
A Bay Area Apple customer is taking the company to federal court, claiming its Hide My Email feature is not nearly as private as advertised. In a proposed class action filed in the U.S. District Court for the Northern District of California, the suit asks a judge to order Apple to fix the alleged flaw or clearly spell out the feature’s limits, while also seeking damages on behalf of a nationwide class. The case grew out of reporting that researchers can, in some situations, trace supposedly masked email addresses back to users’ real inboxes.
As reported by Cleveland.com, the suit was filed on Wednesday by California resident Anthony Alvarez. According to AppleInsider, the complaint accuses Apple of false advertising, fraud and breach of contract and asks the court to require clearer disclosures or technical fixes for affected customers.
Security researcher Tyler Murphy, co-founder of privacy service EasyOptOuts, says he alerted Apple to the issue in June 2025, and 404 Media reports that it independently verified the vulnerability. As AppleInsider notes, “Apple said in March 2026 that a system change had addressed the issue,” but Murphy’s continued testing and later checks found the problem could still be exploited.
What the Complaint Argues
The lawsuit claims Alvarez and other potential class members paid for enhanced privacy as part of iCloud+ or through Sign in with Apple, and that Apple kept promoting Hide My Email while the flaw was still in play. MacRumors reports that the complaint seeks both monetary relief and injunctive measures, essentially asking the court to make Apple either repair Hide My Email or give customers a blunt warning about what the feature can and cannot do.
What Users Should Know
Hide My Email is designed to spin up randomized forwarding addresses that sit between websites and your real inbox, masking your primary email. Apple documents the feature as part of both iCloud+ and Sign in with Apple, and you can find an overview of how it works on Apple Support.
Separately, Apple has signaled upcoming product changes that include moving generated addresses to a @private.icloud.com domain. Reporters have warned that this tweak could make those aliases easier for some sites to block, and that change, along with other product notes, was covered by TechCrunch.
Next Steps
For now, the case is only an early, proposed class action, which means no class has been certified and none of the allegations have been tested or decided by the court. Reporters note that Apple did not immediately offer public comment to outlets asking about either the vulnerability or the lawsuit, and the company has not announced a broader public fix beyond the changes it has already referenced.
Observers say the litigation is likely to test how courts treat bold privacy promises in tech advertising when they collide with undisclosed technical limitations behind the scenes.









