Comment by keane
19 hours ago
Possibly relevant comment from a few years ago: >AirDrop also shares your full name (seemingly the one associated with your Apple ID, not what you have set for yourself in your contacts), both by displaying it in the sharing interface on the involved devices and by attaching it as an extended attribute to uploaded files. >So if you AirDrop some files to your computer and then zip them up, anyone you send that zip to (a journalist, a public file-hosting site, w/e) will have your full legal name to go with them. Linked article from that thread is moved to 20 comments keane Reply
Do other file systems even support the extended attributes from Apple?
Using macOS 26 and iOS 26 I was unable to reproduce their findings. I airdropped a photo from my iOS device to my laptop, and nothing in `mdls`, `xattr -l`, `exiftool -s`, `rg -i` showed my name.
It wouldn't surprise if Apple had fixed this, it's the sortof thing they would fix, but it may be worth trying with 2 devices not from the same iCloud account. Wouldn't surprise me if the code paths were subtly different in that case.
They would seem to contain identifiers as law enforcement have been able to follow up on instances where there has been airdropping of perverse images, but as noted by others the files don't include names.
The problem with airdrop (and likely why the 10 minute setting now exists) is that it includes a preview image as part of the notification request.
So other than being able to subject someone to perverse images, preview images have also been used in state-sponsored zero-click attacks to infect the phones of their targets. While that vector seems to be muted for now, the 10 minute setting provides a layer of defence against both potential future zero-clicks and receiving unsolicited previews images.
Just a tip - You can put any string as your name for your Apple ID. you can also change it at any time. I have it as Mac Book. It's not checked when making any credit card payment, AFAIK.
Just keep in mind, if you give your device to the Apple Store for repairs, they'll automatically expect the person who is picking up to have a matching ID to the Apple account.
It was a fun misunderstanding to resolve when I went to pick up my repaired Macbook Pro and they expected my ID to say Mark Suckerberg. It was resolved relatively uneventfully but still had to get the manager over.
Another fun side effect, if you put an emoji in your name, you'll need to manually edit it every time you use Apple pay or it breaks the transaction.
Is anything but the zip code actually checked ever? Besides the number and cv2 or whatever.
No. Credit card transactions cannot check for name or billing a part from the zip code. Also the zip code validation only works in certain countries like the US, and Canada.
The way to validate that works is Visa 3DS or MasterCard 3D Secure. Those sent an OTP from the issuer to the cardholder on the issuer database, usually an email or SMS. The issuer of the card is the only who really knows the owner of the card.
1 reply →
They get compared yes, and it feeds into the fraud likelihood score that the merchant gets sent. And then usually chooses to ignore, because they make more from going ahead with the transaction than from stopping because it's suspicious, but it makes it easier for the credit card industry to put the liability on them.
Well, for example, I can set Stripe Radar to hard match the name on the CC, for example. Very granular control is possible, but doing stuff like checking zip codes, names leads to false negatives and isn't worth it, in my experience.
Number, date (though I never bothered to check if it's actually checked, besides stupid frontend shenanigans when I couldn't enter it because it had a whole whooping month ahead of the current date) and CVC.
As soon as I learned what BANK NAME is acceptable name I used it almost everywhere.
3 replies →
"... then zip them up, anyone you send that zip to (a journalist, a public file-hosting site, w/e) will have your full legal name ..."
A bit of a leap to assume that your Apple ID (or the name you give your iphone) is your full legal name ... or related to any name at all ...
My apple ID is built specifically for just that phone and is jettisoned when I upgrade/change the phone. The apple ID is not related to my own name.
I don't consider this an aggressive - or even interesting - privacy practice.
Did you use your full legal name when you signed up with Blizzard for WoW ? Why would you do anything different for Apple ?
They are not the IRS. They are not a passport agency. They are not the government. Stop treating them that way.
If you're someone who's bought into the Apple ecosystem over multiple devices, or ave a partner or children who are also using devices in the Apple ecosystem, then your Apple ID is something that is very definitely tied to you and probably difficult to change/give up when you replace your phone.
I don't think it would be at all surprising to find that the vast majority of people use their legal name or something closely associated with their identity, and that it persists over multiple devices.
As defensible as it may be, your behavior is very far from the norm. You may not consider this a aggressive privacy practice but demographically speaking, it absolutely is.
So you repurchase your entire App Store library when you upgrade your phone?