← Back to context

Comment by danpalmer

15 days ago

Hide My Email is fundamentally broken in two major ways:

1. Services those emails are used with cannot unilaterally send email to them. They must pre-register how they will send email to them, which breaks services with third-party relationships such as online retail with payment processors or shipping companies.

Users don't like not receiving shipping notifications, and users don't like not seeing invoices or at worst missing bills and going into debt because the payment processor can't contact them.

2. Users signing up for services struggle to re-use accounts. If the account is identified by email, as most are, figuring out the private email used when you signed up on your iPhone, when you later try to sign in on the web, basically impossible for your average user. Users end up with mulitple accounts, likely one on their real email anyway, and it's a support nightmare for both the user and the service provider.

Does this increase user privacy? Yes. Does it increase user control? Sure I guess. But it does so at the cost of basic UX and service expectations, and likely makes the overall experience and control worse for users in many cases.

So why is this change being made? My take is that it's so that it's easier for services to exclude Hide My Email sign-ups. That way the bad UX is gone, and the service provider looks like the bad guy rather than Apple.

> Services those emails are used with cannot unilaterally send email to them. They must pre-register how they will send email to them, which breaks services with third-party relationships such as online retail with payment processors or shipping companies.

You're talking about "Sign in with Apple" email addresses here, not Hide My Email. Anyone can send to Hide My Email addresses.

If you have iCloud Keychain enabled you don't have to "remember" a sign-in at all. Flip a toggle, say "Yes" when Safari offers to remember the new password you generated for the fake email you generated in a drop down menu, and you're a FaceID/TouchID away from auth. My 80 year old uncle can manage this.

I have been a happy Hide My Email user for years. This is simply not a problem, and even for normies it's no more a problem than "can't remember password at all".

  • It’s a problem if you use non-Apple devices as well as Apple devices.

    • It isn’t that straight forward but I use Firefox on Linux along with my iPhone and Mac. My workflow is to use Passwords and Hide my on safari and then Firefox there after on the Apple device. Firefox then saves the login details and it shows up on my Linux + Firefox desktop. Not ideal, kinda dumb, and takes away a little bit of faith in humanity, but I don’t have to type in the details.

For now I think Hide My Email is for power users! It's on the user side to manage their identities. My current workflow:

- Label Hide My Email with the service name I registered with it. Add number or nickname if I have multiple accounts on that service. - Add an email rules to move the email addressed to that Hide My Email addressuu to a separate inbox. - Use the same label in password manager, also save the email to the password manage entry.

  • > For now I think Hide My Email is for power users! It's on the user side to manage their identities. My current workflow:

    > - Label Hide My Email with the service name I registered with it.

    I think the ‘normal’ way to do it is way simpler:

    - a site asks for an email address

    - click “Hide My Email”

    - use Apple’s flow to create a new email address

    - use Apple’s flow to pick a password

    - phone or Mac automatically associates the email address with the site and stores the password in the KeyChain

    AFAICT, the only thing that doesn’t do that you describe is “Add an email rules to move the email addressed to that Hide My Email address to a separate inbox”.

    I think that’s orthogonal to using Hide My Email, though. If you want that, you likely would do the same for mail from the site’s domain.

    • yes, I wish I've done that, but I'm too paranoid that I use KeePass for the password manager and always want to know the email address ahead of the time.

I appreciate this ends up as your problem when it shouldn't be, but it feels so self-inflicted; someone using a privacy email has declared they don't want to receive email, so they shouldn't be surprised when .. they don't receive a shipping notification email.

I've received emails to my HME address from third parties. Bought something from Shop A, got the email confirmation from them, later got the shipping notification from Courier B, all to the same HME address.