> Long story short: now both Sign in with Apple and Hide My Email aliases are going to be issued on the @private.icloud.com subdomain. This makes it much easier to ban all aliases without affecting non-relay mailboxes on iCloud mail.
Could someone clarify why having Sign in with Apple and Hide My Email on the same domain would make a blanket ban easier rather than harder? What am I missing?
> If you use iCloud+ and Hide My Email, there is still time to generate more aliases on @icloud.com as the change has not yet landed and the rate limit for creating aliases is at least 30 per hour.
Part of the reason to use Hide My Email was that it made keeping myself private hassle-free. Making a system to pre-generate values and then catalog them for later use is quite the hassle.
I pay for the bundle, but HME was never hassle-free. I would say that it works on ~40% of form fields. Most of the time I never get the prompt from HME.
It’s also might obnoxious if you ever need to remove an email from that list (or, gods forbid, mass clean the list).
But okay, this update is even worse. I might just stop paying for the iCloud+ whatchamacallit and backup to my Mac like I used to.
Shameless plug - I created a chrome extension that allows to create unique email addresses that forward to your real inbox. It uses Cloudflare email routing, simplifies creating/labeling of new addresses and keeping track of them. Always 1 click away.
The addresses are pre-allocated and recycled when deleted so creating a new one is faster that with Apple's hide my mail.
email isn't really a decentralized system at all. Google, Microsoft and Amazon own e-mail delivery. Perhaps Google ads customers complained that they could not correlated private @icloud addresses, and we are now witnessing the consequences. What Apple got in exchange from Google, I don't know, I'm sure it is related to their Siri deal.
Oh fuck. I love Hide My Email and it's been the best feature about iCloud ever since it came out.
It's actually useful compared to Gmail's useless "yourrealaddress+alais" that gives away your actual email anyway, and it helped me catch quite a few spammers/data sellers.
Hide My Email addresses already have a peculiar format that others could guess, and some do block those, and there's no reason to add a blatant "private." tag.
This is a win for privacy-intruders, not users, just like Apple's iCloud Keychain API that has allowed Facebook, TikTok etc. to secretly track users across multiple devices and device reinstalls for years.
Determined sites could already easily do this. Just detect the patterns used. I agree it's a useless change though.
heave_balks_0g@icloud.com
It shouldn't matter for the sign in with apple because sites are already expressly supporting that.
Email aliasing is hard because you want privacy from a herd of users, but then you're locked into that ecosystem versus a domain you control has no herd, but the upside is no lock-in.
Where do I sign to show my opposition to this change? Hide My Email has been essential to keep my digital life protected from abusive mail lists and frankly one of the features that make me associate icloud with a premium service
Like yes that, but also. Why would I want to hide my email from someone but not from Apple? And why can’t I turn it off and choose not to hide my email? This is one of my top Apple ‘features’ that would make me migrate away, if not for android being similarly awful
simplelogin from Proton works great, can recommend; for Uber I generate uber.random-word@simplelogin.com, for Slack slack.random-word etc to easily see who leaked my email
Pro tip for doing something like this without apple. Buy or get a cheap domain name. Create a subdomain on it and have it catch and forward all messages to you when sent to that sub. For example:
In the flip side, someone who blocks private.iCloud.com will block the ability to do SSO with Apple, thereby cutting themselves off from Apple’s ecosystem.
Almost all of my iCloud relayed addresses are already @privaterelay.appleid.com, and they've been working perfectly. So I don't expect this to change any time soon.
I use Proton aliases everywhere...Well not everywhere, there are indeed quite some places that don't accept a passmail.net address... So I can imagine this becoming a useless feature, at least on some sites.
Btw I only use these aliases for sites where I don't mind loosing the login, otherwise it would the mother of all lock-ins... Would have been nice if I could opt for aliases on my own (secondary?) domain... At least then I could still move them (using wildcards or some exported list).
44 comments
[ 2.7 ms ] story [ 46.0 ms ] threadCould someone clarify why having Sign in with Apple and Hide My Email on the same domain would make a blanket ban easier rather than harder? What am I missing?
They already require that you use Sign in with Apple, I would think that it working fully is also a requirement?
Part of the reason to use Hide My Email was that it made keeping myself private hassle-free. Making a system to pre-generate values and then catalog them for later use is quite the hassle.
It’s also might obnoxious if you ever need to remove an email from that list (or, gods forbid, mass clean the list).
But okay, this update is even worse. I might just stop paying for the iCloud+ whatchamacallit and backup to my Mac like I used to.
The addresses are pre-allocated and recycled when deleted so creating a new one is faster that with Apple's hide my mail.
https://github.com/webmonch/hide-my-mail-cloudflare
It's actually useful compared to Gmail's useless "yourrealaddress+alais" that gives away your actual email anyway, and it helped me catch quite a few spammers/data sellers.
Hide My Email addresses already have a peculiar format that others could guess, and some do block those, and there's no reason to add a blatant "private." tag.
This is a win for privacy-intruders, not users, just like Apple's iCloud Keychain API that has allowed Facebook, TikTok etc. to secretly track users across multiple devices and device reinstalls for years.
heave_balks_0g@icloud.com
It shouldn't matter for the sign in with apple because sites are already expressly supporting that.
Email aliasing is hard because you want privacy from a herd of users, but then you're locked into that ecosystem versus a domain you control has no herd, but the upside is no lock-in.
Fastmail also has wonderful random email functionality you can link up to your Bitwarden client or use the Fastmail API.
nytimes@mailsub.example.com -> jono@gmail
anything-else@mailsub.example.com -> jono@gmail
You dont even need to materialize aliases at all.
Btw I only use these aliases for sites where I don't mind loosing the login, otherwise it would the mother of all lock-ins... Would have been nice if I could opt for aliases on my own (secondary?) domain... At least then I could still move them (using wildcards or some exported list).