Apple Gives FBI a User's Real Name Hidden Behind 'Hide My Email' Feature (404media.co) 90
An anonymous reader quotes a report from 404 Media: Apple provided the FBI with the real iCloud email address hidden behind Apple's 'Hide My Email' feature, which lets paying iCloud+ users generate anonymous email addresses, according to a recently filed court record. The move isn't surprising but still provides uncommon insight into what data is available to authorities regarding the Apple feature. The data was turned over during an investigation into a man who allegedly sent a threatening email to Alexis Wilkins, the girlfriend of FBI director Kash Patel.
"On or about February 28, 2026, Person 1 received an email from the email address peaty_terms_1o@icloud.com," the affidavit reads. Earlier on, the document explicitly says that Person 1 is Alexis Wilkins. [...] The affidavit says Apple then provided records that indicated the peaty_terms_1o@icloud.com email address was associated with an Apple account in the name of Alden Ruml. The records showed that account generated 134 anonymized email addresses, according to the affidavit.
Law enforcement agents later interviewed Ruml and he confirmed he had sent the email, the affidavit says. Ruml said he sent the email after reading a February 28 article about how the FBI was using its own resources to provide security to Wilkins. The specific article is not named or linked in the affidavit, but a New York Times article published that same day described how Patel ordered a team to ferry his girlfriend on errands and to events.
"On or about February 28, 2026, Person 1 received an email from the email address peaty_terms_1o@icloud.com," the affidavit reads. Earlier on, the document explicitly says that Person 1 is Alexis Wilkins. [...] The affidavit says Apple then provided records that indicated the peaty_terms_1o@icloud.com email address was associated with an Apple account in the name of Alden Ruml. The records showed that account generated 134 anonymized email addresses, according to the affidavit.
Law enforcement agents later interviewed Ruml and he confirmed he had sent the email, the affidavit says. Ruml said he sent the email after reading a February 28 article about how the FBI was using its own resources to provide security to Wilkins. The specific article is not named or linked in the affidavit, but a New York Times article published that same day described how Patel ordered a team to ferry his girlfriend on errands and to events.
Is anyone surprised? (Score:5, Insightful)
TFA doesn't mention a court order, so apparently they didn't even require one. They've done that repeatedly with people's iCloud data and their location data, so I'm not surprised. No idea why the fanbois seem to think that Apple gives a shit about their privacy, I've never seen any indication of it.
Re:Is anyone surprised? (Score:5, Funny)
I think that's a side quest in Fallout 4
Re: (Score:1)
That's my stalker troll, I think most of its posts are done by a (fairly poorly programmed) bot. I've seen over a dozen before after a single post that I've made, it's quite pitiful. I suspect it's the same troll that has been stalking rsilvergun for the last several years, and creimer before him.
Re: (Score:2)
if the Iranian regime killed that many surely there's evidence?
Giving the onslaught against them they can't have a perfectly tight grasp on everything especially how hard hit Teheran has been so at least something should have leaked.
Re: (Score:3, Interesting)
They gave the Chinese government access to Chinese user's data years ago. They don't seem to have an issue with governments gaining warrantless access to their systems.
If you care about privacy, go Android. Google does require warrants, and doesn't operate in China due to the warrantless access requirement.
Re: Is anyone surprised? (Score:3, Insightful)
That about Google is bollocks for a start...they just can't win in China so they choose not to be there. They took their toys home.
China doesn't use the same systems as in the US, but they do have a process to go through.
It turns out the USA isn't so different, actually...but Google et al seem happy enough to be there.
Re: (Score:2, Informative)
Most Chinese phones use Android. Google could be huge there, but choose not to be.
Re:Is anyone surprised? (Score:5, Informative)
They gave the Chinese government access to Chinese user's data years ago. They don't seem to have an issue with governments gaining warrantless access to their systems.
Chinese law doesn't require a warrant for such access and it may be done in secrecy [stanford.edu] (i.e. without informing the user) if necessary to perform duties. The problem with Apple in China isn't that they aren't following the law, it's that they are and the law is openly fascist.
Re: (Score:2, Troll)
I suppose to be fair the UK isn't so much better. The police can make these requests themselves. They have an oversight group, but they rubber stamp everything it seems. Hundreds of thousands of requests per year.
