No other parking available anywhere near in 30 mins walking distance. (paid or free)
I had to download a 3rd party app that asked me to register. This app isn’t by the Italian government, it’s affiliated though.
So in that situation, I want nothing to do with your website or app, because I wouldn’t able to park.
But like you said, what are you supposed to do otherwise?
create a burner for when ‘not always applicable unfortunately’
As of about six months ago, AT&T's web site would not accept email addresses without a three-character TLD. I had to get a customer service person on the phone to manually change my address.
Nothing of it solves privacy though.
Private emails regularly lead to awful customer service interactions because people cannot tell us the email they used to register. Fastmail at least is off the beaten path enough that people probably can understand. Apple, especially using sign in with Apple, is horrid. And not just people unable to tell us the email; they then create multiple accounts; try to sign in on web and use their actual email and then have 2 accounts and flip shit that their stuff is gone; etc. Oh, and regularly blame us for their confusion.
So...
nytimes@mailsub.example.com -> jono@gmail
anything-else@mailsub.example.com -> jono@gmail
You dont even need to materialize aliases at all.
Also, another downside is that you will loose privacy by using your own domain.
And the lack of privacy makes targeted scam/phishing more likely, and targeted scam is the one we are most susceptible to.
All in all, I am not saying this is bad idea, in fact I am doing it myself, just pointing out this is not so black and white.
Using iCloud solves those problems, but puts you at risk of getting your account banned and loosing access to those emails, so there is that.
Probably best way to deal with it is to get dedicated email domain with a bunch of your friends, and hook it up with something like SimpleLogin. But that's gets complicated quickly ;)
If you are worried about privacy, get a domain just for this. Use domain privacy and dont host other things there.
Yes, some sites whitelist domains or dont allow subdomains. For those I'll use another account - or a firefox alias or something. But 9 out of 10 work fine.
I am not a fan of alias services since materializing names takes discipline. How many do you make? Maybe there is a limit of 50. When do you share them across services? My guess is many people just create 2 or 3 aliases they use for everything - which defeats the purpose. Sure, it masks your personal address, but once one gets compromised, you find it basically served as your personal address anyway.
I also dont really keep track of most of the names I use. Since most are one time things that I would never use again, like to sign a waiver or something. But I mostly stick to '{domain}@' for the names. So my nytimes account would just be nytimes@, which is predictable when I need to recover it. I used to use addy.io for this, but it was not as good since it had account limits and I had to manually manage every alias. Much easier for me to just create a mail filter to sinkhole an old name. Of course I have never really needed to do this anyway.
However be warned some surprisingly large websites don't support subdomains, for example eBay will silently send user@sub.domain.tld to user@domain.tld and you'll only figure it out by looking at your server logs for rejected mail.
In those cases I have to specifically alias that username@domain.tld to the subdomain.
With this new Apple privacy subdomain maybe eBay will finally fix this.
Not really no. You can absolutely create a domain using bogus WHOIS information. No one will bat an eyelid.
It's a non-issue. I've been using a catch all domain for at least a decade. I get a small amount of spam to random made up emails but not enough to care about plus it all gets caught and filtered.
So, it's a piece of cake to add "{random}@example.com" to the block list. Usually it's something like "msg-bestbuy@example.com".
But the people usually just nod along.
The other downside is that it's forward-in only, wish I could proxy responses without setting up a whole new inbox (and outbox).
I had one small business aggressively threaten me that they fully owned their business name and I wasn't allowed to use it in my email address.
My solution was to keep my wonderful aliases and dump them. If a business is concerned but nice about it I'll offer an alternative such as plumber@
> The other downside is that it's forward-in only, wish I could proxy responses without setting up a whole new inbox (and outbox).
If you have your own domain most mail providers don't care what username@ you use on your sent mail so you shouldn't need any additional mailboxes (especially if they already offer inbound catch all)
I also use the ReplayAsOriginalRecipientUp [1] extension in Thunderbird which takes the recipient address and puts it as the sender for ongoing communication.
[1]: https://addons.thunderbird.net/en-US/thunderbird/addon/reply...
But to the point of forward-in-only -- I use the fastmail web client and iOS client. Both of these respond using the Masked Email address if you choose to respond to an email. In fact I can choose any of my masked email addressed as I am composing mail to initial communication from that address.
