Apple is about to make Hide My Email useless

https://arseniyshestakov.com/2026/06/16/apple-is-about-to-make-hide-my-email-useless/

43•SXX•1h ago

Comments

mortenjorck•14m ago

> Long story short: now both Sign in with Apple and Hide My Email aliases are going to be issued on the @private.icloud.com subdomain. This makes it much easier to ban all aliases without affecting non-relay mailboxes on iCloud mail.

Could someone clarify why having Sign in with Apple and Hide My Email on the same domain would make a blanket ban easier rather than harder? What am I missing?

BoorishBears•10m ago

I guess their thought process is, both alias and non-alias accounts use @icloud.com

You were always able to reserve a normal icloud email address just like you would a GMail account, so banning all icloud email addresses would be banning non-alias Apple customers

That being said, I'm not convinced anyone who wanted to ban aliases couldn't have already. The alias emails look weird enough I'm guessing you could ban them with few false positives.

SXX•4m ago

> The alias emails look weird enough I'm guessing you could ban them with few false positives.

While this is true not all of them been weird. Some can be just word + number + word without dots or underscores.

Also blanket banning whole domains is just much easier and already done for temporary emails. No false positives.

w10-1•9m ago

Before, the emails were "me@icloud.com", the default for all apple users. There was no way to distinguish normal emails from generated private emails.

Now, they will be "blah@private.icloud.com", so it will be easy to ban the generated/private email that reduces the ability to associate logins across services.

Unclear why Apple would shoot themselves in this way; I hope it's not Ternus complying with anti-privacy.

gobip•3m ago

Apple was generating (something)@icloud.com whenever you used that service. Now, it will use (something)@private.icloud.com instead. So you can ban this subdomain instantly, knowing people will be "hiding" with this service by default.

It's like blocking anondaddy, simplelogin etc but not protonmail.

giancarlostoro•13m ago

If your website will block me out because I used a privacy friendly email, I want nothing to do with your website.

vinni2•8m ago

Unfortunately sometimes we are at some specific provider’s mercy for whatever reason like lack of appropriate alternatives.

MoonWalk•3m ago

COUGHredditCOUGH

nerdjon•13m ago

I would bet that doing so would be a pretty quick way to have your app pulled.

They already require that you use Sign in with Apple, I would think that it working fully is also a requirement?

layer8•6m ago

Hide My Email isn’t particularly related to apps. You can use it for any web form that asks for your email address, or any email you send using Apple Mail.

nozzlegear•6m ago

You can use Hide My Email on any website though, whereas Sign In with Apple is limited to just those websites and apps that support it. Sign In with Apple isn't nearly as popular on the web, so it's a lot easier to just ban "@private.icloud.com" from your web service there.

jawiggins•8m ago

> If you use iCloud+ and Hide My Email, there is still time to generate more aliases on @icloud.com as the change has not yet landed and the rate limit for creating aliases is at least 30 per hour.

Part of the reason to use Hide My Email was that it made keeping myself private hassle-free. Making a system to pre-generate values and then catalog them for later use is quite the hassle.

risyachka•6m ago

Shameless plug - I created a chrome extension that allows to create unique email addresses that forward to your real inbox. It uses Cloudflare email routing, simplifies creating/labeling of new addresses and keeping track of them. Always 1 click away.

The addresses are pre-allocated and recycled when deleted so creating a new one is faster that with Apple's hide my mail.

https://github.com/webmonch/hide-my-mail-cloudflare

wxw•4m ago

I pay for Fastmail just for masked email and its integration with 1Password.

Republican Gov. Mike DeWine wants Ohio to abolish the death penalty

Write code that is easy to delete, not easy to extend. (2013)

Infinitely Morphing Tesselated Ribbon

DeepSeek V4 Pro at 5% the cost of Claude – what it takes to close the gap

Coffee Through Divine Intervention

Optimizing a C collision detection 100x with an LLM

I know you're arguing with your wife over 'one more prompt,' and here's why

Show HN: Tally Marks – an app for counting with a handwritten look & feel

wolfSSL releases a new product; wolfHAL a light hardware abstraction layer

FP8 GEMM Optimization on AMD CDNA4 Architecture

Deep Dive into 4-Wave Interleave FP8 GEMM

Show HN: I'm 15, built an AI that watches your screen and acts before you ask

Flexible Rate Limit Resets for Codex (bank rate limit resets)

A Metacircular Interpreter in Rhombus

AI is potentially a Dunning-Kruger effect amplifier

We built an agent that runs our AI data platform

Databricks Launches LTAP: A Unified OLAP/OLTP Data Architecture

Predicting model behavior before release by simulating deployment

The feedback loops behind Kubernetes

Hecate, Hardened Osint Platform

U.S. pulling ocean sensors a 'shock' for Canadian research as El Niño nears

PHP Through a Screen Reader: Small Syntax Choices That Matter

Noctua introduces NL-LC1 all-in-one liquid coolers

Rabbit Hole: The Lorem Ipsum Mystery [video]

Show HN: Next.js boilerplate with Better Auth, PostgreSQL and Shadcn/UI

Tyler Cowen: A Dangerous Turn in AI Regulation

How to Catch a Chess Cheater

Students Are Using a 'Backdoor' to Attend Their Dream Schools

Show HN: Ril: a parallel data streaming tool for Python

Can Online Activity Be Regulated? Evidence from Adult Websites