Hacker News new | past | comments | ask | show | jobs | submit login
Sign In with Apple [video] (developer.apple.com)
584 points by olliej on June 7, 2019 | hide | past | favorite | 440 comments

I don't like that it's required for developers to include if they include any other third-party sign-in.

US competition laws are outdated with undue reliance on the concept of a monopoly.

I don't care if you're a monopoly or a third of the market or even a small company. If you run a marketplace or app store or similar platform, you should NOT be able to:

- Force usage of a separate product of yours over/with competitors (in this case, Apple sign-in, but also Apple Pay instead of Google Pay, etc.)

- Prevent competing products from appearing (whether Apple not allowing other browser rendering engines, Amazon not allowing Google Home or Chromecast to be sold, etc.)

- Rank your own items higher in search results etc. if competitors can't bid to do the same e.g. sponsored results for everyone including yourself (so Amazon Basics or Google Shopping needs to be listed as a sponsored result, not as a separate feature)

This is the kind of thing 21st-century legislation for fair competition should address.

Completely agree. There needs to be some concept of a marketplace that doesn't have monopoly power, and a list of "fair play" rules around those. The only difference between Apple's actions and 90's Microsoft is marketshare. It's a similarly anti-competitive in intent.

European Union has some regulation for financial markets that have had similar issues in the past. The regulators must approve a rule book for market place, in this case of trading venue, which including onboarding and listing rules. Those rules must not discriminate against anyone - one cannot do arbitrary decisions to block or hinder someone. Everybody must access the markets fairly.

We already seen the regulatory outreach coming to app stores when EU ruled that Google was hindering the distribution of Aptoide store for Android.

> There needs to be some concept of a marketplace that doesn't have monopoly power

The Web?

I've seen reports that Apple is finally starting to fix issued related to adding PWAs to the home screen as well.

can you share the source please ?

I’m not sure if this is right approach. In fact in the 70’s, the US basically went through this back and forth, largely influenced by one book:


Essentially, the book advocates that the only goal antitrust laws should have is to protect consumer welfare, not competitors.

IMO, Apple’s requirement doesn’t feel like it would harm consumer welfare.

A well run company could build an arbitrarily large technological and financial moat on the back of consumer welfare, until it amasses enough power to completely subjugate regulatory bodies. (This is all theoretical, I don't think Apple is at that point). OTOH, anticompetitiveness is an easier thing to detect and act upon before it gets out of control.

It seems like an absolute win for consumer welfare, to be honest.

> I don't like that it's required for developers to include if they include any other third-party sign-in.

Curious, why not?

Because if i understand correctly it's designed so that Apple cannot see any of the data... So for what reason would you want to provide another third-party provider, but not Apple Signin?

To me it seems a huge win for consumers privacy wise, and Developers have nothing to loose.

developers definitely have something to lose. If nothing else, it takes time to implement a new process that you already have working.

not a win for privacy, but i'm sure there are some that would be unhappy about not getting the data the other providers are giving them.

This isnt a monopoly.

As someone who has never bought an Apple product, I can safely say their monopolistic practices don't affect me.

Stop buying Apple products. Its that simple.

The OP's point is that a monopoly is not necessary in order for abusive anticompetitive behavior to occur.

I don't buy Apple products (well not exactly true I have a MacBook but only because I'm forced to use that to build for iOS). But for my app which uses 1st party login or Facebook as an alternative I am now forced to provide Apple login. If Google follows suite I'll be forced to provide Google login on Android, etc. Probably I'll just end up removing all third party login too much of a hassle, although I'll definitely lose users.

I’m not trying to be a dick, I’m genuinely interested. Why would you make a product for a platform you don’t support? Feels like a vegan owning a hamburger shop.

Is it the market size that keeps you in the iOS space? Are you on other platforms? What are the revenue/cost/effort ratios for each? Does it make sense to focus on non-iOS options?

probably because it's the most profitable platform. iOS easily makes more money than Android even though it has less users. In my experience, it's not close.

Shocker. I heard you are also forced to buy a Windows PC to write software for Windows!

