543 comments

[ 2.7 ms ] story [ 324 ms ] thread
Per a screenshot in the Keynote, Sign in with Apple will also work on the Web, which will be interesting.
They already offer Apple Pay on the web. I imagine the experience will be similar here.
True, although that would imply Sign in with Apple would be Safari-only, which might be a hard sell.
Might be a JavaScript API like MusicKitJS, since I don’t see this requiring hardware support.
Safari has a really high market share on mobile, so I would not discount it especially for non-power users who primarily just use their phone.
Disposable, anonymous email forwarding is a massive step forward for privacy. I know we've all been doing it for a while, but this on a consumer level is fantastic.
I wonder how many poorly designed database schemas this will break that used email as a primary key/id.
I think the email is consistent for each app, so there should only be a problem if the user wants to change their email, right? Plus, apps would have to opt-in to support this.
Why would this break any databases? Accounts will still have valid emails. The difference is just that there won't be data for that email in third-party tracking databases, which is a good thing.
I don't think you'll find much sympathy for someone who's software would break on such a change. That sounds broken already.
Yeah, it doesn't break anything. It just reveals that it was already broken.
If you don’t use apple, I just built this as a stand-alone product: https://idbloc.co
There is also spamgourmet, which is free and has been around for 20 years.
Unfortunately they’re not accepting new signups
Oh, I hadn't noticed. Your service looks nice, and if spamgourmet is not taking new signups it does make even more sense.
This looks a lot like 33mail (https://33mail.com/) which I've been using pretty happily for 4-5 years now (and paying I think $10-15 a year for, so a lot less than this on a per month basis, but they're not strictly unlimited)
33mail is cool but the domain being the same & unique for each user removes the privacy element, and it asks users to make up their own addresses (and remember them), which can be dangerous. For example you might create facebook@dave.33mail.com, so it’s very easy to guess what Dave’s twitter login is or other target.

With Idbloc (and apple sign in) the address is completely random and untraceable, and it’s impossible to tell which addresses belong to which users.

From the web page, I cannot tell what pricing is going to be - looks like you go out of your way to not scare off potential users. I can't find pricing information at all via Google searches, either.

That's something I really dislike. Perhaps it's a necessary evil.

It’s at the bottom of the landing page: https://idbloc.co/#pricing

The goal is to explain the concept ahead of the pricing as I think it’s quite novel to most users.

I pay $30/year for a cpanel host that includes unlimited mail forwarding for any address on any domain. This is a byproduct of what I really do which is host a bunch of sites. $48/year for email scrubbing seems like a high price.

I think it’s great, and use it a lot. Just wonder how you got to that price vs like $10/year.

Pro users subsidise the free ones, unfortunately. Assuming a 1% conversion rate to pay server costs and 1-2 devs full time at 4 usd/pro user/month you need 2500 pro users, which is 250,000 users.

That and people pay 4 bucks for a coke these days so it’s not really much. Also cPanel is most definitely an expert tool.

I might make it paid only soon and reduce the price but at present there’s not much option to get real feedback and user traction.

Once it's up and running, does it really take 2 full-time people to keep it running?
Thanks, this helps me understand and I appreciate you going into cost model for something that’s really up to you to decide.

$4 is not very much, you’re right, but that doesn’t mean that it should be spent unwisely otherwise it adds up quickly. It seems unlikely that this would need a full time dev to operate and seems more like a “4 hour workweek” type business once it’s set up that would have pretty minimal maintenance, or a super bored developer waiting around for a bug to patch.

Do you think you’ll drop the price once you no longer need a dev?

That page should have some sort of indication that it's scrollable since browsers increasingly don't show visible scrollbars until you're already scrolling. Something like Bootstrap's scrollspy might be useful since it could also show you the sections further down before you scroll through the intermediate sections.
Thanks. I had not noticed even though I scrolled to the bottom
the super annoying "can i help you?" popup after 10s is revolting. i closed the tab immediately without learning more. it's cheesy, pushy, and seems antithetical to a service that offers privacy. i recommend you turn that thing off.
Thanks for the feedback, I’ll try to tone that thing down a bit. The thing is, some people LOVE the chat widget. Especially for those users who don’t want reveal their real email address but have a quick question. I’ve had at least 3x more chats on there than support emails.
Chat is awesome. Personally I love it. You get to talk to someone in real time. What's not to like about it. I'm not sure why the OP is so revolted by it. Maybe remove the sound but leave the popup and chat.
When you're trying to read the site for yourself, it can be distracting and a bit obnoxious.
> You get to talk to someone in real time.

Except it’s not real time until a support person is notified and responds minutes or sometimes hours later. Chat pop ups feel like a lame trick these days every time I try to use them; they pretend like they’re going to be fast and then make you waste your own time waiting. The last one I used the other day made me wait more than 10 minutes, so I did something else, and when the support person responded and asked a follow up question and I didn’t answer in 5 seconds, they closed the support ticket, making me start over. I’d rather use email.

Maybe just have a chat button or a link to the chat on your support page? I'm in the strange position of both liking the chat approach (I've used it on Dell's site, probably others), and also very much disliking chat popups. It feels like it's really there so that someone can convince you to buy something. It's even worse when there's a fake initial message - "Hi there, I'm Jen. Can I help you?" - it seems especially imposing.
Great! I used a service like this many years ago and they shut down after a few years. Have been looking for the same thing for years but seems like nobody's been doing it, or at least not in a user friendly way. Will give this a try.
I like it! how long have you been around? Do you think Apple's product might bring more awareness to yours?
I agree that it is great. I'm not sure how we convince people to not signup on sites that don't offer this SSO option. I've always struggled with the question of 'How do we convince people to care about privacy when they post their location and meal to a public social media every hour?'.
My rule, and it is a semi-idiotic one, is "i don't impulse buy from independent merchant websites that don't support apple pay at checkout".

I usually email them after, too. "I actually clicked through your instagram ad, looked at some clothes that looked nice, and didn't buy anything because I was on my phone and didn't want to make a new account and add credentials to my password manager. Have you considered adding apple pay support to your shopify account?"

I have no idea if i'm helping or not.

It's dumb that so many sites require you to create an account just to buy something from them.

One of the reasons I get lunch from Panera and Pei Wei is because I can check out on my phone as a guest when I order ahead.

Heck, even fleaBay lets you do a guest check out now. That was what made me consider using it again.

I think it's not an idiotic idea, it's just that your idea of what counts as third-party payment support is a single smaller payment provider located mainly in the United States. I follow a similar policy, but in my case the third-party payment services are Paypal, Stripe, and Coinbase, all of which are reliable and don't require me to give financial data to the seller. Paypal seems to be near-universally supported on small ecommerce sites.
Note that PayPal gives away your email address, and I’m not a fan of that. If a third party wants my email address, they should ask me directly (and I’ll give them a unique one); PayPal shouldn’t distribute my email address for me.

