Apple introduces email masking for apps and websites, but law enforcement access remains

Apple has handed over identifying information linked to at least two users who relied on its privacy-focused email masking feature, highlighting the limits of anonymity when faced with legal requests.

The feature, known as “Hide My Email,” is available to iCloud+ subscribers and allows users to generate random email addresses that forward messages to their primary inbox. While Apple maintains that it does not read the content of forwarded emails, newly surfaced court documents indicate that the company can still associate these masked addresses with real user identities when required by authorities.

According to legal filings, the Federal Bureau of Investigation requested user data from Apple earlier this month as part of an investigation into an email that allegedly contained threats directed at Alexis Wilkins, who has been publicly identified as the partner of FBI director Kash Patel.

Court records show that Apple responded by confirming that the anonymised email address in question was linked to a specific Apple account. The company also provided the account holder’s full name, primary email address, and details associated with 134 additional masked email addresses generated by the same feature.

In a separate case, federal agents from Homeland Security Investigations, a division of U.S. Immigration and Customs Enforcement, obtained similar data from Apple as part of an inquiry into an alleged identity-fraud operation. Investigators reported that the suspect had created multiple anonymised email addresses across different Apple accounts using the same masking feature.

Although Apple promotes strong privacy protections across its ecosystem — including end-to-end encryption for certain iCloud services — not all user data is protected by those safeguards. Information such as account names, billing details, and some email-related metadata remains accessible to the company and can be shared with authorities when legally required.

The situation also highlights a broader limitation of email communication. Most email systems are not end-to-end encrypted, meaning messages often travel in readable form across networks. This has contributed to the growing popularity of secure messaging platforms like Signal, which are designed to keep communications private from both surveillance efforts and potential cyber threats. Overall, while Apple’s email masking feature offers an added layer of privacy for everyday use, it does not guarantee complete anonymity in the face of lawful investigations.