by giancarlostoro
14 subcomments
- If your website will block me out because I used a privacy friendly email, I want nothing to do with your website.
by jawiggins
6 subcomments
- > If you use iCloud+ and Hide My Email, there is still time to generate more aliases on @icloud.com as the change has not yet landed and the rate limit for creating aliases is at least 30 per hour.
Part of the reason to use Hide My Email was that it made keeping myself private hassle-free. Making a system to pre-generate values and then catalog them for later use is quite the hassle.
by danpalmer
6 subcomments
- Hide My Email is fundamentally broken in two major ways:
1. Services those emails are used with cannot unilaterally send email to them. They must pre-register how they will send email to them, which breaks services with third-party relationships such as online retail with payment processors or shipping companies.
Users don't like not receiving shipping notifications, and users don't like not seeing invoices or at worst missing bills and going into debt because the payment processor can't contact them.
2. Users signing up for services struggle to re-use accounts. If the account is identified by email, as most are, figuring out the private email used when you signed up on your iPhone, when you later try to sign in on the web, basically impossible for your average user. Users end up with mulitple accounts, likely one on their real email anyway, and it's a support nightmare for both the user and the service provider.
Does this increase user privacy? Yes. Does it increase user control? Sure I guess. But it does so at the cost of basic UX and service expectations, and likely makes the overall experience and control worse for users in many cases.
So why is this change being made? My take is that it's so that it's easier for services to exclude Hide My Email sign-ups. That way the bad UX is gone, and the service provider looks like the bad guy rather than Apple.
by jonotime
10 subcomments
- Pro tip for doing something like this without apple. Buy or get a cheap domain name. Create a subdomain on it and have it catch and forward all messages to you when sent to that sub. For example:
nytimes@mailsub.example.com -> jono@gmail
anything-else@mailsub.example.com -> jono@gmail
You dont even need to materialize aliases at all.
by mortenjorck
3 subcomments
- > Long story short: now both Sign in with Apple and Hide My Email aliases are going to be issued on the @private.icloud.com subdomain. This makes it much easier to ban all aliases without affecting non-relay mailboxes on iCloud mail.
Could someone clarify why having Sign in with Apple and Hide My Email on the same domain would make a blanket ban easier rather than harder? What am I missing?
- I highly recommend either SimpleLogin or Fastmail aliases. The latter are superior because they can be used to reply directly to any received email without needing to set up reverse aliases.
When you own your own domain, the switching cost between providers is small. You can make a dedicated domain just for aliases
Both SimpleLogin and Fastmail have excellent integration with password managers as well
by frollogaston
1 subcomments
- "Useless" is a leap. The kind of site that would block private relay emails is the kind that was already getting my burner anyway. The private relay is for sites I want to hear from, but also want a failsafe in case they're hacked later.
- For me personally, Hide My Email is binding me to the Apple ecosystem more than iMessage (but I'm European).
by Cider9986
2 subcomments
- Determined sites could already easily do this. Just detect the patterns used. I agree it's a useless change though.
heave_balks_0g@icloud.com
It shouldn't matter for the sign in with apple because sites are already expressly supporting that.
Email aliasing is hard because you want privacy from a herd of users, but then you're locked into that ecosystem versus a domain you control has no herd, but the upside is no lock-in.
- I use Proton aliases everywhere...Well not everywhere, there are indeed quite some places that don't accept a passmail.net address... So I can imagine this becoming a useless feature, at least on some sites.
Btw I only use these aliases for sites where I don't mind loosing the login, otherwise it would the mother of all lock-ins... Would have been nice if I could opt for aliases on my own (secondary?) domain... At least then I could still move them (using wildcards or some exported list).
by trollbridge
1 subcomments
- In the flip side, someone who blocks private.iCloud.com will block the ability to do SSO with Apple, thereby cutting themselves off from Apple’s ecosystem.
by frollogaston
3 subcomments
- Maybe they've started seeing sites ban @icloud.com addresses
- Almost all of my iCloud relayed addresses are already @privaterelay.appleid.com, and they've been working perfectly. So I don't expect this to change any time soon.
- I would bet that doing so would be a pretty quick way to have your app pulled.
They already require that you use Sign in with Apple, I would think that it working fully is also a requirement?
by elcombato
2 subcomments
- The rate limit seems to be 20/hour and not 30/hour as mentioned in the article.
- I have a cron script which configures a today-only email address in Postfix.
Mail sent to t20260617@foon.uk will reach me, but only for today.
So, any time I'm giving away my email address against my will, which is most of the time, they get to spam me for exactly one day.
- I guess I'll go back to mailinator. That thing has 100s of aliases by the way for some that don't use that yet. Great service. Not guaranteed private really so don't depend on it for that. (Though if you use a strong has for a hash@mailinator.com address, is it pretty secure for "email purposes"?)
- I guess I don't understand the concern... what does it matter if a different domain is used for Sign in with Apple and Hide My Email?
- It is limited to around 600 addresses, it’s already useless.
- This is a big downer for me, I have started using Hide My Email religiously.
- Okay but banning private relay emails would also mean your site is blocking Apple sign in?
- I wonder if the existing hidden emails I already have in iCloud will be changed over too. If that's not the case, I'm just going to use one of the 50 throwaway addresses I already have.
- I pay for Fastmail just for masked email and its integration with 1Password.
- Fastmail still generates theirs with @fastmail.com. And 1Password has an integration with them to quickly generate an address when creating a new account somewhere.
- How is that different from “privaterelay.apple” that has been used?
- This is so dumb. They randomly generate them anyways it’s not like they are likely to collide with other users. They should allow you to use your own domain for private relay but it doesn’t let them build a moat so they wont
by smth-smth-ai
0 subcomment
- simplelogin from Proton works great, can recommend; for Uber I generate uber.random-word@simplelogin.com, for Slack slack.random-word etc to easily see who leaked my email
- Where do I sign to show my opposition to this change? Hide My Email has been essential to keep my digital life protected from abusive mail lists and frankly one of the features that make me associate icloud with a premium service
by kylehotchkiss
0 subcomment
- Did Hide My Email addresses cause problems for deliverability for actual emails/users on iCloud?
- Emailfake.com
Fastmail also has wonderful random email functionality you can link up to your Bitwarden client or use the Fastmail API.
- Just use fastmail
- Urgh, that's a huge downgrade. What a shame.
by risyachka
3 subcomments
- Shameless plug - I created a chrome extension that allows to create unique email addresses that forward to your real inbox. It uses Cloudflare email routing, simplifies creating/labeling of new addresses and keeping track of them. Always 1 click away.
The addresses are pre-allocated and recycled when deleted so creating a new one is faster that with Apple's hide my mail.
https://github.com/webmonch/hide-my-mail-cloudflare
by doctorpangloss
2 subcomments
- email isn't really a decentralized system at all. Google, Microsoft and Amazon own e-mail delivery. Perhaps Google ads customers complained that they could not correlated private @icloud addresses, and we are now witnessing the consequences. What Apple got in exchange from Google, I don't know, I'm sure it is related to their Siri deal.
- Oh fuck. I love Hide My Email and it's been the best feature about iCloud ever since it came out.
It's actually useful compared to Gmail's useless "yourrealaddress+alais" that gives away your actual email anyway, and it helped me catch quite a few spammers/data sellers.
Hide My Email addresses already have a peculiar format that others could guess, and some do block those, and there's no reason to add a blatant "private." tag.
This is a win for privacy-intruders, not users, just like Apple's iCloud Keychain API that has allowed Facebook, TikTok etc. to secretly track users across multiple devices and device reinstalls for years.
- [flagged]
Hacker News