Look, I use three email domains for online accounts, in addition to a unique address for each account — one domain that links to my actual identity (my public-facing, professional domain), one domain that’s somewhat anonymous, and one domain reserved for highly sensitive accounts, e.g. online banking, PayPal, AppleID, etc. And PayPal sharing my email address with third parties breaks the model, making my sensitive domain less secure.

i picked shopify because i know they have an apple pay switch.

i don’t care who processes the payment, i just like being able to buy physical goods without making a new account, and ideally without any more friction than faceID while impulse-buying nonsense while i’m on the toilet :)

(comment deleted)
Convenience. This feature is good even if you don’t care about privacy.

Password management is a big problem for non-technical users. Even for people who don’t know/care about security and reuse the same password everywhere, it presents a huge issue when their preferred password doesn’t meet the website’s requirements. They are then forced to make one up which they’ll never remember so it’s gonna be a headache down the line when they need to sign in again.

When they learn that the magic “Sign in with Apple” button allows them to avoid all that, they’ll want it even if they don’t care about privacy.

And being done by Apple, most services can’t just reject these the way they do with Mailinator addresses, since it would be throwing away a giant chunk of their revenue. Apps with huge consumer demand like Uber or Facebook could get away with it, but not the vast majority of apps.
I think this will be proven wrong. Do you think that the folks using Mailinator are strictly non-Apple users? As an Apple user that signs up with a mailinator ID, if rejected I either move on or use a more palatable address, as the case may be depending on my desire to use that service. The same will hold true for any private appleid address.
You're missing the scale. Mailinator users are a very small percentage of users, while Apple Sign In users are likely to represent a much larger slice of your potential users, given that you have a honking great button there waiting for them.
I’d say that one month from release, 100 times as many people will know about Sign in With Apple as have ever used Mailinator. And Apple marketing will drill into them why they should use it, and mark apps in the App Store that support it. Eventually for experimental apps that they are not 100% decided on getting, there will be a large fraction of users who simply won’t try an app that doesn’t support it.
I think there are two differences here:

1. Services have little incentive to support mailinator, and indeed may deliberately choose not to if they feel it is leading to signups they don’t like. On the other hand it would be hard to argue with an incentive like the App Store requiring you to support apple’s service.

2. Because the service is built in to apple’s systems there seems to be an implicit contract that apple wont let it be abused for the purposes that many sites claim mailinator is used for (because it isn’t useful to apple customers if sites don’t trust it and it). So they might be more willing to accept these email addresses.

I guess neither of these help services like mailinator gain credibility.

Right. One of the big things about Apple getting into something, even if it's been done before, is that they carry enough influence to strongarm other companies into respecting their paying customers. It's great.
It strikes me as terrifying, personally, but to each their own.

I have been responsible for creating and maintaining an app generation system. Among other things, it taught me that App Store Connect has many sharp edges showing how easy it is to abuse the kind of power you've correctly pointed out Apple has.

In a world where every other tech company swindles and manipulates consumers at every opportunity, I'm happy that at least one is incentivized to do the opposite, and has the power to do so.
Apple swindles and manipulates the user to buying a new device whenever there is any fault at all because everything is glued and soldered together so fixing anything requires buying half of the device.
I don’t think that is a fair comparison. Aside from hardware va software I personally have never had an issue with apple products last 3 or more years. Get apple care and they just fix or replace it when anything goes wrong. Better experience then my friends seem to have with other manufactures.
I have a collection of broken apple products from other people who were going to throw them out. Usually they have a fairly minor issue but its just about impossible to fix because of the use of insane amounts of glue or one way clips
It’s pretty funny though that you consider a few dozen Apple broken devices as "a collection" meanwhile a few dozen of Android broken devices is generally considered "a pile of thrash".

And this effect is massive last week I offered two of my old laptops to a friend child wanabee hacker. He quickly considered a 2012 HP for parts, then he kept on thanking me for a working state 2002 PPC iBook.

PS: To be honest he might be ranting about it in a few day, I’ve played around it a little and that 2002 iBook bios is a mostly undocumented nightmare!

I went through the pile of Apple stuff we'd collected over the last few years and repaired them myself. Annoying + fiddly but simple and extremely possible with some spare parts, a $20 toolkit, and care + patience.

The battery glue is like a 3M command strip, you're supposed to remove it by applying tension to the side. You need the heat source if the strip breaks and gets trapped underneath, but I used dental floss instead.

Personal experience. Battery change on iphone SE, cost $75. They couldn't safely do the replacement (broken tabs on battery) and they simply replaced the phone.

I'm not sure how this is manipulating to get me to purchase a new phone.

That's not much better. Another phone goes to landfill because not even apple was able to repair it due to their horrendous practicices. It took me half an hour to remove a battery from an iPhone and I had to get the hair dryer out to melt the glue. With other devices I just unscrew a bracket holding the battery down and it takes me 5 minutes.
> Another phone goes to landfill

That's disingenuous. Apple has a recycling program, where they take apart every component to be reused or recycled into new materials.[1]

[1]: https://www.apple.com/newsroom/2018/04/apple-adds-earth-day-...

Has a recycling program =/= everyone who ever purchased an iPhone is using that recycling program.

7.8 million "Apple devices"[0] in 2018 is a lot, but an average iPhone is far more likely to end up on a landfill. If it were easy to extract the battery, that wouldn't be such a problem.

[0] They group them all together and I can't find any other metric: https://www.apple.com/newsroom/2019/04/apple-expands-global-...

Yes, but phones that Apple swaps out generally do get recycled.
Apple swindles, manipulates and mistreats developers to further their own ends.

It's perhaps less evil than the kind of wholesale data-farming the other big tech companies are engaged in, but it still doesn't make me like the idea of Apple ascendant.

And I was raised on Macs, giving Apple a heavy nostalgia bonus that they burned years ago.

Apple takes powers from developers hired by greedy companies and puts that power in the hands of the users.

You find that you're being strongarmed. As a oonsumer, I could not care less. Hell, I am thrilled that developers are being strongarmed when it comes to user privacy and security.

I'm not concerned with Apple refusing apps that do seamy things (though "seamy things" is more subjective than you might think, as Apple is well aware).

I am concerned with things like Apple's terms of service saying "If you put an app in the store, we reserve the right to copy it and ban yours."

They don't spell it out quite that clearly, but sections 14.4 and 11.2 of the developer guidelines make it clear enough (https://download.developer.apple.com/Documentation/ADP_Progr...).

Yes, there are more charitable interpretations possible, but Apple does have some history of cloning and killing off third party software, so I see no reason to apply the more charitable interpretation.

How is it evil? Apple is saying that their customers aren't yours to pillage. No developer is forced to write for the Apple platform. If a developer doesn't like the terms, there will always be another developer willing to fill the gap.

