alt Hacker News> Long story short: now both Sign in with Apple and Hide My Email aliases are going to be issued on the @private.icloud.com subdomain. This makes it much easier to ban all aliases without affecting non-relay mailboxes on iCloud mail.
Could someone clarify why having Sign in with Apple and Hide My Email on the same domain would make a blanket ban easier rather than harder? What am I missing?
Replies
Apple was generating (something)@icloud.com whenever you used that service. Now, it will use (something)@private.icloud.com instead. So you can ban this subdomain instantly, knowing people will be "hiding" with this service by default.
It's like blocking anondaddy, simplelogin etc but not protonmail.
I guess their thought process is, both alias and non-alias accounts use @icloud.com
You were always able to reserve a normal icloud email address just like you would a GMail account, so banning all icloud email addresses would be banning non-alias Apple customers
That being said, I'm not convinced anyone who wanted to ban aliases couldn't have already. The alias emails look weird enough I'm guessing you could ban them with few false positives.
Before, the emails were "[email protected]", the default for all apple users. There was no way to distinguish normal emails from generated private emails.
Now, they will be "[email protected]", so it will be easy to ban the generated/private email that reduces the ability to associate logins across services.
Unclear why Apple would shoot themselves in this way; I hope it's not Ternus complying with anti-privacy.