I have a unique email address for every single service that I sign up for, similar to this, though selfhosted. I've been doing this for years and it works wonderfully. If someone misuses my email address, or gets annoying, I can simply turn off the address. Bam!<p>It's the easiest Postfix config in the universe, essentially just:<p><pre><code> virtual_alias_domains = domain1.com domain2.com
virtual_alias_maps = hash:/etc/postfix/virtual
</code></pre>
And then /etc/postfix/virtual looks like this:<p><pre><code> phil.equifax@domain1.com firstname.lastname@gmail.com
phil.experian@domain1.com firstname.lastname@gmail.com
... (hundreds of these)
</code></pre>
I also made a super simple web UI for myself to edit this file quickly.<p>Gmail seems to be fine with this, emails do not usually end up in spam. Every full moon maybe, but usually it's alright.<p>It's not as shiny as Apple's thing, but it's 100% selfhosted and I own the domain.
I signed up for Comcast Xfinity using a brand new “hide my email” address and three months later I started receiving phishing emails at that address. (I’ve gotten over half a dozen so far). Made me realize that either Comcast was hacked (without disclosing it) or they’re selling people’s emails.
The most popular open-source alternatives are SimpleLogin[1] and AnonAddy[2]. The former one was just acquired by ProtonMail[3].<p>[1] <a href="https://github.com/simple-login/app/" rel="nofollow">https://github.com/simple-login/app/</a><p>[2] <a href="https://github.com/anonaddy/anonaddy" rel="nofollow">https://github.com/anonaddy/anonaddy</a><p>[3] <a href="https://protonmail.com/blog/proton-and-simplelogin-join-forces/" rel="nofollow">https://protonmail.com/blog/proton-and-simplelogin-join-forc...</a>
Another advantage not mentioned is that '@icloud.com' is a generic domain that has been (and still is) used for a lot of real e-mail addresses for years. That means that most registration forms cannot just simply block '@icloud.com' because that would lock out a lot of real '@icloud.com' addresses.<p>Hide My Email is very good and I'm using it a lot.
Hang on, though: doesn't this essentially hand Apple a big list of which domains you communicate with and how frequently? There's also nothing stopping them reading the emails on the way through. I know a lot of people trust Apple more than Google, but you're essentially signing up for a vendor-locked product that you're hoping Apple will continue to support, with no guarantee they won't collect - even at an aggregate level - your communication preferences.<p>They're even slightly pre-filtered for Apple's convenience, as the times you're likely to use Hide My Email are for shopping and social media - nice, ripe marketing targets.
The only thing really holding me back from wanting to use iCloud mailing services is the current implementation of MFA on Apple services.<p>It would be fine if you were allowed to use normal MFA options, but no, that is not possible. Instead, you MUST confirm your logins via already signed in Apple-devices only. There is no other way. Cannot use phone number (for good reason, but that is besides the point), cannot have a secret key based TOTP.
Huge fan of this, started using it for practically every signup. I've already had the opportunity to shitcan an alias because it obviously got dumped to some advertisement list.<p>Now I just need to work on untangling 15 years of other services from my main account.
A useful feature the article doesn't mention:<p>In macOS Mail and iOS Mail, when you reply to an email or send a new one, you can choose the "From" address: The options are the usual accounts you have set up, plus, now, a "Hide my Email" proxy generated on-the-fly. I've found it very handy on several occasions.
I don't use Safari but I still use this feature a lot even though I have to do a few extra steps because it does not integrate with anything other than Safari, its that useful for me.<p>Some sites have never worked properly with the email+tag@gmail.com thing and some have even become wise to it and wont accept addresses like that (car dealers are the worst).<p>I hope someday apple allows 3rd party integration with this feature.
I've been using yopmail for years to avoid spam, but the problem is that a lot of services have blocked yopmail and other disposable email addresses.<p>The nice thing with "hide my email" and Fastmails "masked addresses" is that the two services use a popular domain, so sites can't easily block it.
Love the service but nervous on the lock-in. Any guides for how to migrate off Apple after using lots of emails?<p>I’ve been happy with the Fastmail+1Password integration as that “feels” less painful to migrate off the in the future.
