Comment by jawiggins

15 days ago

> If you use iCloud+ and Hide My Email, there is still time to generate more aliases on @icloud.com as the change has not yet landed and the rate limit for creating aliases is at least 30 per hour.

Part of the reason to use Hide My Email was that it made keeping myself private hassle-free. Making a system to pre-generate values and then catalog them for later use is quite the hassle.

If you don't mind trusting another company with forwarding your emails, it's definitely less hassle to set up an equivalent service for yourself.

  • You can sort of do this today with iCloud. Add a custom domain and enable the catch-all forwarding, and you can receive anything@domain.tld and it’s forwarded to you.

    What you’d lose is the reply-to forwarding feature.

  • If you mean "set up an equivalent service" under your own domain, that's both less private and more likely to be blocked; there are a lot of services which, unfortunately, only allow sign-ups from big, well-known domains.

    • Are there really? I don't think I've ever encountered such a service in all the years I've been using an email address under my own domain. And blocking every email address that's not from a big provider means blocking basically everyone who tries to sign up with their company email, which might not be great for business.

      19 replies →

    • Nah. I have hosted my domain for 17 years on google and then fastmail. The hosting is harder than private relay, although not too hard.

      But I have only had maybe 3 services ever reject my domain, and those were because the domain contains a number.

      10 replies →

    • I have had my own domain for mail for 10 years. I have yet to ever see a service which didn't let me sign up with it. I'm willing to believe that such services exist, but I dispute the claim that there are a lot of them.

    • Less private, but the most common case is actually anti-harassment.

      Plenty of providers, but perhaps Apple needs to be forced to open up hide-my-email-providers for others.

      Only the EU is capable of doing such thing

    • Are you sure you don’t have this backwards? Some B2B websites only accept sign-ups from domains not associated with Gmail, Yahoo, and similar providers.

    • I've had my own domain for email for twenty years or so now, and I've encountered maybe one signup form that didn't accept it. What you're saying is definitely not true, and I would highly recommend using your own domain for email (preferably with Fastmail, it's fantastic).

Yep, but I still generated some for myself just in case and fellow hackers can do the same if they want to.

iCloud+ was the best $1 / month custom domain email and email alias service with 100GB of E2EE cloud drive.

Obviously it will be sad to see it enshittified for seemingly no reason.

  • It's E2EE (only if you turn it on, which you can't do in the UK) but it saves (non-encrypted) the hashes of the plaintext of the files to Apple (presumably for dedup).

    This allows Apple to see which sets of users share unique Winnie the Pooh memes. They know who had them first, who they sent them to, and when.

    The E2EE is useless with such unencrypted metadata leaks.

    https://www.youtube.com/watch?v=tL8_caB35Pg

    • > only if you turn it on, which you can't do in the UK

      Fortunately changing Apple account country is as easy as buying US gift card on Amazon and unlike Google they dont mess with account location.

      As about encryption I totally agree its pretty meh, but again it's not why I paid my $1.

      2 replies →

  • [flagged]

    • You could've at least checked my profile...

      Problem is that using of own domain is creating huge privacy and cybersecurity risk since you can track all the person profiles across all the databases ever leaked.

      Its nice as vanity item, but it's better not to use same domain across banks, online forums and porn sites. ;-)

      1 reply →

    • Yeah, real hackers use a uniquely identifying domain that lets everyone in the world trivially trace all of said hacker's online activity to the same person.

I pay for the bundle, but HME was never hassle-free. I would say that it works on ~40% of form fields. Most of the time I never get the prompt from HME.

It’s also might obnoxious if you ever need to remove an email from that list (or, gods forbid, mass clean the list).

But okay, this update is even worse. I might just stop paying for the iCloud+ whatchamacallit and backup to my Mac like I used to.

Yeah, I have several dozen already—I suppose I can reuse those forever… I guess it's kind of cool having one-per-site though so you can tell who the "rat" is when one of your hide-my's gets spammed.

  • I have over 300 so far. In addition to knowing where spam is coming from, and being able to block it, it also helps prevent correlation across accounts and websites as data leaks occur.