Who said the Windows/Android model is the morally correct one anyway?

As a customer I'm glad that Apple is providing a truly different alternative.

I guess I was not especially clear, so my apologies for that.

I'm not scared of this anonymous signin feature, per se.

I'm scared of the sheer amount of power Apple has, and that they can abuse it to force third parties into compliance with what they think software should be.

That's what I was saying I found terrifying.

I’m tired of gmail and hotmail forcing me to sign up using my personal cell phone number. Finally I can create throwaway emails without resorting to gmail!
My first thought was: Bye bye mailinator.com
I use mailinator to have some privacy from my email provider.
As if everybody uses Apple.
what is the need to have such a knee jerk reply? Seriously, why would you say something like that?

My comment meant: "Bye bye " for me. As in: I'm not using it anymore.

I don't get you man.

I'm not the commenter. But taken at face value, your comment could be either bye bye mailinator.com (I'm not using you anymore) or bye bye mailinator.com (no one is going to use you anymore). Fwiw, I thought you meant the latter until I read your reply.
Thank you. I can see that. But if anyone really is curious about the meaning and needs clarification, I believe it’s best to ask.
I would have never thought you meant the former. I believe it’s better to be more clear and evident in your writing.
The knee jerk comment is yours. 'Bye Bye Mailinator' is too short to convey anything useful other than the general case, that you believe that you or those that use Apple will defect from Mailinator in droves. The typical use case for Mailinator and the overlap between the Apple eco-system as well as the fact that they specialize in this and that for Apple it is 'just another feature' makes me question whether or not you have thought through the ambiguity in your comment, by taking the most probably meaning and responding to that you have a chance to clarify your position.
> My first thought was: Bye bye mailinator.com

Mailinator can be pretty hard to use, since so many sites can detect the addresses and block their use.

I've pretty much given up on it, and use Fastmail's very easy aliasing features with my domain. It's not quite as private, but it's a lot more reliable.

If I recall correctly, mailinator lets you host your own DNS record that sends mail to them. While I have never had any problems, back in the day I had nospam.jrock.us forward to mailinator and that worked every time.

The truly clever programmer could open an SMTP session to the mail exchangers specified in your email address, and reject you because they point to mailinator. I know of 0 programmers in the world that have written this code. I think you could ask the vast majority of programmers that work with email addresses and dark patterns to do this, and they wouldn't even know how. So you're probably pretty safe.

I use mailinator all the time and I have never had a problem, however, which is why I don't even have the MX records to host my own anymore.

> If I recall correctly, mailinator lets you host your own DNS record that sends mail to them.

While I'm sure that works. The main reason I'd use mailinator is for privacy (i.e. not exposing anything associated to me). If I have to use my domain, rather than their free ones, I'm still identifying my domain, so I might as well use my own aliases with my own mail system.

Domains are cheap, and mailinator really ought to register and discard a bunch of $1 specials on a regular basis.

In case anyone needs something similar today: Outlook already allows you to create ephemeral top-level aliases, i.e. XXXX@outlook.com. You can use this to sign up, then delete the alias. It can't be traced back to your account and nobody blocks @outlook.com.

https://account.live.com/names/Manage

(not to take away from this announcement at all; just to provide some context. it's an often overlooked feature which people here might appreciate.)

I switched to Outlook because of this.

I also like how you can set it so only a specific email can login. That way if your alias is compromised, your account won’t be.

Microsoft's email management has some neat perks here: You can change which one's the primary as well. It's entirely possible for you to change the email address of your Microsoft account, by adding an alias, making it primary, and then deleting the original. In fairness, there are some quirks with this, my old email address would still get sent some receipts or some newsletters because the configuration for service A, B, or C was buried somewhere else in the account. But generally speaking, it works pretty well.

As someone who changed their name but had to keep their Google account with the old one because of how much Google account data/purchases can't be moved to a new account, this felt positively revolutionary. Google accounts can only have one Gmail address for their entire lifetime.

Apple also lets you do this with your Me/iCloud address as well.
I dont think thats quite the same thing as an Identity Service, its just a component. In Microsoft's world im either using my Microsoft Account to sign in OR using throwaway email addresses, not both.

.

Apple can get way ahead of the competition by combining about 3 things.

1) Ephemeral email addresses

2) OAuth or apples equivalent tokens

3) Keychain autogenerate and auto-populate

If all those products are integrated correctly, this becomes the SINGLE sign on of single sign ons. If a service supports Apple OAuth, your name is hidden, and you only have one Apple password to remember. If the service doesnt support Apple Tokens, then apple fills in a private email address and a random password, and abstracts away the fact that the service doesnt support Apple Tokens. The user experience is nearly the same regardless. Tokens and randomly generated passwords should be managed from the same interface, allowing you to either revoke access (token) or cycle the key (both.)

I've felt it for a while, but the banking industry needs to arrive at something similar. Chase, BoA, WF, and Citi should turn Zelle into a banking OAuth Identity Service.

Why do users need to have a 3rd party managing their identity? It seems like it would be _safer_ if users could setup their own OAuth infra which would then be certified for use with other systems. For people who lack the expertise or will to roll their own infra then they can use something like Apple ID.
How many people do you know running Mastodon nodes instead of using twitter or facebook?

>For people who lack the expertise or will to roll their own infra then they can use something like Apple ID.

SO 99.9% of the population. It's a nice sentiment, but for what apple is doing to work (random username generation, and identity obfuscation) the only way for it to work is strength in numbers, that the Apple userbase of people who will only use frictionless sign in, becomes too big to ignore, and to tempting too left uncourted.

>It seems like it would be _safer_

Im not sure I would say safer. Depending on millions of people to keep their software up to date hasnt historically worked super well for Windows and Wordpress. One central authority patching all its services and 24/7 devops sounds a lot safer than trusting millions of self hosted OAuth servers to be up to date and not compromised. What percent of people who have non-self-updating home routers, do you think go in regularly and press the update firmware button?

>It can't be traced back to your account...

I'm sure there's logging or other AD property (think something like sidHistory[0]) to keep track of this.

Companies don't like being liable for not being able to provide data under order[s].

[0] - https://docs.microsoft.com/en-us/windows/desktop/ADSchema/a-...

What liability is there for not providing data you don't have?
In some countries, it's fiscal liability - such as paying hefty fines. In others, that are not so friendly, the HR representative who receives/processes the legal request and/or whomever the country wishes to charge could very well land in jail[0].

In a choice between strictly maintaining your privacy and fines/jail time, most - if not all - companies will sell you down the river (if given a feasible chance that it doesn't entirely ruin them, say for example, if they weren't purely in the privacy trade) to save their own hide[s] (e.g.: see the whole PRISM scandal and its fall-out).

[0] - https://www.reuters.com/article/us-facebook-brazil-idUSKCN0W...

