I've been going back and forth with Apple about it for a year. We don't feel comfortable releasing the exploit details even though they're being slow. We think enough people rely on Hide My Email for personal safety that it would be irresponsible.

> We think enough people rely on Hide My Email for personal safety that it would be irresponsible.

I am guessing you haven't tried that excuse on the users your witholding is leaving exposed.

We're hoping that by notifying people that there's a vulnerability, people can stop using Hide My Email if it matters to them. I don't think that disclosing the exploit method will get Apple to fix it faster at this point.