> If you use iCloud+ and Hide My Email, there is still time to generate more aliases on @icloud.com as the change has not yet landed and the rate limit for creating aliases is at least 30 per hour.

Part of the reason to use Hide My Email was that it made keeping myself private hassle-free. Making a system to pre-generate values and then catalog them for later use is quite the hassle.

Yep, but I still generated some for myself just in case and fellow hackers can do the same if they want to.

iCloud+ was the best $1 / month custom domain emailband email alias service with 100GB of E2EE cloud drive.

Obviously it will be sad to see it enshittified for seemingly no reason.

Unfortunately sometimes we are at some specific provider’s mercy for whatever reason like lack of appropriate alternatives.

IDK I’ve appreciated Reddit killing off good features like old version, putting a time-lock banner on mobile while logged out, trying to block VPNs when logged out, etc.

I want that company devalued and bought by Verizon or AOL to die a Yahoo death.

What is insane to me is how few people realize their stock has a higher P/E than nVidia… and it isn’t because of some bullshit minor AI data deals. It’s a youth-forward narrative machine, and everyone knows it.

Yes but not always applicable unfortunately… e.g. the other day I was in Italy, I needed to park on the publicly available parking which was paid to the municipality.

No other parking available anywhere near in 30 mins walking distance. (paid or free)

I had to download a 3rd party app that asked me to register. This app isn’t by the Italian government, it’s affiliated though.

So in that situation, I want nothing to do with your website or app, because I wouldn’t able to park.

If your website needs an email address at all.. otherwise just use null@null.null, if it accepts and doesn't require a authentication code

Completely agree - have you encountered this before? The Gmail plus sign alias trick has been widely known for a long time and, to my knowledge, still works well today. It would be easy enough for websites to either block + in gmail addresses or instead grab the true email.

I ran into this with an NVMO mobile provider. They did not like my personal email domains so I nagged their customer support until they manually added it. Their marketing team happily emails my personal domains once added. Some day this will probably cause a problem but my goal is to eventually get rid of my cell phone either way.

> Long story short: now both Sign in with Apple and Hide My Email aliases are going to be issued on the @private.icloud.com subdomain. This makes it much easier to ban all aliases without affecting non-relay mailboxes on iCloud mail.

Could someone clarify why having Sign in with Apple and Hide My Email on the same domain would make a blanket ban easier rather than harder? What am I missing?

Before, the emails were "me@icloud.com", the default for all apple users. There was no way to distinguish normal emails from generated private emails.

Now, they will be "blah@private.icloud.com", so it will be easy to ban the generated/private email that reduces the ability to associate logins across services.

Unclear why Apple would shoot themselves in this way; I hope it's not Ternus complying with anti-privacy.

Apple was generating (something)@icloud.com whenever you used that service. Now, it will use (something)@private.icloud.com instead. So you can ban this subdomain instantly, knowing people will be "hiding" with this service by default.

It's like blocking anondaddy, simplelogin etc but not protonmail.

I guess their thought process is, both alias and non-alias accounts use @icloud.com

You were always able to reserve a normal icloud email address just like you would a GMail account, so banning all icloud email addresses would be banning non-alias Apple customers

That being said, I'm not convinced anyone who wanted to ban aliases couldn't have already. The alias emails look weird enough I'm guessing you could ban them with few false positives.

> The alias emails look weird enough I'm guessing you could ban them with few false positives.

While this is true not all of them been weird. Some can be just word + number + word without dots or underscores.

Also blanket banning whole domains is just much easier and already done for temporary emails. No false positives.

Determined sites could already easily do this. Just detect the patterns used. I agree it's a useless change though.

heave_balks_0g@icloud.com

It shouldn't matter for the sign in with apple because sites are already expressly supporting that.

Email aliasing is hard because you want privacy from a herd of users, but then you're locked into that ecosystem versus a domain you control has no herd, but the upside is no lock-in.

Not all aliases it generated look like this, some look like these:

  viods01crew@icloud.com
  methyl.brick1h@icloud.com

In any case fact that some services banned alies is not the reason to make them completely useless instead of making them better.

Apple is one of few companies that ia able to push for this with market share.

> Determined sites could already easily do this

They already DO do it, I don't know how they're currently determining it

I would bet that doing so would be a pretty quick way to have your app pulled.

They already require that you use Sign in with Apple, I would think that it working fully is also a requirement?

You can use Hide My Email on any website though, whereas Sign In with Apple is limited to just those websites and apps that support it. Sign In with Apple isn't nearly as popular on the web, so it's a lot easier to just ban "@private.icloud.com" from your web service there.

Hide My Email isn’t particularly related to apps. You can use it on any web form that asks for your email address, or as the sender of any email message you send using Apple Mail.

Shameless plug - I created a chrome extension that allows to create unique email addresses that forward to your real inbox. It uses Cloudflare email routing, simplifies creating/labeling of new addresses and keeping track of them. Always 1 click away.

The addresses are pre-allocated and recycled when deleted so creating a new one is faster that with Apple's hide my mail.

https://github.com/webmonch/hide-my-mail-cloudflare

With cloudflare you can also just setup catch-all and be done wirh it.

I personally doing catch-all already, but problem is that using your own domain for website registration basically gives everyone unique id to eaaily connect all the information that ever been leaked for your accounts and something always gets leaked.

Not a very good idea for privacy.

email isn't really a decentralized system at all. Google, Microsoft and Amazon own e-mail delivery. Perhaps Google ads customers complained that they could not correlated private @icloud addresses, and we are now witnessing the consequences. What Apple got in exchange from Google, I don't know, I'm sure it is related to their Siri deal.

Oh fuck. I love Hide My Email and it's been the best feature about iCloud ever since it came out.

It's actually useful compared to Gmail's useless "yourrealaddress+alais" that gives away your actual email anyway, and it helped me catch quite a few spammers/data sellers.

Hide My Email addresses already have a peculiar format that others could guess, and some do block those, and there's no reason to add a blatant "private." tag.

This is a win for privacy-intruders, not users, just like Apple's iCloud Keychain API that has allowed Facebook, TikTok etc. to secretly track users across multiple devices and device reinstalls for years.