Apple recently unveiled an upcoming iOS 13 feature called “Sign In with Apple”. The point is to create a more privacy-focused option than “Sign In with Facebook/Twitter/Google/Whatever” available to their users.
After this week’s WWDC, it’s clear that Cupertino is pretty much selling privacy over phones and computers—for those who can afford it.
Turns out Apple is making that button mandatory
in some cases and, when it is, it has to be placed above
other Single Sign On options. One could argue this decision improves user privacy, but what if my only external login option was the more secure and decentralized Solid
, by the father of the WWW, Sir Tim Berners Lee?
Hide Your Email
Users will also be able to choose the “Hide my Email” option. It works by generating an alternative random email address to sign you up for a service.
An “Hide my Email” address will look something like this: [email protected]
. Any message sent to that will be forwarded to your main address
We think about diversity with passwords, but not email addresses. And yet this last one could limit cross-tracking for ads, or risks during a security breach (hackers could not cross-reference stolen credentials between different platforms).
Watching the WWDC introduction of “Hide my Email”, I immediately thought “Clever!” and “Oh, I’ve been doing this for years!”. Let me show you how.
You will get it now, and you won’t have to pay the Apple privacy tax to reach similar levels of protection.
Get “Hide my Email” Now.
Few people know about a feature offered by many email providers called “plus addressing”
. It’s even embedded in your free Gmail account, but I think the best way to use it is with a paid provider that doesn’t scan your messages for advertising (like Fastmail
, or Protonmail).
What’s Plus Addressing?
“Plus addressing” means you can add anything you want after a “+” symbol to your regular email address, and it will still be delivered to to you. It’s like having infinite email addresses in one.
How Can I Use It?
You can use this trick every time you sign up for a new service, like Facebook.
, and you’ll isolate that login from your main account. On my Fastmail
account, I filter any email including a + address to a separate “services” folder. If you have your own domain (like @hoomane.org) you can use any random root address, like [email protected]
Why Should I Do It?
- Zeroes personal spam.
- Limits cross-tracking.
- Potentially adds a layer of security in case of data breaches.
- The address is yours, not Apple’s.
I never used the Single Sign On services like “Sign In with Facebook” for a very basic reason: what if I want to delete my Facebook account in a few years? In some situations, I wouldn’t be able to access those services anymore. And why should Apple’s case be any different?
With this simple technique, if your Facebook account is involved in a data leak, [email protected]
will likely be of no use for hackers on other platforms. If an advertiser wants to use your email address for remarketing, they won’t be able to.
Pair It with a Password Manager
When paired with a simple, open, multi-platform, and even self-hosted password manager (like Bitwarden
), this solution will make your accounts much more resilient to attacks (maybe even more than Apple’s approach).
It’s Up to You
I’m sure that the ease-of-use baked-in by Apple within their devices will have great success. But it will still be part of someone else’s data. I think it’s nice to know about free options using tools already available to you, and that you can try right now.