I see SimpleLogin mentioned in the replies several times, but I haven't seen anyone mention that you can use your own domain name with them to prevent vendor lock-in.<p>You can also export your setup through their API so you can very easily migrate to a self-hosted instance if ever necessary:<p>wget --header "Authentication: YOUR_API_KEY" <a href="https://app.simplelogin.io/api/export/aliases" rel="nofollow">https://app.simplelogin.io/api/export/aliases</a> -o simplelogin-export-$(date +%s).csv<p>And given the author talks about Have I Been Pwned, I feel I should mention that SimpleLogin has built-in HIBP integration (contributed by me in <a href="https://github.com/simple-login/app/pull/472" rel="nofollow">https://github.com/simple-login/app/pull/472</a>)
The great thing about Apple doing stuff like that is the sheer scale they reach.<p>Sure, there were many services like that before, and many of us have used them. But making it an integral part of iOS can drive mass adoption. You have to credit Apple for that.
I use this feature extensively.<p>My only wish is that it were easier to send an outgoing email via a Hide My Email address (rather than only being about to reply once the other party has sent the first message).
I made something similar that I've been using for several months now: <a href="https://shroud.email/" rel="nofollow">https://shroud.email/</a><p>The concept is fundamentally the same as Hide My Email or DuckDuckGo's service, but it's libre software and has (IMO) a better UI to manage addresses. It also stops tracking pixels, which Hide My Email doesn't do unless you also use Mail.app. It's hosted in the EU and runs entirely on renewable energy.
My pal nick and I built something called Cloaked Email for our startup Gliph back in August of 2012. [1]<p>Apart from our early integration to send and receive Bitcoin on Coinbase, Cloaked Email was the most successful part of our privacy focused startup, not only in its ability to attract press coverage but in generating revenue as well.<p>We believe our work contributed to forcing criagslist to introduce their email relay service. Craigslist went so far as to block email from cloaked email users. [2]<p>Doing this well and to take on the responsibility of maintaining ~forever is a huge thing.<p>It is great Apple has recognized the importance of this matter and brought it into their platform in such a straightforward way.<p>One of the most engaging actions we had was people re-rolling for a different random email address. People just loved seeing what they might land on next.<p>[1] <a href="https://blog.gli.ph/2012/08/14/delivering-privacy-gliph-cloaked-email/" rel="nofollow">https://blog.gli.ph/2012/08/14/delivering-privacy-gliph-cloa...</a><p>[2] <a href="https://blog.gli.ph/2013/07/22/cloaked-email-and-craigslist-its-complicated/" rel="nofollow">https://blog.gli.ph/2013/07/22/cloaked-email-and-craigslist-...</a>
I must be the only person who doesn't receive spam. I mean I do, but it goes into the spam folder. I've never really understood why I should use something like this. I have my email address on my website anyway, so it's not like it's private information.
For those using this feature for a long enough time, have you seen misfiring or emails that disappear, you couldn't retrieve ?<p>When using keychain as a password manager, once in a while when creating a password for a new site, it would generate it and complete the account registration, without properly saving the generated password.<p>I'd hunt for the site item through keychain's list and not find it, and go through the "Reset My Password" for the site, except if time passed I might not even remember which email I used to register.<p>It was annoying enough for passwords, but not critical. For emails there's probably situations where the account is just lost and the only option is to create a fresh new one. How good is their implementation for this ?
There are lots of ways to do this. Postfix is nice but a little heavy. The simplest and most functional way I've found is <a href="https://github.com/0xERR0R/mailcatcher" rel="nofollow">https://github.com/0xERR0R/mailcatcher</a> since all it does is forward the emails. You can even use a throwaway gmail SMTP so it doesn't get send to spam<p>Easy to set up on a rpi/cheap VPS, as long as you have a hostname. And while you're there, look for a short domain name so it's fast to type (on credit card kiosks). You can get cheap short non-standard TLD's like .li. I got a 3 character domain for $5 a year, as short as bit.ly, but just for me
> It’s important to note that you shouldn’t use Hide My Email for everything. For example, you probably don’t want to use a random address for critical services such as online banking. If you trust the bank with your money, you can probably trust them with your email. I’d also think through those sites that may use your email to help others find you, such as social media accounts. If you’d like your contacts to find you automatically, you’ll need to use an email they know of.<p>Social media is high on the list of use cases for such addresses to help preserve one's privacy.
It’d be nice if there was a service like this for physical addresses and even phone numbers. Every account you sign up for could be with a made up name, email, phone, address, and single use credit card number.
