Apple spent years telling people their privacy matters. And honestly, for the most part, they meant it. Hide My Email, a feature tucked inside iCloud+, lets you create throwaway email aliases that forward messages to your real inbox without ever exposing who you actually are. Marketers hate it. Spammers can’t crack it. It does exactly what it promises.
Except when the FBI comes knocking. Then Apple opens the door pretty quickly.
Court documents reviewed by TechCrunch confirm that Apple handed over the real identities of at least two customers who were actively using Hide My Email. No prolonged legal standoff. No public pushback. Records were requested, and records were provided.
What Exactly is Apple Hide My Email and How Does It Work?
Hide My Email is Apple’s answer to the email address problem that every internet user quietly deals with. You want to sign up for something, but you don’t want that company storing your real address, selling it, or leaking it in a breach three years from now.
So instead, you generate a random alias, something like qt7x2m@icloud.com, and that alias quietly forwards everything to your actual inbox. Apple says it never reads those forwarded messages. For protecting yourself from data brokers, spam campaigns, and the general noise of commercial tracking, the feature genuinely holds up.
The issue is that people naturally assumed “private” meant private across the board. It doesn’t.
How Did the FBI Get the Real Name Behind a Hide My Email Address?
Earlier this month, the FBI sent Apple a legal request connected to a threatening email allegedly sent to Alexis Wilkins, the girlfriend of FBI Director Kash Patel. Apple came back with the account holder’s full name, their real email address, and records for 134 separate Hide My Email aliases that person had created.
Homeland Security Investigations, a unit inside ICE, received similar cooperation from Apple in a separate identity fraud investigation, where agents confirmed that a suspect had scattered multiple aliases across several Apple accounts.
Apple declined to comment.
Why Can Law Enforcement See Through Apple’s Privacy Features?
Apple genuinely encrypts a lot of what sits inside iCloud. Photos, messages, health data, much of it is end-to-end encrypted, which means Apple itself cannot read it and therefore cannot hand it over, even with a court order. That part of the privacy promise holds up solidly.
But Hide My Email sits somewhere different. Apple is the one building and managing every alias in the system. They know, technically and necessarily, which randomly generated address belongs to which account.
Your name, billing details, and account history are stored with Apple in a form they can access. When a valid legal request arrives, that information is available to share, and apparently, they share it rather readily.
Is Email Itself the Real Privacy Problem Here?
Honestly, somewhat yes. Email as a technology was never designed with privacy in mind. Unlike iMessage, which encrypts conversations end-to-end, standard email carries plaintext routing information because that’s simply how the protocol functions. It was built for delivery, not secrecy.
Hide My Email creates a useful layer on top of that, but it can’t fundamentally change what email is underneath.
That’s a big part of why apps like Signal have grown so dramatically. When a service genuinely cannot access your messages, structurally, architecturally, there’s nothing to hand over even when pressed legally. That’s a meaningfully different kind of protection, and more people are slowly figuring out the distinction.
Does Apple Hide My Email Still Have Any Real Value?
Absolutely, just within its actual lane. If you’re trying to stop a random e-commerce site from flooding your inbox, or prevent your real address from appearing in the next big data breach, Hide My Email does that job well. It’s a practical, everyday privacy tool for commercial threats.
What it was never designed to do, and what Apple never clearly spelled out, is protect you when a government agency decides it wants to know who you are. The alias disappears. The name behind it doesn’t.
What Should You Actually Use If You Want Stronger Privacy?
For messaging, Signal remains the clearest answer. For email specifically, the privacy ceiling is lower by nature, but services built around zero-knowledge architecture at least limit what any company can access or reveal. Understanding what each tool actually protects you from, rather than assuming “private” means the same thing everywhere, makes a real difference.
These court documents didn’t expose a flaw in Apple’s engineering. They exposed a gap in how the feature was understood by the people using it. Hide My Email does protect your identity, selectively, commercially, usefully. But law enforcement was always outside that protection. Apple just never said so loudly enough.
