Comment by FireBeyond
1 year ago
> The random addresses are indistinguishable from real iCloud.com email addresses, there’s no naming convention a website can reject.
That's not remotely true.
The very very very vast majority of actual iCloud email addresses are going to have "dictionary" names. It's quite trivial to detect a randomized address (and at that point, you probably don't even care about a couple of false positives).
Multiple instances of letter-number-letter-number ("b2y4r")? Coupled with letter combinations that don't exist in most languages ("ytbn")? And no dictionary words ("john", "smith", "booklover")? Random address.
Now, whether you care to do business with someone who detects this is a different question altogether.
But they are absolutely distinguishable.
The auto-generated addresses also have dictionary names. They’re explicitly designed to look like addresses that a real person might come up with… typically a dictionary word, followed by some numbers and symbols. Just like other email addresses on popular services where all the good names are taken.
The ones I've seen are like a987dfc429be@icloud.com.
Same with Private Relay: here's one of mine (with one character changed) - 2he5rs923s@privaterelay.appleid.com
You’re thinking about something else. There’s a thing called “Sign In With Apple” that is available when an app/website wants to offer it, that integrates with Apple’s authentication system. The email the app/website sees is a bunch of random characters followed by @privaterelay.appleid.com. But Sign In With Apple is not the same as Hide My Email. SIWA is for when the website opts into Apple as an auth provider.
I just looked at my alias list in iCloud and every single “hide my email” alias looks like a plausible @icloud.com address with dictionary words, and every “sign in with Apple” address is using the privaterelay address with the super random characters. There are no addresses that look like a987dfc429be@icloud.com.