Sorry I meant by the service you're signing into, any of their 3rd party trackers, or in case of a data breach. This sets it apart from e.g. gmail's username+servicename@gmail.com, or a wildcard on a private domainname which only you ever use.
I'm so mad I missed the window where you were supposedly able to merge email accounts. If I want to merge existing separate accounts now I have to terminate the old account, wait like a 9 months/a year(??) for it to expire and be purged, and then add it as an alias, assuming MS doesn't hold the expired account name >:C
I've been trying for some time to explain to my friends and family how a unique email/password + 2FA strategy is the best thing to do and how it would allow them to cut one in case it gets leaked. I guess I will just tell everybody about "Sign in with Apple" now, it will be easier.
Will you also tell that to your Android or Windows using friends?
You can tell them it's a valuable category of service that they should want an analog of.
Family is easy, I made them switch to Apple years ago and things have been a breeze since. Most of my friends using Android are also working in IT and are already using disposable/forwarding emails AFAIK. And... to be honest, I don't have friends using Windows :D
Take a look at SAASPASS Authenticator & Password Manager. It might meet your criteria of usability and security.
It's only polite to disclose that it's your company when you flog it like that.
They also have pretty strict whitelisting requirements around who can send emails to these privacy addresses.

"In order to send email messages through the relay service to the users’ personal inboxes, you will need to register your outbound email domains. All registered domains must create Sender Policy Framework (SPF) DNS TXT records in order to transit Apple's private mail relay. You can register up to 10 domains and communication emails."

https://help.apple.com/developer-account/#/devf822fb8fc

Neat. It sounds like this extra step prevents a situation where, for example, a dev's server-side database gets hacked and the users' relay e-mail addresses are exposed.

The attacker wouldn't even be able to send e-mail messages to the users. He'd also need to compromise the registered domain's mailservers, or their DNS servers (to modify the SPF records), or their Apple dev account to add their own registered domain.

(comment deleted)
I was wondering why all the popular ‘private’ email services don't seem to have such a feature.
Apple is evolving and adapting in a way the rest of the industry can’t follow.

And, they have the money to do it.

For as long as Android has google ownership... they will never, ever be able to compete on the level of privacy that Apple is now buying into.

Totally agree. I set this up for myself to have a anything@mytrowawaydomain.com and it's great to see when folks sell your email :)

So far it's only happened once, actually, when Keen.io got bought by a PE firm, I got a bunch of spam, so they clearly sold off my email address.

It's a system that would be hard to operate as a "normal" person, so this is a great step.

As a former (pre-sale) Keen employee, this makes me sad. I'm very sorry.
No worries. I am at least glad the product is still alive. Despite being a competitor, there is a lot to admire about the offering. I am really bummed it didn't come out ahead of other competitors :)
Agreed, I think it’s the most important part of the demo today.
Does this require that every device you'd wish to use to sign into the service be an Apple device?

That is, if you're signing up for Netflix with this, would you be able to access your account from a Roku box?

I imagine you'd have to get the private email from your iPhone, similar to how 1Password works.
And it appears from the image that the private email would be a bear to type into another device.
Hopefully, more devices will move away from requiring you to type anything into the device to sign in.

Quite a few devices or apps on devices have already done so. Instead of having you enter the account ID and password directly, they give you a URL to visit that is something like https://<device-maker>.com/add-device, and show you a random code.

You go to the given URL in your normal browser on whatever device you normally use for web browsing, where you can login to your account at <device-maker> and enter the code the device gave you.

A few seconds later the device notices you've completed this, and you are then automatically signed in on that device.

This is a natural step that I’ve been waiting for for years. This can almost remove the need for password typing, as you don’t even need one to unlock the device anymore. Let’s hope Microsoft does the same, and integrates with apple’s solution. A lot of people are on iOS+Win10 for laptops.
Finally an excuse to delete my Facebook account completely. SSO was the only reason I was still using it.

I do wonder how many sites will actually implement it.

Why do you need SSO? Password managers make it easy to manage accounts.
PMs don't make it easy, they make it reliable and central. The default password generation usually doesn't work, and a web form doesn't capture everything, but I'm never clicking and guessing even when I haven't used an account in years.

But SSO wins on mobile, because the PM is clunky even with a custom keyboard. Even then, I keep a dummy entry in my PM just so I'm tracking it.

Mobile Dashlane and Lastpass work much better on Android, where the OS allows you to set default apps. If Apple deserves any antitrust spankings its for not allowing user control of protocol handlers and default programs.
iOS allows you to set your default password manager...
I thought that was just default AutoFill? It allows saving passwords to your password manager too?
You can create/generate & save new login on the fly from the sign-in screen. At least with 1Password. It's clunkier than I think is strictly necessary, but it is effective.
Is that through a keyboard? Can the browser pass what I type to 1pass?
Yep, works through the keyboard. Click on the login or password field, then it gives you a key icon to get into 1Password, where you are prompted to generate a password and provide a username. Then you tell it to autofill that into the form. A little clunky but effective.
But what you cant do, (because these are all work arounds to a proper "default password manager") is have 1pass capture what you typed into a page.

Apple gives preference to Keychain and gives it special ability. Which is what MSFT got in trouble for with IE embedded into windows.

It's new functionality I think, or at least I just recently realized I can set LastPass as the default password manager on iOS.
Bitwarden seems to work quite nicely as well but in addition to that Bitwarden is open-source.
I was going to mention it but I hadn't used it yet.
Isn't your reason not to use Facebook an even greater reason to not use their sso?
Didn't Facebook originally implemented something similar to this email obfuscator in their SSO, and later removed it?
"This domain is not allowed."
Is this a current issue you're having or your expected industry response?
yeah, and say goodbye to your app on app store and hundreds millions users.
While websites do blacklist temporary email providers like Mailinator, I think Apple has more power here; blocking the domain can be pegged as more of an anti-privacy move than blocking Mailinator, which is more anti-spam.
Google's + and . trick on a dummy-proof, invisible, consumer level. Nice!
Will this service be available on the web? I get the feeling that this will only be available on iOS, meaning that you lose access to all your accounts if you decide to switch to Android.
What's the incentive for apps to offer it? Now they don't get user data.
Convenience and access to Apple's user base who partake in the service. Those are the main reasons I used Google and Facebook sign-in on my website.
There are plenty of applications that don't actually care about the additional data they could arguably get from a Google/Facebook login, and only offer it because one click sign-up/login drives more signups.
In cases of a trustworthy third party, what is the concern of linking to Google/Facebook account compared to an Apple account that doesn't offer any data? I don't think I've seen any instances of Facebook integration credentials being hacked/stolen.
In reality, pretty much nothing (particularly since now, third parties basically only get name + email). The value is that some (small or large) number of potential users might not know or believe that and trust Apple more.
Ha, I can't imagine why I might trust Apple more than Facebook or Google. /s
They still get user data. They just can’t tie it to a real person outside the scope of their app.
That is what I meant by user data.
I develop apps myself and I am 100% onboard with using this instead of offering the signup with google or facebook buttons. I might even push users slightly to use this instead of others as it give my apps a bit of extra trust worthiness imo.
I can already see devs implementing things such as `if email domain ends in privaterelay.appleid.com reject the email address and ask for a "real" one`, like what already exists for yopmail and others.
The difference is Apple is too big of a player to ignore.
But now they block "normal users", not nerds. And there are many of normal users.

