”Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses,” the person who reported the issue said.
I hadn’t heard about this feature before and was curious how it worked. Basically its creating a random email alias for your mailbox that you can manage separately from your main address, so you can turn it off if whatever site you gave it to starts getting spammy. Use a password manager and the fact your account email is random shouldn’t matter much when logging into a website I guess.
The problem that I didn’t think about until I had used this for a bunch of websites is that if you ever wanna leave the Apple ecosystem you’re gonna be in for a real headache
Wait is this true? I have unlimited and am planning on canceling. I’ve made my aliases through the included SimpleLogin subscription. Do I keep my aliases if the sub ends?
The difference to me is that if I’m locked into using one particular email provider because I don’t feel like going through the hassle of updating all my accounts, it’s a low inconvenience, since most email providers are free/relatively cheap. But if I’m locked into the Apple ecosystem for the same reason, it’s a much bigger inconvenience, given the high cost of their hardware and privacy/security concerns (which some email providers also have, but that’s an issue in both cases so it’s moot)
It’s a common feature. Mozilla, addy.io, SimpleLogin, etc. all have it. However Apple is special in that they use the same domain as millions of other genuine users, so sites can’t really effectively block you from using it, as is the case with just about every other email aliasing service. Unfortunately they’re also abandoning that feature.
Yes, a password manager will help to generate account logins and track them easily for you. But also if your email provider supports it, set your username email address with a +prefix specific to the website/service so you make the account unique, have traceability and isolate your risk if your email or account is sold or leaked. E.g. name+website@example.com
Not every website or service accepts email addresses with plus sign prefixes but this is handy for most.
I hadn’t heard about this feature before and was curious how it worked. Basically its creating a random email alias for your mailbox that you can manage separately from your main address, so you can turn it off if whatever site you gave it to starts getting spammy. Use a password manager and the fact your account email is random shouldn’t matter much when logging into a website I guess.
The problem that I didn’t think about until I had used this for a bunch of websites is that if you ever wanna leave the Apple ecosystem you’re gonna be in for a real headache
Same with Proton. Went balls deep in their aliases only to realize later I was trapped when the price went up the following year.
You keep your SimpleLogin aliases even if you stop paying.
I belive that’s only if you have simple login. If you are using say proton unlimited, no, you don’t keep them.
Wait is this true? I have unlimited and am planning on canceling. I’ve made my aliases through the included SimpleLogin subscription. Do I keep my aliases if the sub ends?
If you created them through simple login my understanding is you are fine
They all forward to the main address, so it’s no different than leaving any other domain.
They don’t delete your private aliases they just prevent creation of new ones, and the @icloud.com email is otherwise free.
If I leave apple, all those accounts are signed up with icloud addresses, which I’d no longer have access to
That’s no different than if you left any other provider though, unless I’m missing something?
The difference to me is that if I’m locked into using one particular email provider because I don’t feel like going through the hassle of updating all my accounts, it’s a low inconvenience, since most email providers are free/relatively cheap. But if I’m locked into the Apple ecosystem for the same reason, it’s a much bigger inconvenience, given the high cost of their hardware and privacy/security concerns (which some email providers also have, but that’s an issue in both cases so it’s moot)
It’s a common feature. Mozilla, addy.io, SimpleLogin, etc. all have it. However Apple is special in that they use the same domain as millions of other genuine users, so sites can’t really effectively block you from using it, as is the case with just about every other email aliasing service. Unfortunately they’re also abandoning that feature.
deleted by creator
There are several services that offer this to both free and paying users. As far as I know, though, none of them have a vulnerability as bad as this
Yes, a password manager will help to generate account logins and track them easily for you. But also if your email provider supports it, set your username email address with a +prefix specific to the website/service so you make the account unique, have traceability and isolate your risk if your email or account is sold or leaked. E.g. name+website@example.com
Not every website or service accepts email addresses with plus sign prefixes but this is handy for most.