The Word "Hide" Is Now a Legal Question - ByteHaven - Where I ramble about bytes
ByteHaven - Where I ramble about bytes
The Word "Hide" Is Now a Legal Question
Part of the ongoing Big Tech's War on Users series.<br>When I wrote Part 1 of the privacy asterisk series back in April, one of the smaller points in a long list was that "Hide My Email" doesn't mean what it sounds like it means. There are documented cases of Apple handing over the real address behind a Hide My Email alias to federal agents, under warrant, exactly as their terms of service say they will. Nothing improper about that — Apple followed the process. The problem was the gap between what the name implies and what the feature actually promises. It hides you from advertisers and spammers. It was never designed to hide you from Apple, and by extension, from anyone Apple is legally required to answer.<br>That gap just got a second, much uglier example, and this one didn't need a warrant.<br>9to5Mac reports that a California Apple customer, Anthony Alvarez, has filed a proposed class action over a flaw that let essentially anyone unmask the real email address behind a Hide My Email alias — no subpoena, no legal process, just a bug. The timeline in the filing lines up with what 404 Media reported two weeks earlier: a security researcher told Apple about it in June 2025, Apple acknowledged the report about a month later, said in March 2026 that it had been fixed, and the researcher then found that it hadn't been. Apple's own iCloud+ marketing was still running the whole time.<br>So now there are two separate ways "Hide My Email" has failed to hide anything. One is disclosed, in the fine print, and defensible — that's the warrant case from my earlier post. The other is a known, unpatched bug that sat for over a year while Apple kept charging for the feature it belonged to. Different mechanism, same word doing too much work.<br>The lawsuit's actual argument is the interesting part, and it's not really about the bug. It's about the premium. Alvarez isn't just an iCloud+ subscriber paying the $0.99-a-month tier that includes the broader version of Hide My Email — the complaint argues that Apple's entire privacy positioning is baked into the price of the products themselves, and that customers paid for a promise the company knew, internally, had a hole in it. You're not buying a phone. You're buying the billboard too.<br>To back up the "this isn't a one-off" framing, the complaint also pulls in the 2023 report on Apple's randomized MAC address feature quietly failing for three years before anyone noticed. That's a smart legal move and also just an accurate one — this is exactly the shape of thing I keep coming back to in this series. None of these are catastrophic on their own. It's the accumulation, sitting next to a marketing campaign that never once got quieter, that turns "we'll patch it eventually" into a pattern a jury might actually recognize.<br>Apple hasn't commented on the suit. I'd guess whatever statement eventually shows up will lean hard on the same "we take privacy seriously" language that's been carrying a lot of weight since I wrote about the marketing-slogan problem. What's actually being asked for here is almost restrained by lawsuit standards: fix the feature, or clearly disclose what it can't actually do. Not damages first. Disclosure first. Which says something about how low the bar has gotten — suing a trillion-dollar company just to get an honest description of what a feature does.<br>Whether this gets certified is a separate question. Four proposed classes is ambitious, and the "$5 million and up, we're not showing our math" damages figure is the kind of thing a defense attorney circles in red on page one. But certification isn't really the point of writing about it now. The point is that "Apple knew and didn't fix it" is no longer just something 404 Media reported — it's now a claim sitting in a federal complaint, with a case number attached to it.
apple<br>bigtech<br>blog<br>classaction<br>hidemyemail<br>icloud<br>privacy<br>userhostile
Subscribe to get a weekly digest of posts in your inbox