I'm not sure if they could sustain such a policy.

Such a dev would likely just not implement "Sign in with Apple".

This is for the devs that specifically want the minimal-friction sign-in.

Some screenshots display that it also works on the web, I'd love to find out how exactly but I ain't buying an Apple device and a developer license for that.
The difference here is that Apple can reject apps that do this from the App Store.
Some sites now seem to check whether an address is valid from some database or heuristic, because a random email with a valid domain is still rejected.
There is definitely a phenomenon of checking for prohibited email domains. However, absent extra-functional motivations like user data collection, smart developers don't bother with heuristics for email addresses much beyond the presence of an '@' character.

If you want to know if a purported email address is deliverable, try to deliver email to it.

This is awesome news for developers ! They should have done this years ago.
Can’t services just disallow/block this address?

Fun thing is, Apple themselves block name+addon@gmail.com addresses when using their dev console. You can bet that some companies will disallow Apple’s signature private passwords similarly if they can, in the name of ‘security’ or what have you.

Or am I being too cynical? Feel free to CMV.

EDIT: best response addressing this seems to be ‘The addresses are only generated from the "Sign In With Apple" workflow that a developer has to enable in the first place’

No, you're clearly correct. But Apple pushing this does give it a sense of legitimacy and blocking signups from this service might just cause less signups than actually forcing people to use their real address.

If Apple makes this extremely user friendly and quick to use than blocking it will cause a loss of signups.

Devils advocate:

‘Error: We love Apple and anonymity but we require a real email address to prevent fraud and to properly secure your account. Please enter your real email address.’

Then you get kicked out of the App Store.

(potentially)

This sounds like a way to get your app rejected for abusing APIs.
In an app I agree. On a website signup however..?
It would work roughly the same way. Integrating an OAuth provider like this requires registering an application with revokable ClientIDs, so Apple can technically pull them just as easily as they can pull Apps.

(It remains to be seen if they'll put in the legwork to actually police these things, though)

This is going to be a tough sell to your marketing dept I think.
Is it though? Think about zuckerberg's "dumb fucks" quote.
It's usually the marketing department asking for e-mail addresses in the first place.
Presumably Apple won't let just anyone put the "Sign in With Apple" button on their website, or will at least have a method of blocking bad actors.
> ‘Error: We love Apple and anonymity but we require a real email address to prevent fraud and to properly secure your account. Please enter your real email address.’

GDPR would probably want to know specifically why you need someone's real email address.

Yes. Back when Google+ oauth launched, "sharing user identity info" was the carrot that incentivized developers to build the integration. Otherwise, devs preferred Facebook so they could get user info.
Presumably such services won't implement Sign In With Apple in the first place. People will accept it because they want the sheer quantity of users Apple provides.

The useful thing about Apple is that they can force people to do things they don't particularly want to do, like accept anonymous e-mail addresses or stop using Flash. (unfortunately this is also the bad thing about Apple)

One other thing that seems powerful is that users that use Sign In With Apple have some guarantee of quality; with Apple using FaceId to authenticate, there's some amount of guarantee that you're not a bot.
I think this is something that people are missing when they suggest services will just block the Apple relay address.

Of course they wont. They still want the business and as you've pointed out, these accounts will be in a different customer engagement category. They are almost certainly real people and they a lot of value to marketers, even is you don't have all of their other personal details.

Since when do Apple IDs require 3-D cameras to log in to? Mine only needs a password. I don't think my MacBook even does 3D face recognition.
"[Sign In with Apple] will be required as an option for users in apps that support third-party sign-in when it is commercially available later this year." https://developer.apple.com/news/?id=06032019j
(comment deleted)
Sign in, but not sign up? I guess some apps will not allow accounts to be created through the iOS app. Much like netflix stopped allowing sign up on iOS [https://gadgets.ndtv.com/entertainment/news/netflix-ios-app-...]

There by, when apple passes a XXXXXXX@privaterelay.appleid.com address back, it won't match the existing account's email address = Sorry, matching account not found ?

Or they already rely on FB login and are now _obligated_ by Apple to implement this feature. I work for a company that has allowed people to create accounts with FB login (meaning we don’t have an internal password associated with them). This change would ostensibly require us to also allow Apple Sign In _even if we don’t want to_ just to continue to service existing users.

There really isn’t much choice here for us. Leave Apple / iOS? Abandon FB login and piss off thousands of people? Implement Apple Sign In regardless of its tech stack / requirements?

As someone who also run a service where the only login option is using Facebook, I'm curious about how you regard the negative press regarding Facebook, the recommendations to leave Facebook, and the many users who is sceptic to or has already left Facebook.

Do you have any plans to adopt any other login provider? I would really like to, but other than email/password, I'm not really sure what would be a good alternative, and I'd really like not having any personal information stored at all - email addresses included.

We let people create a username/password but can also use FB if they prefer. Turns out having their email is nice; we need to send them notices and reminders from time-to-time.

I’m not a FB fan. I post on social media maybe twice a year. As an advertiser I don’t trust the numbers they report. None of my criticisms of Apple in this decision should be interpreted as pro-FB. I just have a very strong distaste for Apple deciding that they get to decide how we run our apps.

They have to mandate usage because it’s the only way devs will do it. And it seems like a fine enough product for Apple-only hardware. But when you get to supporting multiple connected devices it falls apart. Are they going to support this for PCs? What about on the Roku? How will anyone who uses Apple Sign In on the iPhone log in anywhere else?

Thank you for the reply! I think I've landed on implementing a local login strategy as well.
Companies could absolutely disallow / block it.

However they most likely won't for the same reason that people who are upset about Apple's 30% App Store cut still develop apps for iOS: they have their customers spend far more on average than other phone / OS users.

So a company would put a sign in with Apple button in their app, but disallow you from using it?
The addresses are only generated from the "Sign In With Apple" workflow that a developer has to enable in the first place, so it wouldn't make any sense to do that and then reject the addresses.
Sure, they really could. But for me, it could be a reason to pick Lyft over Uber for example. I hope they add support to the App Store description, that would really help filter apps.
But in return for that, the services that choose to employ this will get a soft guarantee that the person signing up is unique/real. Its a way to get real-name/real-id with some amount of privacy.
Apple IDs cannot guarantee a real or unique user - users can have multiple accounts (some users will create a second account by mistake, others have a separate work account, etc), users can share accounts (especially ones tied to generic email addresses), and there are people selling app store reviews, so some bad actors definitely have a lot of accounts.
Thanks for your comment. I used the word soft guarantee, which is meant to encapsulate those caveats. Maybe I should have used a better term since I guess people were confused as to what it meant.
Facebook is trending downwards and privacy concerns with Google are trending up.

