this post was submitted on 01 Jul 2026
113 points (97.5% liked)

Privacy

5861 readers
136 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 2 years ago
MODERATORS
all 21 comments
sorted by: hot top controversial new old
[–] WhoIzDisIz@lemmy.today 34 points 5 days ago* (last edited 5 days ago)

Unpaywalled. Ironic they want your email on an article about an email vulnerability.

[–] FUCKING_CUNO@lemmy.dbzer0.com 9 points 5 days ago (4 children)

I hadn't heard about this feature before and was curious how it worked. Basically its creating a random email alias for your mailbox that you can manage separately from your main address, so you can turn it off if whatever site you gave it to starts getting spammy. Use a password manager and the fact your account email is random shouldn't matter much when logging into a website I guess.

[–] artyom@piefed.social 8 points 5 days ago* (last edited 5 days ago) (1 children)

It's a common feature. Mozilla, addy.io, SimpleLogin, etc. all have it. However Apple is special in that they use the same domain as millions of other genuine users, so sites can't really effectively block you from using it, as is the case with just about every other email aliasing service. Unfortunately they're also abandoning that feature.

[–] charokol@lemmy.world 8 points 5 days ago (2 children)

The problem that I didn’t think about until I had used this for a bunch of websites is that if you ever wanna leave the Apple ecosystem you’re gonna be in for a real headache

[–] superglue@lemmy.dbzer0.com 8 points 5 days ago (1 children)

Same with Proton. Went balls deep in their aliases only to realize later I was trapped when the price went up the following year.

[–] ElectricWaterfall@lemmy.zip 2 points 4 days ago (1 children)

You keep your SimpleLogin aliases even if you stop paying.

[–] superglue@lemmy.dbzer0.com 1 points 4 days ago (1 children)

I belive that's only if you have simple login. If you are using say proton unlimited, no, you don't keep them.

[–] ElectricWaterfall@lemmy.zip 1 points 4 days ago (1 children)

Wait is this true? I have unlimited and am planning on canceling. I’ve made my aliases through the included SimpleLogin subscription. Do I keep my aliases if the sub ends?

[–] superglue@lemmy.dbzer0.com 1 points 4 days ago

If you created them through simple login my understanding is you are fine

[–] prettybunnys@piefed.social 1 points 5 days ago (1 children)

They all forward to the main address, so it’s no different than leaving any other domain.

They don’t delete your private aliases they just prevent creation of new ones, and the @icloud.com email is otherwise free.

[–] charokol@lemmy.world 3 points 5 days ago (1 children)

If I leave apple, all those accounts are signed up with icloud addresses, which I’d no longer have access to

[–] prettybunnys@piefed.social 1 points 4 days ago (1 children)

That’s no different than if you left any other provider though, unless I’m missing something?

[–] charokol@lemmy.world 1 points 4 days ago

The difference to me is that if I’m locked into using one particular email provider because I don’t feel like going through the hassle of updating all my accounts, it’s a low inconvenience, since most email providers are free/relatively cheap. But if I’m locked into the Apple ecosystem for the same reason, it’s a much bigger inconvenience, given the high cost of their hardware and privacy/security concerns (which some email providers also have, but that’s an issue in both cases so it’s moot)

[–] XLE@piefed.social 4 points 5 days ago

There are several services that offer this to both free and paying users. As far as I know, though, none of them have a vulnerability as bad as this

[–] ToffeeIsForClosers@piefed.ca 2 points 5 days ago

Yes, a password manager will help to generate account logins and track them easily for you. But also if your email provider supports it, set your username email address with a +prefix specific to the website/service so you make the account unique, have traceability and isolate your risk if your email or account is sold or leaked. E.g. name+website@example.com

Not every website or service accepts email addresses with plus sign prefixes but this is handy for most.

[–] reallykindasorta@slrpnk.net 4 points 5 days ago

That’s pretty shitty

[–] artyom@piefed.social 1 points 5 days ago (1 children)
[–] WhoIzDisIz@lemmy.today 10 points 5 days ago* (last edited 5 days ago) (1 children)

No detail given outside of it was disclosed to Apple a year ago, and - despite repeated gentle, respectful prodding - the problem still hasn't been fixed, so now the people who found it are revealing to the public that it exists, and the website reporter says they confirmed it. Coincidentally(?), Apple recently said they're going to change the way spoofed emails work - of course, the change will make it obvious it's a spoofed address so it'll be easy to reject them.

[–] artyom@piefed.social 1 points 5 days ago (1 children)

What was disclosed? What is the vulnerability?

[–] MrNobody@lemmy.dbzer0.com 6 points 5 days ago

What was disclosed?

The fact the is a vulnerability/exploit to get the true email address exists. Has now been publicly disclosed so people know it exists.

What is the vulnerability?

They aren't going to disclose that publicly.