Comment by tjames7000
8 hours ago
I've been going back and forth with Apple about it for a year. We don't feel comfortable releasing the exploit details even though they're being slow. We think enough people rely on Hide My Email for personal safety that it would be irresponsible.
Hopefully nobody in the criminal underworld has figured it out on their own.
Do you believe the mitigation would be difficult to engineer? If, say somebody else, publicly disclosed the unmasking technique how long would you guess it would take Apple to implement a verifiable fix?
> We think enough people rely on Hide My Email for personal safety that it would be irresponsible.
I am guessing you haven't tried that excuse on the users your witholding is leaving exposed.
We're hoping that by notifying people that there's a vulnerability, people can stop using Hide My Email if it matters to them. I don't think that disclosing the exploit method will get Apple to fix it faster at this point.
Its the only reason I even pay the $1 a month icloud plan, so might as well cancel it if its gonna be eternally broken.
The problem there is users cannot evaluate if it matters to them whilst all information needed to do so is being witheld.
2 replies →