Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses

One for anyone who knows people using iCloud's own version of Aliases - 'Hide My Email'

  • Tyler Murphy of EasyOptOuts found that the real address behind one of these aliases can still be uncovered, and took the finding to 404Media.
  • He first reported it to Apple in June 2025. Apple acknowledged it and said it would look into it.
  • Apple later claimed it had "addressed the reported issue in a recent system change." Murphy checked. The real address was still exposed.
  • He reported it a second time. Apple said it was still investigating.
  • In May 2026, Apple said a fix would land in a future security update.
  • As of Monday 29 June 2026, there is no fix, no timeline, and no working protection. The leak is still live.
404media.co
u/Proton_Team — 5 days ago
▲ 1.1k r/ProtonPublic+3 crossposts

Announcing Lumo 2.0: the most significant upgrade since launch

Hi everyone,

We’ve just launched Lumo 2.0, a massive upgrade which has seen our private AI tool rebuilt with reasoning, visual capabilities, memory, customizable AI assistants, and improved web-search. With this release, we have significantly closed the gap in terms of intelligence and capability with the latest and greatest models from OpenAI (ChatGPT) and Anthropic (Claude).

Here's what's new:

Performance

Lumo 2.0 has been rebuilt from the ground up, resulting in a 240% score increase on the independent Artificial Analysis Intelligence Index when comparing Lumo 2.0 Max to Lumo 1.4.

Lumo can now reason through complex, multi-step queries. You can now choose fast or thinking mode, making everyday interactions feel faster while giving complex, multi-step queries additional depth.

Multimodal

Lumo 2.0 is now multimodal. You can:

  • Upload and analyze images
  • Generate entirely new images from prompts
  • Edit existing images
  • Turn a rough sketch into finished artwork

As with everything in Lumo, this happens while your conversation stays encrypted and inaccessible to anyone else,  not even Proton.

Memory

Lumo can now remember context across conversations, learning your preferences over time. You stay in control: you decide what Lumo remembers, what it forgets, and what it never learns to begin with.

We've also doubled the context window, so Lumo can hold longer conversations and reason across longer documents and datasets you provide.

Custom Lumos

You can now build "Custom Lumos",  customizable AI assistants that follow your specific instructions every time, so you don't have to set the scene on every new conversation.

Web Search

Web search has been drastically improved, with live results and cited sources. Ask Lumo about current news, live financial data, or the weather, and it can generate brand-new widgets to display the answers.

Privacy

None of this comes at the cost of privacy. Lumo 2.0 keeps everything that makes it different to Big Tech’s AI:

  • Zero-access encryption, no logs, no data sharing
  • Never trains on your conversations
  • Fully open source
  • Built on European infrastructure, backed by Swiss privacy laws

Lumo 2.0 is live now. Use our Max and Lite model for free. A Professional tier is also available for teams.

Try it → proton.me/lumo

Stay safe,
Proton Team

u/Ok_Combination_1548 — 6 days ago
▲ 196 r/ProtonVPN

The UK's social media ban for kids could make privacy worse | Proton

The UK has announced it will ban children under 16 from social media. The problem? Australia tried this six months ago, and it's already falling apart. 70% of banned teens are still accessing platforms by lying about their age.

On our blog, we discuss the privacy problems and inherent difficulty of this kind of government action...

proton.me
u/Proton_Team — 7 days ago

Switching from Google Workspace to Proton just got easier for teams

Hi everyone,

More and more organizations are looking for alternatives to Google Workspace. Some want greater control over their data; others are looking to reduce their dependence on Big Tech. But for most teams, the migration itself remains the biggest obstacle.

To make that process easier, we've made updates to Proton that make it easier than ever to move your entire team away from Google.

Admins can now easily migrate their organization's email, contacts, and calendars to Proton Mail through a self-serve tool in their administrator account.

What this looks like in practice:

  • An administrator sets up the migration
  • Emails, contacts, and calendars are copied over automatically
  • Google Workspace and Proton run in parallel during the transition so your day-to-day operations run smoothly
  • Once migration is done, you can move fully to Proton and leave Google Workspace behind

Currently, the migration tool supports Google Workspace. We're working on adding more providers over time.

This feature is being gradually rolled out. If you don't see it yet, keep an eye out.

More info in our blog: https://proton.me/business/blog/proton-mail-easy-switch-for-business 

This is part of our ongoing work to make switching to Proton more practical for teams.

