Email Address Leaked

Roz · July 23, 2022, 11:14pm

I shopped at Apple on a government assigned Windows computer, and, then ordered on my Apple device. There’s no problem usually using my day job computer for browsing the web etc…on my breaks you know.

By shopping I mean I added some mac products to the shopping bag to compare.

Very weird but after I had ordered my Studio Display, the notifications showed up in my government email inbox. I’ve spoken to Apple twice as to how this could happen and was told that it was something in my “settings” on my government laptop. To state the obvious I have never emailed Apple from the gov’t laptop, or provided Apple with it for any reason (simply the last thing I want or should do).

So after being told by the Apple employee that they would direct all future emails to the email address on my profile I moved on. As you guessed, the next email after (returning my Studio Display because a firmware update bricked it) was back to my gov’t laptop.

So now weirded out by this, but feeling frustrated also, does anybody have any thoughts on this? It’s an email leak and my privacy has been compromised contrary to Apple’s commitment to privacy. Does anybody have an in with Tim? …

It’s an odd story and I just wanted to get some thoughts on this?

Thanks,
Roz

simonsmark · July 23, 2022, 11:46pm

Impossible to say with the info provided. Need to understand proxies, gateways, browsers, logons and more. I take it the gvt has sophisticated monitoring of internet traffic, and anything you do is related to your authentication on that machine and network.

What browser did you use on gvt PC? Were you logged in with your gvt account in the browser? If so it could be as harmless as cookies, I assume you were logged in with your AppleID when you created the shopping card; in which case you would expect that be the only email to be used by Apple.

Roz · July 24, 2022, 12:34am

Thanks for your reply… I was using Chrome and was not logged into the browser. The other things like proxies, gateways; I actually am not aware how they work in a detailed way, but the overall issue is perplexing for me.

Appreciate your thoughts!
Roz

mina · July 24, 2022, 2:34am

It’s hard to say how the email was leaked, but I feel it’s something to do with your Windows settings than to Apple.

However to move forward, you should call Apple again and ask them to make sure that your government email has been completely deleted from their backend, and they should send you an email confirmation that this process has been completed.

Do you have a purchase receipt on your government email? Do you think you might have ordered the monitor as Guest, and Chrome auto-complete added your government email when asked to provide an email?

WayneG · July 24, 2022, 3:12am

Since you were using a browser I would guess that your govt email address was either cached somewhere in the software, or you accidentally typed it in. And if this isn’t the first time you contacted apple from your work laptop it could have happened some time in the past.

But I wouldn’t worry about it. It is impossible to keep an email address private. Your address is on every server and in every account of everyone you have ever you have ever emailed. And so are copies of your messages. Apple is just one additional system where your address was stored.

Roz · July 24, 2022, 2:14pm

Thanks for your input on this Wayne …very true about our data being leaked continuously. I’m usually really careful about what email is keyed in. Appreciate your suggestions.

Roz · July 24, 2022, 2:16pm

Thanks Mina … I’ll reach out to them again, appreciate you thinking on this!

margaretamartin · July 24, 2022, 8:51pm

As the others said, this likely has nothing to do with Apple. The government email address was likely handed to Apple at some point while shopping — my guess is during the “add to bag” process, probably due to it being saved somewhere in Chrome’s settings (since it’s Chrome, and not Microsoft’s browser).

I’m not sure it would be considered a breach of privacy — you’d have to read Apple’s statements about privacy. In general terms, though, email addresses are not in any way private. They are meant to be shared, and as @WayneG said, your email address is on every server you’ve ever sent email through and on every individual’s computer/device that you’ve corresponded with, and any online backup services that those computers use, etc.

And if the email address was shared through Chrome’s mechanism, then it’s Google that is at fault, not Apple. This wouldn’t surprise me at all, and it’s one reason why I don’t use Chrome unless I have no other choice.

However, I agree that it’s a bit spooky!

I’d like to know if in Chrome you were logged into your Apple ID when you shopped and placed the items in your bag. And when you later purchased them on an Apple device, were you logged into your Apple ID? If you were using a web browser on an Apple device, that would mean you were logged into your Apple ID in the web browser when you connected to Apple’s web site (even when using a browser on an iPhone, for example, it’s an additional step to log in). If you were using the Apple Store app on an iPhone/iPad, you likely were logged into your Apple ID (though I think it’s possible to log out).

If you were logged in everywhere throughout the process, I would expect that your Apple ID email address would receive the notifications.

But if you were logged out of your Apple ID when you later made the purchase in Safari on a Mac, then I wouldn’t be surprised if it grabbed the work email address. I know that I have frequently made purchases in Safari on my Mac without being logged in (you don’t get prompted to log in when buying), and those purchases are not “associated” with my Apple ID. My Mac was logged into my Apple ID, but I was not logged into Apple’s web server via the browser.

Also, this is assuming that you made the purchase from the “bag” you created on your work machine. If you abandoned the full bag on your Windows machine and then purchased on your Apple device starting from a new, empty bag, (to which you added the products that you previously looked at), then I would be surprised if the sales confirmation was linked to your work email address. However, if your Apple device was on the same network as your work device when you made the purchase, and especially if you also weren’t logged in at the time, then your work email address could be linked.

It’s a complicated business, as you can see.

It is possible to tell Apple that those purchases should be associated with your Apple ID. Perhaps that wasn’t done in your case when you talked to Apple support, which is why the work email address was again used regarding this purchase. Or, if the next email was not related to the purchase email, then the initial purchase triggered being added to one of Apple’s mailing lists. In that case, a simple unsubscribe on your part should stop it.

Final note: I suspect that this sharing of email addresses isn’t nefarious. It’s more likely due to the programmers wanting to make e-commerce work easily and reliably for consumers (and the companies and payment processors), hence linking a potential purchase to an email address.

Roz · July 29, 2022, 3:15am

Thank you Margaret for your detailed response. You have given me a number aspects from which to view the situation.

On my work “PC” I bounce back and forth between browsers but have really came to the conclusion that I was using Firefox when shopping. But, the situation still remains a mystery.

I agree it’s not nefarious and adds an advantage to the on-line shopper usually. But does give me pause now having seen the process in action.

I’ll re-read your notes and approach the issue shortly.

Again so appreciate your input!
Roz