A quiet domain change. A developer note on a Monday. And a feature that millions of iCloud+ subscribers rely on for privacy is about to work a lot differently, right as the Trump administration is pressing tech companies to unmask anonymous accounts.
Monday, June 16, 2026: Apple informs developers that it is changing the domain used by its Hide My Email privacy feature, with anonymously-generated addresses moving from @icloud. com to @private. icloud. com. This will make it easy for any app or website to instantly detect and prevent users from signing up with clean email aliases. It is unknown why Apple is making the change.
The feature works because of invisibility. Once that invisibility is gone, so is most of the protection.
What Hide My Email Is And Why This Kills the Point
Hide My Email is one of iCloud+’s most genuinely useful privacy tools. It has been since Apple introduced it in 2021.
The mechanics are simple. When you sign up for an app or a website, instead of giving them your real email address, Hide My Email generates a random alias, something like xk7qp2@icloud.com, that forwards messages to your actual inbox. The company gets an address. You get your emails. Your real address stays private.
The reason it works is the domain. Those randomly generated aliases look exactly like any other iCloud email address. tim.cook@icloud.com looks the same as xk7qp2@icloud.com to a filtering system. There is no way to tell, from the domain alone, which one is real and which one is an alias.
That changes the moment Apple moves aliases to @private.icloud.com.
Now, any website or application that wants to block anonymous sign-ups has to add @private.icloud.com to its blocklist. No sophisticated detection. No pattern matching. One domain, one rule, done. Users who relied on Hide My Email to sign up for services that block throwaway addresses, which is precisely what Hide My Email is, will find the feature has stopped working.
Apple told developers that existing addresses will continue to forward mail without interruption. That is true, and it matters. But new Hide My Email addresses generated after the switch will carry a flag indicating their nature to anyone who wants to check.
Apple Said Nothing About Why
Apple did not respond to TechCrunch’s request for comment. The developer note announcing the change offered no explanation for it.
That silence is its own kind of signal.
Companies that make changes that genuinely benefit users tend to explain those changes. Apple’s entire marketing identity for the past decade has been built on privacy. “What happens on your iPhone stays on your iPhone.” The App Tracking Transparency framework. iCloud Private Relay. Hide My Email itself.
A change that makes a privacy feature easier to circumvent, announced with no public explanation, from a company whose brand is privacy, warrants more than a developer note.
Apple users on Reddit noticed immediately. Threads calling out the change appeared within hours. Several described it as “pointless” once the domain switch happens. Others noted, more darkly, that it makes Hide My Email addresses trivially identifiable by anyone, including law enforcement.
The Context Apple Did Not Include in Its Developer Note
Apple turned over the real account information of a user who had generated a Hide My Email alias to send an allegedly threatening email to the girlfriend of FBI director Kash Patel. The user believed their identity was protected by the alias. Apple had the real account information and handed it over.
That case established something important: Hide My Email does not protect users from Apple. Apple knows who generated every alias. The feature protects your identity from apps and websites, not from Apple itself, and not from anyone who can compel Apple to produce records.
Now, with the domain change, the feature will not even protect your identity from apps and websites that choose to check.
The Trump administration has spent the past year actively pushing tech companies to unmask anonymous accounts, particularly those belonging to Trump critics. The Department of Homeland Security has used subpoenas to demand data from tech companies about their users. The administration’s posture toward anonymous online speech has been consistently hostile.
Apple has not confirmed any connection between those efforts and this domain change. The company has not said anything at all. But the sequence of the administration’s pressure campaign, the FBI Patel case in March, and now a domain change that makes Hide My Email aliases identifiable, is one that Apple’s silence does nothing to address.
What This Means for iCloud+ Subscribers
Practically speaking, here is what changes for the people paying for iCloud+.
Existing Hide My Email addresses will keep working. If you have already generated an alias for a service, that alias will continue forwarding messages to your real inbox. The change does not break existing addresses.
New aliases, generated after the switch, will use @private.icloud.com. Services that want to block them can do so trivially. Services that already accept iCloud email addresses will likely continue to work until they update their filtering, which Apple specifically noted they would need to do.
The broader effect is that Hide My Email becomes less useful for the purpose it was designed for. Creating a new account somewhere with a private alias was the point. If the service blocks @private.icloud.com at signup, the alias is useless before it even generates a message.
For users who want email privacy going forward, the options narrow. Alternatives like SimpleLogin, AnonAddy, and DuckDuckGo Email Protection use custom domains that are not tied to a single identifiable string. They are harder to block universally, though not impossible. Apple’s new domain makes its own service easier to block than any of those alternatives.
What Apple Has Not Explained
Three questions Apple has not answered, and should.
First: why now? The feature has operated on @icloud.com since 2021. What changed that required this domain switch in June 2026?
Second: Did any government request or legal pressure contribute to this change? Apple’s transparency reports document government data requests. This change is not a data request — it is a structural modification to how the feature works. Apple’s transparency reports would not capture it.
Third: what does Apple intend to do for users whose legitimate privacy needs are now undermined? Apple markets iCloud+ partly on the strength of Hide My Email. A change that weakens the feature without explanation is a change that arguably weakens the value proposition users paid for.
Apple did not respond to TechCrunch. It has not issued a public statement.
The developer note said the change is coming in the coming weeks. After that, every new Hide My Email address will announce itself.