It would be great to hear how you've handled switching (or why you haven't). Let us know in the comments below.

And as always, stay safe,

Proton Team

u/Proton_Team — 19 days ago
▲ 484 r/ProtonPublic+1 crossposts

Proton VPN’s no-logs policy annual external audit

We’re pleased to announce that Proton VPN has passed a fifth consecutive annual third-party audit of our infrastructure that confirms our strict no-logs policy. When we say we are a no-logs VPN, it is not just a claim: it has been double-checked by independent experts.

Many of our competitors have never been independently audited or have performed a slight-of-hand, getting their privacy policy audited instead of their actual no-logs infrastructure. And even where their no-logs claims have been independently verified, many don't publish them, require you to sign a non-disclosure agreement to access them, only make them available to paying customers, or otherwise make it difficult to read the report.

By contrast, Proton VPN openly publishes the full no-logs report for anyone to read. As an organization founded by scientists who met at CERN, we believe in peer review and transparency. This is also why we make all our apps open source so that anyone can examine our code. 

Read more: https://protonvpn.com/blog/no-logs-audit

2026 audit: https://drive.proton.me/urls/DZVEJZFYHM#FPSKdUEykprb

u/Ok_Combination_1548 — 20 days ago

How VPNs Work Exactly (And What You Can Do With Them)

Why should your internet provider or the government have a say in how you browse the web?

This video explains what a VPN actually does, how it helps keep your online activity private from marketers and data brokers, why people use VPNs to bypass restrictions and protect their privacy, and even how a VPN can speed up your internet connection.

Using simple examples and visual demonstrations, our recent video breaks down how VPNs work, why some countries and networks try to block them, and how Proton VPN features like Stealth mode and Smart Routing help users stay connected.

Whether you're interested in online privacy, avoiding censorship, or simply understanding what all the VPN hype is about, this video explains it without the technical jargon.

youtu.be
u/Proton_Team — 21 days ago

Introducing Proton Drive CLI: Use Drive from your terminal

Proton Drive CLI

Yesterday, we launched Proton Drive CLI, available for Windows, macOS, and Linux. It's built on the same SDK that powers our official Drive apps, so it's fully interoperable with them. Anything you do through it is protected by the same end-to-end encryption.

If you've ever wanted to script Proton Drive into a backup job, deployment pipeline, or cron schedule, this is the tool for that. Upload files after a build finishes, back up a folder on a schedule, invite a reviewer, or check what’s been shared, all from the terminal, all scriptable. Output can be configured for automation, or left human-readable.

At launch the Proton Drive CLI supports common Drive operations such as listing folders, uploading and downloading files, trash, sharing, and invitations. Coming next will be photos/albums, public link sharing, and multi-account support.

A Linux desktop app with full sync is also still on the way; the CLI is a complement to that, not a replacement.

Read the full writeup with usage examples and build-from-source instructions: https://proton.me/blog/proton-drive-cli

Skip the blog and download: https://proton.me/drive/download#desktop

reddit.com
u/Proton_Team — 26 days ago

Proton Drive AMA - (Announcing) CLI. Discussing also the SDK & Crypto updates

Hi everyone,

We're excited to soon host an AMA with:

- u/Proton_Andrew: Director of Engineering - Drive
- u/horejsek1: Proton SDK & CLI Lead
- u/vonaesch: Proton Drive Desktop Engineering Manager

Topics up for discussion are the new Command Line Interface for Drive; our recent SDK developments which have made uploads 3x faster and downloads 2x faster; and the recent cryptographic update, which makes encryption when uploading files up to 4x faster

Submit Your Questions

Drop your questions below, and we'll answer as many as time allows, please keep to topic so that we aren't asking engineers working on one thing about another.

We're looking forward to a great discussion.

>Thank you all for participating, as well as the Drive Team. We'll check back and respond to things async.

u/Proton_Team — 28 days ago

Proton Drive’s latest cryptographic update makes encryption when uploading files up to 4x faster

Hey everyone,

A quick follow-up to the Drive engine rebuild we shared earlier, as we've also upgraded the cryptography layer underneath it, and as a result, new file uploads are up to 4x faster.

End-to-end encryption is the whole point of Proton Drive, every file gets encrypted before it leaves your device. But this single extra step tends to add a performance cost; this latest update cuts that down significantly.