In short, "it just works". I really can't say enough good things about Fastmail!
I was once on the phone with german insurance provider and they dictateted me email to send documents to: kundenbetreuung@passportcard.de
I dont speak German so it was both tough and funny EuroTrip-like moment.
Yes its really email they use.
But keep good records!!
It gets really awkward when you’re trying to recover an account and can’t remember what custom email you used.
Part of the reason to use Hide My Email was that it made keeping myself private hassle-free. Making a system to pre-generate values and then catalog them for later use is quite the hassle.
What you’d lose is the reply-to forwarding feature.
It’s also might obnoxious if you ever need to remove an email from that list (or, gods forbid, mass clean the list).
But okay, this update is even worse. I might just stop paying for the iCloud+ whatchamacallit and backup to my Mac like I used to.
iCloud+ was the best $1 / month custom domain email and email alias service with 100GB of E2EE cloud drive.
Obviously it will be sad to see it enshittified for seemingly no reason.
This allows Apple to see which sets of users share unique Winnie the Pooh memes. They know who had them first, who they sent them to, and when.
The E2EE is useless with such unencrypted metadata leaks.
Could someone clarify why having Sign in with Apple and Hide My Email on the same domain would make a blanket ban easier rather than harder? What am I missing?
Now, they will be "blah@private.icloud.com", so it will be easy to ban the generated/private email that reduces the ability to associate logins across services.
Unclear why Apple would shoot themselves in this way; I hope it's not Ternus complying with anti-privacy.
I've been in the ecosystem long enough to have .iCloud.com, .me, .mobileme.com, iTunes.com, and probably one or two more addresses all assigned by various Apple services over the years before they started unifying the systems.
They all work, and independently of one another.
I wonder if all the domains will be migrated, and how namespace collisions will be handled.
It's like blocking anondaddy, simplelogin etc but not protonmail.
You were always able to reserve a normal icloud email address just like you would a GMail account, so banning all icloud email addresses would be banning non-alias Apple customers
That being said, I'm not convinced anyone who wanted to ban aliases couldn't have already. The alias emails look weird enough I'm guessing you could ban them with few false positives.
While this is true not all of them been weird. Some can be just word + number + word without dots or underscores.
Also blanket banning whole domains is just much easier and already done for temporary emails. No false positives.
1. Services those emails are used with cannot unilaterally send email to them. They must pre-register how they will send email to them, which breaks services with third-party relationships such as online retail with payment processors or shipping companies.
Users don't like not receiving shipping notifications, and users don't like not seeing invoices or at worst missing bills and going into debt because the payment processor can't contact them.
2. Users signing up for services struggle to re-use accounts. If the account is identified by email, as most are, figuring out the private email used when you signed up on your iPhone, when you later try to sign in on the web, basically impossible for your average user. Users end up with mulitple accounts, likely one on their real email anyway, and it's a support nightmare for both the user and the service provider.
Does this increase user privacy? Yes. Does it increase user control? Sure I guess. But it does so at the cost of basic UX and service expectations, and likely makes the overall experience and control worse for users in many cases.
So why is this change being made? My take is that it's so that it's easier for services to exclude Hide My Email sign-ups. That way the bad UX is gone, and the service provider looks like the bad guy rather than Apple.
You're talking about "Sign in with Apple" email addresses here, not Hide My Email. Anyone can send to Hide My Email addresses.
I have been a happy Hide My Email user for years. This is simply not a problem, and even for normies it's no more a problem than "can't remember password at all".
- Label Hide My Email with the service name I registered with it. Add number or nickname if I have multiple accounts on that service. - Add an email rules to move the email addressed to that Hide My Email addressuu to a separate inbox. - Use the same label in password manager, also save the email to the password manage entry.
> - Label Hide My Email with the service name I registered with it.
I think the ‘normal’ way to do it is way simpler:
- a site asks for an email address
- click “Hide My Email”
- use Apple’s flow to create a new email address
- use Apple’s flow to pick a password
- phone or Mac automatically associates the email address with the site and stores the password in the KeyChain
AFAICT, the only thing that doesn’t do that you describe is “Add an email rules to move the email addressed to that Hide My Email address to a separate inbox”.