You aren't, you can now do that on Linux with .Net core (sans testing it).

Well if you’re happy with that then you can write your app with Xamarin Mono for iOS in Visual Studio. You can do it all in C# without even learning Swift or Objective C.

Or could cross-compile it with mingw-w64.

This is my biggest fear btw, I am making an App, and I realize I am getting close to needing to buy an Apple product to hit compile (Javascript) and fix bugs.

The only thing you can do is educate consumers on the evils of Apple and hope they make better decisions in the future.

What better decision can they make?

Buy a competing product; that will help to erode the Apple monopoly.

That's similar to what happened to Windows Phone. They opened up development towards the end since they could no longer justify forcing developers to behave the way they wanted; they simply didn't have the market share to enforce it.

They have a monopoly on the hundreds of millions of people who have an iPhone, which are typically the wealthiest mobile consumers (Sorry Android guys). If I have a software service I need to deliver to my customers smartphone, and they happen to own an iPhone, then Apple has full control over how I can do business with them. All they have to do is allow sideloading of apps with big warnings as an option and they can run the app store however they want. Until then, it's bullshit.

The idea that a company has a monopoly on its own customers seems tautological to me. Doesn’t that mean every retail store has a monopoly on their customers because you can’t walk in and sell your own goods without their permission?

That’s not what a monopoly is. It isn’t a misuse of market power to have a lot of customers.

It’s ok to not like Apple or any company that doesn’t match your values, but it’s important to argue using the right terms and definitions, otherwise you sell yourself and your argue short.

There are alternatives to offering an app for iOS. Web apps are an example. Releasing only for Android is also a valid choice.

I don’t like paying for using a toll road, but if I want the benefit of a nice road, and a shorter travel time, I have to pay. If these benefits aren’t worth the price, I can use an alternative.

Do you ever wonder if Apple attracts the wealthiest mobile consumers because of the controlled user experience they provide?

An important distinction is that Apple is not forcing consumers to use Apple Sign In. They are only requiring developers to offer it as an option.

Welp, there we go. I was surprised to see Apple introduce a feature that improved things for their customers without some ridiculous restriction and here we are: mandatory inclusion for app developers.

Good job Apple, you raised your image only to crush it again with anticompetitive bullshit.

The killer feature here is the anonymous email address forwarding. It shows Apple actively ceding an opportunity for exchanging marketing data in favour of user privacy. It does feel like Apple are taking privacy seriously and positioning it as more than just a marketing campaign.

I am tired of seeing my email address popping up on leaks and I don't want to rely on spam filters any more. The best spam filter out there is built into gmail, but they are no longer interested in actually preventing spam, instead they want to control it. Now Google shows me ads that look exactly like emails in my inbox, inside the iOS app.

I wasn't happy with this so I built https://idbloc.co, which is basically equivalent to the disposable email element of Sign in with Apple, now that Apple built it into their Sign In, I guess now it exists for users who don't want to or can't use Apple.

It also gives Apple far more control over the ecosystem. By not providing 3rd parties access to email, Apple makes themselves not only the controllers of the physical devices and also over the full identity of their users. My viewpoint is one of decentralization, and I don't see this move as being a long term beneficial one.

It's not a stretch of an imagination that Apple might cut a developer out of the app store for some abstract-defined violation of terms (as they do now) and now ALSO cut that developer from the identity/contact with their users. In total, this is almost the ultimate kill switch to push companies to adhere to their policies or risk a total shutout. This scenario might be considered overblown, if it wasn't that Apple already exercises pushy monopoly(esk) control on their ecosystem. The new identity system expands that control to now outside the Apple hardware ecosystem, possibly affecting platforms like Android.

I'm ranting here a little, but I think we should be cautious of accepting privacy as the sole reason Apple wants to enforce all app authentication to use.

> By not providing 3rd parties access to email, Apple makes themselves not only the controllers of the physical devices and also over the full identity of their users.

No they're not. They're preventing third parties from accessing your data. You can communicate with your customers just fine; it's just that if you sell their data (or get hacked) the email you get is useless.