Re:Is anyone surprised? (Score:5, Informative)
You get the idea. The article doesn't say anything about a court order one way or the other, so we simply don't know the state there. Given previous track record, it's likely the request was made legally if Apple complied with it.
Re:Is anyone surprised? (Score:4, Informative)
It's in the TOS, Apple will share if they determine it is necessary or appropriate.
Others. Apple may share personal data with others at your direction or with your consent, such as when we share
information with your carrier to activate your account. We may also disclose information about you if we determine that
for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or
appropriate. We may also disclose information about you where there is a lawful basis for doing so, if we determine that
disclosure is reasonably necessary to enforce our terms and conditions or to protect our operations or users, or in the
event of a reorganization, merger, or sale.
https://www.apple.com/legal/pr... [apple.com]
Re: (Score:2)
So, "whenever we wanna".
Re: (Score:2)
TFA doesn't mention a court order, so apparently they didn't even require one.
Someone posted the court order you were looking for on reddit: https://i.redd.it/gln6bwoamx12... [i.redd.it]
Re: (Score:2)
No idea why the fanbois seem to think that Apple gives a shit about their privacy
Especially since Tim Apple has been regularly flying to DC to get down on his knees and publicly suck Trump's dick...
Re: (Score:2)
If you want to operate a company you need to follow the demands of the current government in the location(s) where you operate. It's the same in every country in the world.
If you're too small for the government to care about you, that just means following the published laws.
If you're large then it means getting in favor with the current regime via whatever methods are available to you.
Re: (Score:2)
The "hide my email" function is to hide your email address from random companies that might sell or leak your address to spammers.
It's not to hide your address from law enforcement, and never was.
No Useful Information (Score:5, Insightful)
So what? (Score:5, Interesting)
There are three questions here:
1. Was the legal request made appropriately? If no, bash the agency that issued it.
2. Was the identity revealed legally in response to the request? If no, then Apple can be bashed, but I doubt it. If yes, then:
3. Is the rule under which the identity was requested fair? If not, then bash the legislature that has produced it and ask your representatives to remove it. If yes, then what's the problem again?
From the story it appears that some bloke sent an email to the girlfriend of one kashyap patel, and the FBI under the said kashyap requested the identity to "interview" him, which could have been a valid action, although in the light of other kashyap moves, it was just as likely a harassment.
But it is hard to tell which is which from this a fog-of-war kind of TFS.
Re: (Score:2)
If he's done goofed, sure, let the consequences never be the same for him.
Re: So what? (Score:2)
Could you translate this phrase to English?
Re: So what? (Score:3)
Re: (Score:2)
No. Look up all those memes yourself.
Re:So what? (Score:5, Interesting)
This is another 404 Media pay-for-placement post here on Slashdot. They're pretty much all low-quality hide-your-blogpost-behind-a-paywall drivel.
Re: (Score:2)
Yeah, there's no point to the tfa otherwise.
Re: So what? (Score:1)
Even though the singer is part of the celebrity grouping, I'll say. I would love to know the details that caused this investigation to get priority one. With all the cutbacks in government headcount etc.. and all the larger issues facing the US domestically. I'm sure this was preferential treatment. I.e. Misuse of resources.
Re: (Score:1)
From the story it appears that some bloke sent an email to the girlfriend of one kashyap patel
From the story it appears that some bloke sent a threatening email to the girlfriend of one Kashyap Patel
FTFY
Re: (Score:2)
Well, this WAS the Apple of: "1984 won't be like 1984" and earlier refusals to bend over and backdoor the iPhone so that the FBI could snoop at will.
So, for the fact that they've dona a 180 to whore themselves out to MAGA and become big brother and do the bidding of dear leader and his henchmen... yes, they absolutely should be scorned and condemned.
Re: (Score:2)
1. Was the legal request made appropriately? If no, bash the agency that issued it.
I tend to agree with the spirit of such comments, but in this case, Apple makes it clear in the TOS that it retains the right to disclose that information if it deems it appropriate. People pay for an anonymity service without reading the fine print :/
Re: (Score:2)
Neither the law nor the Constitution *prohibit* companies from disclosing private information about you, to the government. What the Constitution does do, is prohibit the government from *compelling* companies or individuals, to hand over private information, without a warrant signed by a judge. If companies like Apple choose to hand over information willingly, no laws were broken.
capitalists and government (Score:1)
Insert 19th century political cartoon of fat capitalists and politicians patting each other on the back.