Critical mass might be achieved where if you don't include Apple Sign-In you might lose more users than whatever benefit you see from having more identifiable personal information.

It will be a battle of public relation.

If Apple users use Apple Sign-In en masse then any services which blocks it will face harsh negative publicity. If enough people use it then services will have no choice but to acquiesce.

They surely can do whatever they want, they can definitely choose to deny service to users that are traditionally high spenders and limit the fake accounts to professional scammers that use account farms from Asia.
Is that block a recent thing? It might be different as for my on GSuite account I can add the name+addon@mydomain.com - it might just be a difference between the "public" Gmail system vs the Gsuite Gmail system. In which case, my question is completely invalid and feel free to ignore ;)

Note: This comes from my own developer account having 3 name+addon@ accounts live, and working with things like ApplePay etc for testing.

Developer with a name+addon@gmail.com Apple ID here. No idea what OP is talking about, I was able to generate my Apple ID and sign up for the dev console no problem.
Apple now strips the +... part when you create an ID. So if name@gmail.com is already in use, name+addon@gmail.com will be refused with the message that name@gmail.com is already an Apple ID.
My Apple ID is email+something@gmail.com and it works.
they can block it but when you have 90million people using it, why would you?
I loved the concepts! Cannot wait to see the site with the SDKs and all.
Someone who is not apple should do this and charge for it. I'd pay $10 for something like that
You would pay, but no one would build a company for the $1M total revenue this would bring in
Don't Fastmail aliases already work the same way?

That's $5 a month for 600 private email addresses, which (for me at least) is more than enough to cover all of the services I use.

Unless they're easier to re-associate with your main account for some technical reason I'm not aware of?

check out maskmail.net it's basically the same thing
How long until sites start blocking the cloaked addresses? (although of course Apple can just churn those address patterns)
I'd like to have something similar for actual physical mailing addresses, perhaps UPS or Fedex could offer this.
Shyp tried to do this ~4 years ago. Very challenging problem.
My local UPS office in NY can accept packages on my behalf for a very small sum of money. Do you mean something more extensive than that?
What is forcing the sites that I'd want to use a fake email address with to use this? It wouldn't be in their interest to. They will just stick with their current SSO setup of Google/Facebook/whatever and never touch this, if they have SSO at all. I LOVE LOVE LOVE the idea, I just don't know if it will be useful and successful.
Nothing is forcing them to, and lots probably won't. The carrot is the much lower friction for sign up for users. It's similar to Apple Pay, where you don't get credit card info, but you do get a much easier user flow that will get you more signups.
But will it be lower friction than login with Google or Facebook? It feels like it's more common for someone to have an account from one of those two than from Apple, and so "sign on with Apple" will never be able to be the only SSO option, while Google or Facebook could be.

If the better (for the site) SSO options also have near-universal market penetration, what's the incentive to add Apple?

I would venture a guess that apple/icloud accounts are the highest % account type amongst iPhone holders. All sorts of people have reasons for not having gmail / facebook / etc., but apple account setup is pretty prominent in device setup.
Sure, it might be the highest % among iPhone holders - but for a website, what portion of your users are going to be iPhone holders, and what portion of the Windows/Android crowd have Apple accounts?
You don't have to implement it to the exclusion of other methods. There are plenty of merchants on the web with Apple Pay and also Paypal, straight up credit card numbers, etc.
Of course you don't have to implement it to the exclusion of all others! But let's suppose that, say, 65% of users have a Google account, 75% have a Facebook account, and 40% have an Apple account - and the circles overlap such that adding Apple adds 10% to the total coverage. Now, if everyone who has an Apple account prefers it, and users with an Apple login yield 30% less revenue... gaining that extra 10% of users costs you revenue, because for every user you gained at 70%, three existing users cut their revenue by 30%.
It's lower friction in that instead of having to click through an OAuth screen (and possibly re-enter your Google password), you just auth with FaceID/TouchID. And if you're writing an iOS app, then obviously the user has an Apple account.
I'm on Android, so I don't know how it works on iOS devices, but is reentering the Google credentials common? On my Android phone I doubt I had to enter my password more than 5 times in 2 years.

And the OAuth screen would be required anyway, as they have also shown on stage.

Some apps don't open the "sign in with Google"(/facebook) popup correctly and so cookies end up not being enabled for that browser session, so users need to re-enter their google credentials.

This is being fixed over time with proper implementation.

I frequently have to re-enter my Google credentials on the web on Google properties. I assume Android is storing those deeper in the OS, like Apple is storing your Apple credentials.
This is the ultimate way to manage your incoming email - I’ll be filtering everything based on the `to:` address when this rolls out and my life will be wonderful again
So this is only for mac/iphone users? That's not a large enough segment to warrant adding a sign in option for most sites. Would be nice if Mozilla had done something similar with Persona.
Something like 58% of site visits are from mobile browsers, and mobile Safari makes up over half of all mobile browsers. Of course, your mileage may vary, but that's a pretty large segment.
So its like 25% of Americans and much less everyone else. Plus you will be at the mercy of apple if they decide to remove your app, plus if you need an actual usable email, you have to ask for a second email. Sounds a bit confusing, they shouldnt have tied this to email address.
Maybe I'm cynical, but this looks more like a data hording scheme than a protect my privacy enhancement. If I use Google to sign in, Google and the app has that data and can monetize it.

Now if I sign in using Apple, they are going to have the data to monetize. They may keep the app from getting my information, but that means that their data is better than someone else's data, so it is more valuable. Also, they are getting app usage statistics that I may have opted out of at the OS level, but they now have due to having the sign in history.

Who do you trust more _not_ to do sketchy stuff with your data, Apple or Google? For me it's unequivocally Apple.
Problem is, today I agree, 10 years ago it would've been a tossup, and 5 years from now, who knows? These "trusted central broker" privacy models are nicer than giving your info to dozens of individual actors (when you trust that central broker more than anyone else), but they also become a single point of attack/failure.
You will never be able to know the future, you can only make decisions based on information available now.
My point is some of the information available now is that historically, companies that respect your privacy today might not tomorrow. And might only be respecting your privacy to get a monopoly on your data so they can exploit it later.
Difference is you can visibly see how Apple makes money.

It's exclusively from premium hardware and services. And not from advertising or monetising your data.