> it's just that if you sell their data (or get hacked) the email you get is useless.

The parent commenter is correctly pointing out that Apple would be able to disable the email for other reasons as well.

Also, this is probably ment to further lock users into the Apple ecosystem.

It's not like you can ask Apple to forward emails to your own email server if you decide that you no longer want to use Apple.

Which is provably false. (1) AppleID email address doesn’t have to be iCloud mail; they’ll be forwarding to my mail server in the first place. (2) iCloud account is free, whether or not you decide to stop using Apple devices doesn’t affect that. (3) They said Sign in with Apple will be available on non-Apple platforms. (4) I doubt third parties can’t offer an option to decouple Apple entirely if you so choose.

You can also provide your own email address. The choice is yours. Which threat do you think is greater?

I think Apple shutting down your access is a legitimate concern. Yet Apple is the only one who has taken any steps to protect the customer here. The reality is we are unlikely to see other major competitors to Apple find a better alternative because their entire business is built on exploiting user data.

And 3rd parties who create a similar system are unlikely to be successful because they don’t have the clout to convince websites to incorporate them.

Until they remove the forward to your inbox?

Your gmail, Hotmail, yahoo inbox ! Who can disable your account for some undisclosed slight

If you can see the forwarding address, then you could probably somehow contact the company to switch your account. Not extremely secure and would require more validation than simply knowing the random bits of the address, but doable.

You can access iCloud email through IMAP/SMTP on any operating system you want, just like you can access the calendar through CalDAV and the address book through CardDAV. Apple isn’t Microsoft.

By that logic Apple can disable your iPhone for other reasons etc etc

They absolutely could technically. The more important questions are:

- Is there a big enough reason to motivate them to do so?

- If given a "legitimate" justification, would they?

If either of those are "yes" then the question we need to know is: "Is there any appeal, oversight, etc?"

This is how it starts.

I think the concern is that Apple could exert influence over third party apps/networks because they control access to all Apple users. That problem doesn’t really exist when it comes to Apple disabling entire iPhones of certain users.

This would be a customer action — it affects one person. Unless you’re implying they’d disable the phone of every user of a certain app or something to that effect.

With these emails they could trivially, and surgically, cut off a developer from every customer. It is a one-to-many action that also has no obvious other side effects (unlike bricking users phones).

Not sure where I stand with this, but wanting to point out that the added powers this gives Apple are very real and different from the ones they had before (again, maybe this is a good thing, but it’s undeniable that it is a different thing).

”it's just that if you sell their data (or get hacked) the email you get is useless.”

It’s just that whenever Apple decides so, the email you got becomes useless.

Apple is judge, jury and executioner, and it makes the laws. That is problematic.

Only if the customer wants them to be. If the customer wants to give you their real email address, they are free to do so. If they choose not to give that to you, but you want to contact them anyway because you think you know their desires better than they do, well... that’s exactly why this is needed.

If Apple decides to cut off a developer, it doesn't matter what their customers want. Unless they had the foresight to bypass the default and use their real e-mail, there is no way for users to prove their accounts belong to them without Apple's co-operation. Their access to their accounts is entirely at Apple's mercy and there is (by design) nothing the developers can do to avoid this.

Right, there’s nothing the developers can do to avoid this. Because it’s the users making the choice. They choose to give Apple this power, or not. You are essentially arguing that they will choose incorrectly, and that developers should be able to force them to choose correctly because users won’t think it through. By a strange coincidence, the “correct” choice is also the one that allows developers to track and spam users.

Here’s a crazy idea: if you don’t want your users giving you a private forwarding address, give them some reason to trust you with their real one, instead of saying they’re idiots who don’t know what’s best for themselves.

You're advocating for the users to make their choice at the worst possible time. There's no reason to give a new app special trust when you sign up with it.

But if you come to trust the app, and Apple excommunicates it, should you need to rely on Apple to help you reestablish your own contact with it? That won't work -- Apple already demonstrated that they don't like that app.

That's why makomk's complaint is

> there is no way for users to prove their accounts belong to them without Apple's co-operation

rather than "I should be able to get customer emails from Apple regardless of what the customers want".