Apple provides data on iCloud subscribers to the police without search warrants or probable cause over 20k times every year(!) (under FAA 702, aka PRISM), because the US federal government illegally demands it and Apple has no ability to really stop them without their staff going to jail (thanks to the government's secret interpretations of what FAA 702 really means). Much of the data in iCloud is <i>not</i> end-to-end encrypted (including the keys protecting all of your iMessages, as well as all your photos, and your device backups) so this is a <i>huge</i> amount of data on/about you they can be compelled to turn over at any time <i>without probable cause</i>.<p>This means that you shouldn't use iCloud (even if you have nothing to hide). The fact that there is no probable cause required means that the state can demand this data as part of a fishing expedition to abuse/harass even the totally innocent.<p>This means that features like this, which <i>lock you in</i> to using iCloud in the long term, should be assiduously avoided.<p>Get your own domain name and get your own email hosting (not from Apple) and use that. You can setup a catchall to have unlimited unique email addresses. You can use multiple domains if you like. Step by step instructions on how to do this are on my website.
Been using individual email adresses for each website I signed up for by using Fastmail.com‘s email aliasses.
- Previously I had a second email address just for sign ups, but whenever a platform was hacked and user data was leaked, my email address was burned.<p>So yes, this feature is super useful, and kudos to Apple for introducing this to their customer base.
This feature is indeed amazing, but my biggest complaint is that it's not easier to access. Roughly speaking, the worse the website, the less I trust it with my email, the less likely their HTML is well formed and will trigger iOS to prompt me to use Hide My Email.<p>Way too frequently I have to dig this feature out of the settings menu, copy the address to the site, copy the site back to Hide My Email as a label, and then usually do the same hoop-jumping with my password manager.<p>I would welcome this feature to be more front-and-center on the keyboard somehow.
Hide My Email is an awesome product, no doubt, but why the mention of Have I Been Pwned? Security through obscurity is not worth two cents. Use a password manager and generate your passwords.
Hide my email is great but I've also really been enjoying the new duck email service that does the same thing just because it's quicker to use on windows, where you have to open icloud, create a new email and paste it in.<p>In fact the duck email service is nearly perfect, except for the fact that the extension forces you to use duck as a search engine and so you literally have to modify the chrome extension and store it locally if you just want the email service.
How do I report Hide My Email abuse? Someone used it to send a nasty email to my company. I couldn’t figure out how to report it. My guess is there is no way to do it and there won’t be until after some reporters make it the Apple scandal of the week when there’s no other news.
Abine Blur (<a href="https://www.abine.com/" rel="nofollow">https://www.abine.com/</a>) was one of the first to do that however some of the domains started to get blocked. Hide My Email using iCloud negates that risk.
I built a similar service. The benefits include; 1. Custom domain , 2. unique email addresses, 3. don't have to be a Apple user.<p><a href="https://mailphantom.io" rel="nofollow">https://mailphantom.io</a>
I have been tinkering to use chrome auto filling form to sign up for random services with the email address of the current director of the CIA Bill Burns. Haven’t tried it though.
Is this different than me just programmatically adding new email addresses on my domains, which just forward to my primary? Is it just more convenient?<p>I ask for learning, not for skepticism.
One thing that wasn’t included in this article but is amazing is being able to deactivate an email address. It results in a total dead end for whomever it was given to.
Now that Google is insisting on kicking me out of legacy Gsuite, I may give icloud a try. It's a pity it's such a PITA to set something workable on Android.
Made a very similar thing, since before apple did it actually:-) mine's called <a href="https://ent.re" rel="nofollow">https://ent.re</a>
It’s been totally amazing for me! All Apple need to do is create an dev experienced like Firefox developer edition browser and I will jump very quickly!
A bit of a plug, but I have written a small piece with some suggestions for services that could be used to hide and not share your main account as well as some pros and cons to them here - <a href="https://psyonik.tech/posts/keep-your-email-private/" rel="nofollow">https://psyonik.tech/posts/keep-your-email-private/</a><p>TL;DR - Cloudflare email works great if you have your domain on Cloudflare, Firefox Relay is cheap and will work with emails up to 150KB and a number of email providers give you the ability to create aliases (Runbox allows up to 100 aliases).
Unfortunately, I found that Hide My Email complicates unsubscribing. I tried unsubscribing from Jumba Juice many times unsuccessfully, only to realize that the email that I entered was my actual email, and I should enter the email that was shared to Jumba Juice instead.
This is serendipitous. I just now signed up for the 5 day overcoming overthinking challenge by Jon Acuff and when I signed up Apple checkef with me if I wanted to hide my email and this is trending on HN!
<p><pre><code> Thanks for using our crappy (app or web site) and Preserve Your Privacy With Apple.
Please enter your mobile number for account verification. Your number must be capable of receiving SMS messages.
We need your mobile number in order to verify that we can track you, personally identify you via data brokers, and send you SMS spam and robocalls.
To help us verify this, please log in using your password and the single-use code we will send you via SMS.</code></pre>