• FUCKING_CUNO@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    9
    ·
    8 days ago

    I hadn’t heard about this feature before and was curious how it worked. Basically its creating a random email alias for your mailbox that you can manage separately from your main address, so you can turn it off if whatever site you gave it to starts getting spammy. Use a password manager and the fact your account email is random shouldn’t matter much when logging into a website I guess.

    • artyom@piefed.social
      link
      fedilink
      English
      arrow-up
      8
      ·
      8 days ago

      It’s a common feature. Mozilla, addy.io, SimpleLogin, etc. all have it. However Apple is special in that they use the same domain as millions of other genuine users, so sites can’t really effectively block you from using it, as is the case with just about every other email aliasing service. Unfortunately they’re also abandoning that feature.

    • charokol@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      8 days ago

      The problem that I didn’t think about until I had used this for a bunch of websites is that if you ever wanna leave the Apple ecosystem you’re gonna be in for a real headache

      • superglue@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        8
        ·
        8 days ago

        Same with Proton. Went balls deep in their aliases only to realize later I was trapped when the price went up the following year.

      • prettybunnys@piefed.social
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 days ago

        They all forward to the main address, so it’s no different than leaving any other domain.

        They don’t delete your private aliases they just prevent creation of new ones, and the @icloud.com email is otherwise free.

        • charokol@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          8 days ago

          If I leave apple, all those accounts are signed up with icloud addresses, which I’d no longer have access to

            • charokol@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              7 days ago

              The difference to me is that if I’m locked into using one particular email provider because I don’t feel like going through the hassle of updating all my accounts, it’s a low inconvenience, since most email providers are free/relatively cheap. But if I’m locked into the Apple ecosystem for the same reason, it’s a much bigger inconvenience, given the high cost of their hardware and privacy/security concerns (which some email providers also have, but that’s an issue in both cases so it’s moot)

    • XLE@piefed.social
      link
      fedilink
      English
      arrow-up
      4
      ·
      8 days ago

      There are several services that offer this to both free and paying users. As far as I know, though, none of them have a vulnerability as bad as this

    • ToffeeIsForClosers@piefed.ca
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 days ago

      Yes, a password manager will help to generate account logins and track them easily for you. But also if your email provider supports it, set your username email address with a +prefix specific to the website/service so you make the account unique, have traceability and isolate your risk if your email or account is sold or leaked. E.g. name+website@example.com

      Not every website or service accepts email addresses with plus sign prefixes but this is handy for most.

    • WhoIzDisIz@lemmy.today
      link
      fedilink
      arrow-up
      10
      ·
      8 days ago

      No detail given outside of it was disclosed to Apple a year ago, and - despite repeated gentle, respectful prodding - the problem still hasn’t been fixed, so now the people who found it are revealing to the public that it exists, and the website reporter says they confirmed it. Coincidentally(?), Apple recently said they’re going to change the way spoofed emails work - of course, the change will make it obvious it’s a spoofed address so it’ll be easy to reject them.

        • MrNobody@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          6
          ·
          8 days ago

          What was disclosed?

          The fact the is a vulnerability/exploit to get the true email address exists. Has now been publicly disclosed so people know it exists.

          What is the vulnerability?

          They aren’t going to disclose that publicly.