Comment by fsuts
9 hours ago
I think you should formally write to Apple and give notice of 30 days to contact you or you will reveal it.
Send it to the USA media and regulator too
9 hours ago
I think you should formally write to Apple and give notice of 30 days to contact you or you will reveal it.
Send it to the USA media and regulator too
I've been going back and forth with Apple about it for a year. We don't feel comfortable releasing the exploit details even though they're being slow. We think enough people rely on Hide My Email for personal safety that it would be irresponsible.
Hopefully nobody in the criminal underworld has figured it out on their own.
Do you believe the mitigation would be difficult to engineer? If, say somebody else, publicly disclosed the unmasking technique how long would you guess it would take Apple to implement a verifiable fix?
> We think enough people rely on Hide My Email for personal safety that it would be irresponsible.
I am guessing you haven't tried that excuse on the users your witholding is leaving exposed.
We're hoping that by notifying people that there's a vulnerability, people can stop using Hide My Email if it matters to them. I don't think that disclosing the exploit method will get Apple to fix it faster at this point.
4 replies →