Of course Apple knows the real email ... (Score:1)
This is not like storage encryption that can be done in a way where Apple does not know the key and is technologically unable to comply with court orders.
Re: (Score:3)
There's no such thing as technologically unable to comply.
If a nation state law enforcement insists, they will make you comply, and you and I will never hear about it.
A simple OS update with "If phone MAC == XXXXXXXXXX then send copy to FBI", targeted specifically at one phone, deployed only to that one phone, would go entirely unnoticed by the world.
And Official Secrets Act / equivalent, combined with a government-NDA and jail time for talking about it's very existence is literally routine. Has been since
Re: (Score:1)
There's no such thing as technologically unable to comply.
I do full drive encryption locally on a Mac, I choose not to use my Apple ID for rescue purposes. My rescue key is displayed on the screen, this key never leaves my system, Apple never sees it. Hence when Apple is ordered by a court to provide the key they are unable to comply. Unlike instances where the user chose to use their Apple ID for rescue.
Re: (Score:2)
Apple push an silent automatic update just for your computer that the next time you type in that key, it sends it to the FBI.
Next?
We're not dealing with a bit of software piracy or finding out who stole someone's Bitcoin, you're talking about agencies dealing with anti-terrorism and wars.
Re: (Score:1)
Apple push an silent automatic update just for your computer that the next time you type in that key, it sends it to the FBI.
You don't seem to understand the topic. That key is not something typed in regularly. It is the recovery key for whole disk encryption. It will likely never be typed in at all.
Re: (Score:2)
Doesn't work that way at AWS. All anyone in the company sees is a blob of encrypted bits to which they have no access unless the customer shares the key with them for some reason. If they have to move the data from one location to another or back it up they have to do the entire blob (that's what the data techs refer to it as, a "blob"), they have no ability to see what's in it. It's not like your local drive where the administrator can take ownership and view whatever they want. Go to AWS with a court
Re: (Score:2)
It could be done in a way that Apple does not know the key and is technologically unable to comply. But for such a low stakes system they would obviously never go through the trouble as it would cause more user friction than it's worth.
(You could have a privacy email be created as a totally unique auth key that's just stored offline on a User's apple computers and synced via an encrypted storage system).
Of course Apple could still associate source IPs for logins between multiple accounts.
Re: (Score:1)
Well... (Score:4, Informative)
Patel just kind of proved that the FBI is wasting resources on his girlfriend and I highly doubt the "threat" was in any way credible.
Re: (Score:1)
that yummy koolaid
Re: (Score:2, Offtopic)
Indeed. But for actual rule-of-law to reenter the picture, the current US administration needs to lose the mid-terms.
Re: Well... (Score:3, Insightful)
It will take way more than that. At the national level, the Democrat party is marginally better at where domestic resources go, but does all the same things just with more decorum and fancier words. Donâ(TM)t believe me? Check changes in net worth of people before and after they take office. Look how many grants flowed to âoewoman ownedâ private equity operations. Look at all the âoeextraordinary renditionâ operations.
Point is, I definitely want the current batch gone. But I want a
Re: (Score:2)
Mr Putin, is that you?
Every fact checker out there declares this one false and bogus. While corruption happens under all parties, this story is false. Repeating it as fact is dishonest. Please stop.
The current crass state of political discourse seems to use this sort of lie to justify one's own political team's increasingly lewd, illegal, and unconstitutional behavior. If you think we're bad, you should see those awful, evil, Democrats! Or, if you think we're bad thank your lucky stars the Republicans
Re: (Score:2)
there is a lesson to be learned (Score:2)
(if you need to keep it top secret)
Re: (Score:2)
Precisely! If one really needs an anonymous email, one should roll ones own mail server, and then get whatever anonymous email ID one wants. Doing it via anybody - Apple, Microsoft, Google, Oath,.... is downright idiotic
In fact, if privacy/secrecy is so important, it makes the greatest case for a home server and lab
Anonymous to whom? (Score:2)
Apple probably never promised that it would be anonymous to Apple, only that average joe won't get the information.