And you can visibly see that quickly disappearing. How are people not able to see past the now like this?
(comment deleted)
That change is likely because Google regressed and Apple progressed along this axis. Now project forward.
The company that did not deliberately remove the phrase "Don't be evil" from their values.
How could they if they never had it in the first place? ;)
Neither would be the only sane choice. Multinational corporations will always screw individual customers for profit.

And the issue with trusting any entity with data isn't really what it will do with it today. The bigger problem is what the entity will do with it tomorrow - under new leadership.

It might also be interesting to know that Apple is also in the business of selling "relevant adds". Its a tiny amount if compared to Google, but gives them the same incentives if the platform ever became the most used one around the globe. That danger is basically nonexistent considering the pricing of Apple devices but makes most claims of apples trustworthiness pretty hollow.

Some of Apple's services use end-to-end encryption. That makes them better from a privacy angle than Google for example... But still... Don't trust multinational corporations. That can never end well

The question was not "who do you trust", but "who do you trust more".

Given that Google's business model depends on data sharing whereas Apple has made privacy one of their core features, I think the answer has to be Apple, even if you don't trust them entirely.

Apple has a longer list of lies and unethical events than Google.

"No our antenna and keyboards don't break, that's the users fault."

> The question was not "who do you trust", but "who do you trust more".

The question doesn't _need_ to be "who do you trust more". (I know that I'm mostly repeating the parents points).

I don't want a Google login.

I don't want a Apple login.

I don't want a Facebok login.

I want a good old email/username login!

> I want a good old email/username login!

Absolutely. One would still be able to do that (Apple's providing SSO here, not enforcing any guidelines, as of today). Though, I'm happy that friends and family would be able to choose anonymous per-app email-ids on the fly and still be able to SSO.

So you trust your password manager and perhaps whatever system encrypts your password manager data to share it across devices?
They care for privacy only for people who are willing to pay their high prices though.
Are you implying that Apple should care about the privacy of people who are not their customers?

How would that work?

op mentioned apple core is privacy. i implies that they care it only for their high end customers. They could anytime do a low end mobile if privacy was their core. Their core is like any other business get maximum profits.
Apple's premium price is exactly what allows them to focus on privacy.

Google/Facebook/etc. are able to offer you cheap products and services because they're selling your privacy to the highest bidder.

Apple is not doing this (because they care about privacy), so they need to charge a much higher price for similar products.

This is somewhat of a chicken and egg problem (did Apple care about privacy and charge a premium price, or did charging a premium price allow them to start caring about privacy?), but that's arguably not important. What's important is that Apple cares about privacy when their competitors do not.

If Apple cared about privacy they would have left China instead of giving up it's iCloud key.

They are focusing on it because of business sense. To upsell people who are able to buy those expensive devices otherwise all devices are now more or less can do the work.

Apple can easily lower their price to match android. They do have insane profits. But I don't see they care about lower class people.

If "business sense" causes them to make business decisions which increase my privacy when I use their products, I don't care what the rational is.
For me, Apple.

Google isn't outwardly evil.

Apple being anti consumer and anti developer really show you who Apple works for.

Their shareholders?
Yes
What a coincidence, Google works for those people, too!
As does every company ever, as is their fiduciary duty.
Companies don't have fiduciary duties to their shareholders.
But Google cannot get away with screwing both customers and developers.

Apple doesn't seem to provide competition in the tech space that is pro consumer or pro developer.

Apple is pushing profit more than anyone else in tech.

> But Google cannot get away with screwing both customers and developers.

But with google we're the product and not the customers. They are a spyware company and don't deserve any trust whatsoever.

I think you meant 'For me, Google'.
Google, the company who makes Chrome? The Chrome that will soon prevent me from using an ad blocker?
Can we stop being hyperbolic please? If not blocking ads in a very specific way is what it takes to be counted as "evil", that word has officially lost all meaning.
How about 'neither of them'? Trusting Google with your data is like trusting a fox with guarding your hen house, trusting Apple with your data is trusting a fox which claims it turned vegetarian.

Run your own mail server and you'll have all the addresses you care to use, using any scheme you might think off. I've been doing this for decades now and it just plain works. A day or so to get the thing setup, 8 hours of maintenance per year and you're done. Use Google-free Android devices in your pocket, Linux or *BSD on your lap and in the server/broom cupboard and those foxes can claim to be vegans for all I care.

Where do you host your mail server? I've been running my own for years on Rackspace, and it works great, except they recently started adding on a $5/month support fee that old accounts like mine had been grandfathered out of. With that, and other price increases over the years, it now costs about twice what I originally paid.

I originally picked Rackspace over AWS because Rackspace's cheapest acceptable option was about the same price I had been paying for space on a shared hosting service, and that was about half of the cheapest viable AWS option.

But now it looks like AWS is quite a bit cheaper than Rackspace, and it is getting time to build a new server anyway [1], so it is time to consider alternatives.

One thing I'm concerned about is IP blacklists. Every time someone posts an article about setting up your own email server, there are comments about this being a pain because spammers will set up service on neighboring IP addresses, and you'll often get caught up when that gets the whole block blacklisted.

I've never had that problem at Rackspace. I don't know if spammers just don't use them for some reason, or if they are really good at kicking off spammers...but in the 7.5 years I've been doing this at Rackspace I don't think my outgoing mail has ever been caught in an IP-based blacklist (or had any other delivery problems, for that matter).

While I'd like to spend less than I'm spending now, it would not be worth the savings if it makes my mail unreliable.

[1] I'm on Debian 8, which is in the last year of long term support. I prefer to built a new server from scratch with the latest and move to it rather than trying an in place update across major distro versions.

The server sits in a special cupboard I made which has servers, a switch and storage on top, drying racks on the bottom. All the way in the bottom is a forced draft fan (meant for modern air-tight homes, low-power and -noise) which pulls the warm air from the top through the drying racks. All the way on top sits a large air filter. This keeps the equipment clean and relatively cool while using the waste heat to dry produce (now filled with mint leaves, later it will be used to dry apple, possibly some jerky, etc).

The whole is connected through our gigabit fiber to the outside with a possibility for a wireless backup connection should the fiber go down (which it hasn't thus far).

The hardware runs a combination of Debian stable with some unstable packages plus home-grown tools. I've done Debian upgrades on these servers for years, generally without much breakage. That is actually why I moved to Debian from Redhat which I used earlier (before the Fedora days) as upgrading RH was always a hit-and-miss experience compared to Debian.

So, in short: my own hardware on my own connection on my own premises, with off-site (and even out-of-country) backup in a reciprocal agreement: I run backups for my brother in the Netherlands and get to put my (encrypted) backups on his NAS.

I’m in exactly your position, and I wound up going with hetzner. Been happy with them so far, and they’re far cheaper than Rackspace.
Except Google is an advertising company and Apple is a consumer electronics and software company. Their objectives are different, and historically, Apple has been one of the most privacy-focused tech companies.

