Apple Hide My Email not really private?

Hide my email does not really hide your email because if the government or a simple subpoena asks apple who the alias belongs to theyll happily tell them. so they can actually link all your aliases together with your apple email

or am I missing something?

Yes, if the government comes knocking with a court order they will - probably - tell them what they want to know, pretty much like all other services, too. It’s not their job to fight your battles or to go to jail for a customer.

If the government comes after you like that, there really isn’t much anyone can do about it.

Hide My email is intended to keep your email private from other businesses/people and for “normal” use it succeeds in doing that.


That’s every email services, really. Best you can do is find one with the least amount of your data (not Apple)

I’m sure this is true of Apple, as it is true of nearly every company that exists, including even privacy friendly companies. While there can be situations where a company does go to bat for you, sometimes because its good marketing (e.g. the very public Apple vs the FBI legal battle some years ago) or sometimes out of principle*, this is very much the exception to the rule. Anytime you put your trust in a third party service, you should assume that they will not violate a legal court order on your behalf. If they are legally compelled to do something or hand over information, they almost certainly will.

This is something to always be aware of when using a 3rd party service. And this is one reason that companies that rely on technica (e.g. e2e encryption)l, (e.g. structural (e.g. a data minimization strategy, and ‘zero knowledge’ design principles), and geographical/legal solutions (e.g. choosing a legal jurisdiction with a more privacy respecting / friendly legal framework) should be preferred.

Protection from government agencies with legal court orders it outsideo f the scope of what an email aliasing service is meant to address.

I guess one takeaway for this is to look back to see if all your services are under one jurisdiction?

I mean switzerland is neutral and all but if the Swiss government knocks, Swiss providers have the legal obligation to answer.

Im curious to see if there is any benefit to at least divesting one of my services to at the very least, a HongKong jurisdiction? Can we offload one of the services to at least an “enemy” of the west to make things not be all in one circle of influence. India could potentially be a good candidate as well?

Sorry I expressed myself wrong.
I did NOT mean the NSA. I mean that Apple would release the data with a simple subpoena if someone SUES you.

This is not the case for Skiff as far as I know.
They don’t know who owns what aliases and could not give it up under a court order
That’s what I was told from the founder at least

So I was wondering if Apple had any similar mechanism to secure it

I don’t know if or how Skiff protects that information, but neither Apple nor the aliasing services we do recommend are oblivious to which alias belongs to which user, no. I would also find it difficult to believe Skiff doesn’t know this information either, but I haven’t looked into that claim.

These aliasing services are for protecting your email from being shared and correlated between websites and by marketing companies and data brokers, they are definitely not for hiding your email address from the government.


Problem with it is that “enemy of the west” is generally not pro-privacy

Just look at the India and VPN controversy. But for some things, “enemy of the West” are definitely valuable. I like to use Yandex to find stuff censored by the mainstream “western” search engine


If the government is after you, then, they can also use spyware apps to hack your phone.

If your threat model is so high, why do you use email for communication unless there is a very niche use case?


My threat level is not government but lawsuits.

I don’t believe spyware apps would be used in a simple case of litigation or lawsuits

Also update:
I was wrong about Skiff - while they do not provide any info about the multiple accounts you add in the app (they do not save or link them together), they do release the Aliases in case of a subpoena request.

So the best solution seems to be simply to have multiple accounts and not use the Alias feature.

Also, keep in mind that when subpoenaed, providers like Tutanota and protonmail can also provide some metadata, notably your IP address. Of course from Swiss or German authorities, not Americans.

I’m not an expert but countries have agreements on legal cooperation. It could very well be that a foreign authority contacts a local authority and they would support their requests.

Absolutely, but the trick is here that laws are different in that countries. For instance, you can’t impose gag orders in Switzerland, afaik.