Re:Anonymous to whom? (Score:4, Insightful)
Apple probably never promised that it would be anonymous to Apple, only that average joe won't get the information.
Indeed. Providing anonymous emails to avoid giving your real information to spammers, tracking companies, and other commercial entities is one thing - but providing it so your authorities don't get it is a completely different ballgame. If you want rule of law back in the US, you need to get "MAGA" out of power completely and let the GOP rebuild as a conservative party while out of power for a long time at all levels. Maybe you even need a completely different party to emerge.
Re: (Score:2)
Apple probably never promised that it would be anonymous to Apple, only that average joe won't get the information.
Apple never promised anonymity, at least not broadly. All they promised is a unique email address that does not expose your real address when used. The official explanation is pretty clear that it is to help you prevent your email from view, not that it protected your identity from being revealed. Frankly, anyone that sends threatening letters to government officials and thinks a provider won't turn over their info is doubling down on stupid.
A right to abuse others (Score:2)
Why is this even a critricism? (Score:2)
I mean, this "anonymity" is protection against regular people as long as you do nothing criminal. And I very much doubt Apple ever claimed more. If you want something more, you need Threema or the like. And even they are limited in what they can do. This is not a problem that technology can fully solve.
Re: (Score:2)
To be fair, you don't have to DO anything criminal, you just have to be a suspect, or piss off someone with power and money. (like Patel) Then they get a court order, and then information is legally required to be handed over for investigation.
And so as long as you didn't actually do anything criminal, your identity should stay private and only visible to the investigators, and get swallowed by the system as the investigation gets closed. (unless above power/money pushes for a public arrest/hearing, regard
Re: (Score:2)
Legally speaking, threats fall under "assault". If I raise my fist to you and step up and punch you, I'll probably be charged with "assault and battery". Where "assault" is the "imminent, credible threat of physical violence" of raising my fist and approaching you, and "battery" is my actually hitting you, (and if I miss or you dodge, that trades n the Battery for a second Assault charge) It's an important distinction because the laws and consequences differ
A threat of physical violence must be credible to
Re: (Score:2)
No argument.
Re: (Score:2)
I mean, this "anonymity" is protection against regular people as long as you do nothing criminal. And I very much doubt Apple ever claimed more. If you want something more, you need Threema or the like. And even they are limited in what they can do. This is not a problem that technology can fully solve.
Fully agree! If a company is provided w/ a warrant, there's nothing they can do but comply. Unless they architected the very system so that such compliance was impossible
If the individual who wants that confidentiality was doing something criminal, then it's up to him to build himself a home lab so that he's not dependent on any company (other than maybe the ISP) to preserve his privacy
Apples Security features... (Score:2)
They are there to protect you from criminals and possibly help with privacy. It is not there to protect you from the government. Of course Apple knows who their users are and their emails and the name provided to them for it. Being able to provide an alias email is nice to avoid giving your actual email out but don't think Apple doesn't know and won't turn this over to the authorities upon request. Especially if they had a warrant.
Re: (Score:2)
They are there to protect you from criminals and possibly help with privacy. It is not there to protect you from the government.
I am struggling to understand the distinction.
Of course Apple knows who their users are
The best move would have been to not know, retaining some plausible deniability. But Apple has to have that yummy, yummy revenue.
Guy doesn't get it (Score:2)
Paraphrase reorder here.... (Score:1)
"a man who allegedly sent a threatening email to Alexis Wilkins"
"says Apple then provided records... associated with an Apple account" to the FBI
I think Alden Ruml caught the FBI!
His girlfriend (Score:3)
But NOT A SINGLE INVESTIGATION that I've read of on the death threats to judges who rule with the law, not Trump.
Doxxing the Accused (Score:1)
what's the story here? (Score:2)
Threatening violence is illegal. Also, it's morally wrong. Yes, Kash Patel is a corrupt moron, incompetent in his job, and destroying the justice system in the US on behalf of his boss (trump/putin). But that doesn't make it OK to threaten his corrupt girlfriend who is wasting tax payer dollars on her FBI-funded trips around the world with FBI-fu