MAJOR privacy problem with 10.7.2!

Discussion in 'Mac OS X Lion (10.7)' started by fluffy, Oct 16, 2011.

  1. fluffy macrumors member

    Aug 7, 2003
    I have reported this issue to Apple via the "submit feedback" thing, but that's such a black hole (I love how the latest version on that page is still 10.7.1). Here's my Apple Discussions post:

    The summary of it is that if you're using CardDAV to store your address book and your CardDAV account's "display name" is the same as your email address, "helpfully" auto-expands your email address into the entire address book - EVEN ON THE FROM: LINE. And the latter one doesn't even appear on the local side (not even in sent mail).

    So for example, if my email address is and I send an email to someone else, instead of the header saying:

    it says (email addresses are obviously complete fiction):

    The only way I was even aware that this was happening was that I got a bounce message from a spam filter - after I'd sent out several other emails as well. I have no idea how many bounces have ended up getting sent to my entire address book. I have no idea how many people have RECEIVED messages including my entire address book. This is frustrating and terrible and I am so very, very upset at Apple right now for allowing this "feature" to go in, in such a destructive way.
  2. Four oF NINE macrumors 68000

    Four oF NINE

    Sep 28, 2011
    Hell's Kitchen
    First I've heard of that.. but I don't know what a CardDAV is.. Are you using MacMail? Is CardDAV your address book? :confused: Does this have anything to do with a MobileMe account?
  3. fluffy thread starter macrumors member

    Aug 7, 2003
    CardDAV is an open standard for storing and synchronizing address books. It's like CalDAV, but for address books instead of calendars. It's actually part of the same protocol suite as CalDAV.

    This has nothing to do with MobileMe.
  4. derbothaus macrumors 601


    Jul 17, 2010
    Don't name a group the same as your user name. Should be solved. Also have you verified that it isn't just on kick backs that this is seen? The error reports will have more info than standard mail header (so you can troubleshoot)
  5. fluffy thread starter macrumors member

    Aug 7, 2003
    I didn't name the group the same as my username, that was the 'display name' on my CardDAV server. I was able to override that.

    And yes, I have verified it's not just on bounces (of course how would the bounce have my entire address book if hadn't been SENDING IT to begin with?). I was able to send an email to an un-spam-protected account and the From: line included my entire address book. My "sent messages" folder shows it as having just come from me.

    OSX 10.7.1 didn't have this problem, either. It's obviously a change they made to recently. Why would they EVER expand the From: line, anyway? That's really the root problem.

Share This Page