Not saying Apple can't use your data, but as far as auth providers go, I'd rank Apple higher than all the other Big Tech Cos.

Apple doesn't, to the best of my knowledge, monetize data, either through ads or selling it to third parties. I'd welcome a clarification if I'm wrong.
Only if you think Apple is lying.
they also have all your emails coming from that app
The difference is that one is a hardware company making services to sell devices; the other is an advertising company making services to get more data for ads. One of them can live without your data, the other cannot.
Companies already massive dislike fake/temporary emails. Go find a throwaway email service and you'll find many many websites blacklist them. I'll actually be angry if Apple succeeds, because it'll just mean I can only have private email address as an apple customer and not anywhere else. Many companies might make an exception for Apple, but not anyone else.
On the other hand, if Apple succeeds, this gives a clear route to push for other services that work the same way.
This is neither a fake nor a temporary email. It is unique, made specific by the combination of the user's appleid and the target app/website, and permanent in that it will remain the same. The ability of the user to automatically discard/block content sent to the email address doesn't change this, as it's no different other than (probably) more convenient than setting up a bunch of spam filter rules for those "services" that refuse to remove your address.
It says in the article that it's a 'unique, random address', so I don't know where you're getting the 'combination of the user's appleid and the target app/website' from. The purpose of the service is the same as other temporary email services, to anonymize signing up for services by providing a fake email.
Sounds like a good time to remind people about Telegram having a similar function for quite some time now. And just yesterday they announced a feature to simplify logging into web sites using TG bots: https://telegram.org/blog/privacy-discussions-web-bots

It might be a personal choice, but for stuff when privacy is really important I'd definitely pick Telegram over Apple, no matter how much the latter claims to keep me safe from three-letter agencies as well as marketers.

> I'd definitely pick Telegram over Apple

Why?

Works everywhere with the devices and OS you have like (or can afford): Android, Linux desktop, Mac, iOS, Windows and more.
Telegrams end to end encryption is locked to the two devices which started it, so it’s totally useless when you want it across devices.
How is this related to login?
For a start, I don't own, and don't want Apple devices.

Also, stories about FISA overreach, PRISM, the rest of the alphabet soup plus gag orders do not particularly inspire confidence.

then use signal. friends don't let friends use telegram. Signal gives you all of this without the snake oil that telegram is selling you.
You use pretty strong language and have your facts wrong (in the post above when you say chats are stored in plain text). What's your angle?

Also, we are discussing web login options here which afaik Signal doesn't support.

My angle is stopping folks using and recommending telegram. Where are my facts wrong?
Like I said, the chats are stored (or are claimed to be stored) in an encrypted form. But I think I understand why it may count as "stored unencrypted" in your eyes. Still, Signal won't cut it. It's too inconvenient to use, and while maybe it provides better security it's like a very strong password policy in a company that entices users to just write down passwords on Post-it notes.

I couldn't get my friends use Signal, it's not there yet in terms of user friendliness (hell, I wouldn't use it). But Telegram works for me, and I consider it a substantial improvement over Whatsapp. YMMV.

Signal requires a phone number. If anything, use Keybase, you'll also get good team handling, file sharing and bunch of other nice convinience features.
Telegram is unencrypted by default. All standard messages are stored on the server. Telegrams secret chat mode (end-to-end encryption) uses home made cryptography, and has been panned by experts in past. All group chat is in the clear and stored on the server. This is not the case with imessage. Comparing Telegram to iMessage, telegram is not in the same league as Apple. I don't trust either from TLA's or well funded adversaries.
> All standard messages are stored on the server.

It's a feature: history synchronization between different devices and fast search through hundreds of thousands of messages is, for most uses and users, more important than concerns that Telegram or nation-state level attackers (one capable of silently breaching Telegram infrastructure) would choose to read your chats.

Signal also does historical synchronization between devices. It bootstraps the history from another device. It also has search which can be done locally. Telegram is, by design, capable of being accessed by 3rd parties (beyond governments). iMessage is capable of being accessed by 3rd parties via iCloud backups, which is an opt-in situation.

Be aware, wechat sends every message with geolocation to the authorities in real time. It is more critical than ever that we be aware of the mechanisms in the systems we build and use -- else dystopia awaits.

It‘s not homemade crypto. It‘s just not the latest and greatest modern crypto but it has no glaring weakness.
Granted, there are no known weaknesses with their protocol -- however, Telegram leads the user to believe their conversations are encrypted, which, unless they opted in to secret chats (and this is not supported on desktop ), its all in the clear.

So if you are using it on desktop, all your messages belong to Telegram, and whomever they are sharing it with.

As has been pointed out before this should be plain wrong. Keys and messages are kept separate, in separate jurisdictions even.

This way Telegram can back up messages without dumping them to Googles servers like WhatsApp does by default.

[citation needed]..

But it’s absolutely homemade by math PhDs (not crypto specialists). And if you search for ‘telegram security’ you’ll find any number of articles pointing out a bunch of weaknesses. It’s also only half open source.

> half open source

Not just that. The official clients repos (specifically Android) lag several weeks, if not months, behind the apps, or at least they did at one point.

Though that doesn't matter much with not-quite-verifiable releases...

Plain wrong. It's not end-to-end encrypted by default, that's true. But all chats are encrypted with key portions distributed between different jurisdictions in case some country gets funny ideas.

Chat archives are stored encrypted, not in plain text. Please cite your sources if you claim otherwise.

The Telegram service has the capability to get the plain text of your chats, without any interaction with you.

I think that's what the parent wanted to say.

I think saying "chats are stored in plain text" is a reasonable way to convey that message and I think "plain wrong" is an overstatement.

> think saying "chats are stored in plain text" is a reasonable way to convey that message

If I keep your messages encrypted in my database and your keys on another unonnected database in another building, would it then be fair to say that I store your messages in plaintext?

No. They are encrypted. It is a matter of fact.

The word you are looking for is "not E2E encrypted" which can be a problem, but a different and smaller problem.

> and I think "plain wrong" is an overstatement.

No. It is a statement of a fact.

>If I keep your messages encrypted in my database and your keys on another unonnected database in another building, would it then be fair to say that I store your messages in plaintext?

If you can still access them, I don't think it is fair (or maybe rather: it is misleading) to say that you store them encrypted.

If you cannot trust me it doesn't matter.

If you trust me but are worried that someone else might break into the server it makes a huge difference.

Privacy BS. This is their way of tracking you around the web.
Why would they need to do this?
Gives them valuable insight on user priority & needs. One who has it controls the web. This is what Google has and Apple wants it too.

Only difference is Apple won’t sell it, just use it to refine its product service mix. Google/FB do both besides preempting/ buying emerging competitors.

Apple has never shown any inclination for doing this.
If they needed to do this, they already control the browser.