What's changed:

  • Up to 4x faster new file uploads from a more efficient encryption layer
  • We've adopted a newer version of the OpenPGP standard (the crypto refresh), using AES-GCM that takes advantage of hardware encryption on most modern devices
  • Encrypting a 4MB file on mobile dropped from 97ms to 32ms; on a fast desktop, from 12ms to 3ms
  • In practice: encrypting an HD movie or ~1,000 high-res photos went from about 90 seconds to 30 on mobile, and from ~12 seconds to ~3 on desktop

One thing worth flagging: to get these benefits, and to keep editing files uploaded after this change, you'll need to update your Proton Drive apps. Older clients that don't support the new scheme won't be able to update those files, so grab the latest version.

For developers and the wider privacy community, the Drive SDK that made this possible is previewed on GitHub.

Read in full here.

If you've already updated, let us know how you’re getting on in the comments.

Stay safe,

Proton Team

u/Proton_Team — 1 month ago

We rebuilt Proton Drive’s engine. Now it’s up to 3x faster on all platforms.

Hey everyone,

We've been rebuilding the foundation of Proton Drive around a new shared engine: the Proton Drive SDK. As of right now, Proton Drive will feel faster and smoother than ever before, across every platform.

What has changed:

  • Uploads are up to 3x faster across platforms
  • Downloads are up to 2x faster
  • A cryptographic update that delivers a boost in performance speed for new file uploads
  • Smoother, consistent performance across platforms: photos timeline scrolling, as well as album and photo loading are faster everywhere, since all clients now share the same underlying engine

For developers and the wider privacy community, a preview of the SDK is available on GitHub, making it easier to understand and build on the shared engine that powers all Proton Drive.

Read in full here.

If you've already noticed the speed changes, we'd be curious to hear how it's been on your end. Let us know in the comments how you’re getting on!

Stay safe, 

Proton Team

u/Proton_Team — 1 month ago

Good Luck Opting Out: Manipulative Design Patterns in Opt-Out Processes

The Electronic Privacy Information Center just dropped a report on the 8 Manipulative Design Patterns in Opt-Out Processes.

It analyzes how 38 platforms make it difficult for you to exercise your rights.

The full report is a great read, which hopefully will better equip you to ensure that opt-outs are completed as fully as you need them to be.

It also has a raft of recommendations for policymakers and regulators looking to stop these practices.

epic.org
u/Proton_Team — 1 month ago

Proton Pass CLI code now open source.

ICYMI, Proton Pass has a CLI.

This is useful if you want your Proton Pass items and vaults available directly from the terminal, and it includes the ability to manage permissions for items and vaults.

You can read about that release here: https://proton.me/blog/proton-pass-cli

The Proton Pass CLI

We're happy to announce that you can now view the source code: https://github.com/protonpass/pass-cli

Enjoy & stay safe,
The Proton Team

reddit.com
u/Proton_Team — 1 month ago

Switching from Gmail to Proton Mail just got easier (for individuals)

Hi everyone,

We've made some updates to Proton Mail that make it easier than ever to ditch Google for you, your friends, and your family.

Bring your Gmail into Proton Mail

You can now connect your Gmail account to send + receive emails directly inside Proton Mail.

  • Reply from your Gmail address without switching apps
  • Existing and incoming Gmail messages appear in Proton Mail.
  • Emails between Gmail accounts connected to Proton Mail are end-to-end encrypted. Google cannot read them.
  • Actions taken in Proton (archiving, deleting, folders) are not reflected back in Gmail.
  • Incoming Gmail messages are stripped of trackers and ads.
  • Disconnect your Gmail at any time.

If you're managing multiple inboxes, this makes it easier to transition to Proton Mail.

This feature is now available to Visionary users. The rest of the rollout is gradual, so if you don't have access yet, keep an eye out.

We know this doesn't solve everything. This feature exists to make leaving Google smooth, easy, and at your own pace. Sent and received emails from your Gmail address still can pass through Google's servers, so be sure to keep sensitive communications on Proton. Over time, you can switch everything that matters to Proton Mail, then drop Gmail for good.

More info in our blog: https://proton.me/blog/proton-mail-connect-gmail

This is part of our ongoing work to make switching to Proton Mail more practical.

Currently, this feature supports Gmail accounts. If you don't use Gmail, you can still import your email from Outlook, Yahoo, and Apple Mail using our existing import tool. We're looking into adding more providers over time.

It would be great to hear how you've handled switching (or why you haven't). Let us know in the comments below.

And as always, stay safe,
Proton Team

reddit.com
u/Proton_Team — 1 month ago