I think that’s orthogonal to using Hide My Email, though. If you want that, you likely would do the same for mail from the site’s domain.
I use this wonderful extension to make it easy to generate aliases https://chromewebstore.google.com/detail/icloud-hide-my-emai...
If I need to make an account with someone I don't trust enough to hand my email over to, usually the right answer is to just not create an account with them.
I have also tried things like having email aliases but what ends up happening is now I have more email accounts aliases to maintain/think about. It's annoying.
I don't personally find the prospect of "receiving spam email" or "having my email account leaked in a hack" to be particularly threatening. Spam just goes to the spam box, it's usually not my problem.
And besides, my real email can get exposed by my own legitimate companies that really should have my real email getting hacked. See also: EquiFax.
The addresses are pre-allocated and recycled when deleted so creating a new one is faster that with Apple's hide my mail.
I personally doing catch-all already, but problem is that using your own domain for website registration basically gives everyone unique id to eaaily connect all the information that ever been leaked for your accounts and something always gets leaked.
Not a very good idea for privacy.
Now Hide My Email allowed you to do just that: Create an account with an email that wasn't tied to your identity, and that you could just decommission if you didn't need it anymore. Sites had no way to detect these either, because all of the randomly generated addresses Apple provided you with just ended in @icloud.com, which is also used by tons of regular accounts - so if you blocked this domain, you'd invariably preclude millions of people from your service.
But by separating the domains, sites can simply add private.icloud.com to their trash mail blocklist, preventing the use of Hide My Email, while regular @iCloud.com addresses will continue to work. It makes the entire service useless at once.
A good example of a throwaway email that is now useless because of these blocks is mailinator.com. Originally, you could just make up a random email on the spot like gregsrightfoot@mailinator.com, visit mailinator.com, and get the needed signup verification email. These services autodeleted messages and required no signup so they were a black hole for spam. However websites eventually got wise that their spam wasn’t being seen and started blocking the domain. Mailinator came up with alternative domains and there was a brief back and forth before the throwaway email domains all ended up being blocked.
heave_balks_0g@icloud.com
It shouldn't matter for the sign in with apple because sites are already expressly supporting that.
Email aliasing is hard because you want privacy from a herd of users, but then you're locked into that ecosystem versus a domain you control has no herd, but the upside is no lock-in.
viods01crew@icloud.com
methyl.brick1h@icloud.com
Apple is one of few companies that ia able to push for this with market share.
They already require that you use Sign in with Apple, I would think that it working fully is also a requirement?
They require apps offer a service which meets their privacy requirements if they use any 3rd party or social login service.[1] And apps could block private.icloud.com for email and not Sign in with Apple.
[1] https://9to5mac.com/2024/01/27/sign-in-with-apple-rules-app-...
I scripted something to hit Fastmail’s API + 1Password API to generate emails and make accounts in these scenarios. But it’s still annoying.
I sure wish 1Password + Fastmail would let you generate them within the 1Password app without requiring a browser sign-up page in the middle.
It's actually useful compared to Gmail's useless "yourrealaddress+alais" that gives away your actual email anyway, and it helped me catch quite a few spammers/data sellers.
Hide My Email addresses already have a peculiar format that others could guess, and some do block those, and there's no reason to add a blatant "private." tag.
This is a win for privacy-intruders, not users, just like Apple's iCloud Keychain API that has allowed Facebook, TikTok etc. to secretly track users across multiple devices and device reinstalls for years.
And might be there just no one remain as owner of feature to explain them why its bad idea.
Btw I only use these aliases for sites where I don't mind loosing the login, otherwise it would the mother of all lock-ins... Would have been nice if I could opt for aliases on my own (secondary?) domain... At least then I could still move them (using wildcards or some exported list).
When you own your own domain, the switching cost between providers is small. You can make a dedicated domain just for aliases
Both SimpleLogin and Fastmail have excellent integration with password managers as well
Mail sent to t20260617@foon.uk will reach me, but only for today.
So, any time I'm giving away my email address against my will, which is most of the time, they get to spam me for exactly one day.
Fastmail also has wonderful random email functionality you can link up to your Bitwarden client or use the Fastmail API.