC addresses (an easily trackable identifier) was simply exposing the user’s real MAC address. 苹果此前也曾因类似问题受到指责。例如:2022 年,有报道称即便用户开启了“iPhone 分析”隐私设置,iPhone 应用仍会持续向苹果发送分析数据,导致该公司被起诉。同样,在 2023 年,研究人员发现苹果的另一项隐私功能实际上“毫无用处”。该研究指出,一项本应通过提供随机 MAC 地址(一种易于追踪的标识符)来匿名化移动用户 Wi-Fi 连接的工具,实际上直接暴露了用户的真实 MAC 地址。
Apple has built a large part of its reputation and branding on user privacy, so hopefully it manages to address the apparent Hide My Email bug with some expedience. If it can learn to better stand behind its privacy promises, that wouldn’t be the worst thing in the world either. 苹果很大一部分声誉和品牌形象都建立在用户隐私之上,因此希望它能尽快解决“隐藏邮件”功能的这一明显漏洞。如果苹果能学会更好地践行其隐私承诺,那对用户来说无疑是件好事。