You could always allow users to provide their real email address later on so they can establish ownership directly.

The authentication using OATH and the email forwarding of aliases are two separate but related services.

If Apple for some reason doesn’t allow the app maker to use the OATH service, I doubt very seriously that they will cancel the email forwarding without the user specifically turning off the forwarding.

At that point both the user and the app provider both have generated email address.

> I doubt very seriously that they will cancel the email forwarding without the user specifically turning off the forwarding.

Where's this confidence coming from? If Apple sees it fit to prevent you (the developer) from accessing your Apple specific userbase for any reason / violation, other people seem correct in their theorization that there's nothing you can really do as the developer.

Not implementing this new "Sign in with Apple" will also probably be interpreted as not being privacy friendly by the users, a developer can't really have that either.

Pretty much the definition of being stuck between a rock and a hard place.

How is this not completely true of every service?

If Facebook sees it fit to prevent you (the developer) from accessing your FB specific user base for any reason / violation there is nothing you can really do.

If Google sees it fit to prevent you (the developer) from accessing your Google specific user base for any reason / violation there is nothing you can really do.


If Gmail sees it fit to prevent you (the developer) from accessing your Gmail specific user base for any reason / violation there is nothing you can really do. Gmail already does this occasionally by quickly blacklisting non Gmail senders in their spam filters.

Not really a completely fair comparison. With FB / Google, most people at least have the hope of migrating away using setting the email / phone (Google provides this, FB doesn't) as username.

If Apple tells you to take a hike, and then subsequently disables the email redirect -- you're completely SOL. You'd have no way to reach out to the user anymore, unless you took other identifying bits of info. And if you did that anyway, that defeats the purpose of AppleID to begin with.

Most users will probably not even be tracking what autogenerated email they're using, hence you no longer have a way to reliably reconcile what user had which account.

Regarding the GMail specific case though, I fully agree. Being banned by GMail is a company ending thing.

Apple said that they are going to allow the user to disable an auto forwarding address. I’m assuming there would be some way for the user to see a list of app -> email address associations.

> Where's this confidence coming from?

Probably from the fact that disabling these email addresses would be a distinctly user-hostile move. If Apple determines that the developer is actually a malicious entity who slipped malware past the App Review process, then it might be reasonable for them to disable the forwarded emails as well as a malware vendor has no legitimate reason to talk to "users", but beyond that specific scenario, cutting off the email address harms the users who signed up for that service. For example, if the app actually represents a web service, and Apple determines that the app shouldn't be in the App Store for whatever reason, blocking "Sign In With Apple" (which is distinct from removing the app from the app store) and cutting off the email address means the user has no way to recover their account even though the service is still active, just without an app. There is no reason for Apple to take this step as it benefits nobody and only serves to harm Apple user.

I agree, the move is user hostile and the bad PR wouldn't likely be worth it for Apple. Social media shaming is a real thing, and I'm glad for that.

I'll even go one step further and say that I personally don't think Apple will do it unless under extreme circumstances.

The thing is though, business continuity assessment still points to adopting Apple login to be a bad idea. You never really know when you'll find yourself in hot water with one of your vendors, especially a vendor who's a LOT more powerful than you.

The aliased email address is assigned to the user. Saying that Apple would take away the users email address would be like saying that Apple would delete user data for an app it banned.

Whether Apple will exercise the power or not is another debate entirely.

I agree with the group that's (rightfully, imo) concerned about handing over this amount of power over their business to any 3rd party. There's a real potential for abuse.

And handing over your users data to known privacy hostile companies like Facebook and Google who have abused their power isn’t?

How is that different from signin with FB or Google?

FB and Google allow the app to request the user's email. If the user is happy to provide it, then they can then tie the user's account to that email, and allow the user to log in with that email even if FB or Google cuts the application off.

How is this any different from Google or Facebook or Twitter cutting off access to any site/application? Do you believe the developers in those cases would have a much better chance of resolving the issue than with Apple?

That sounds like a great feature. I would love for the ability to make an email address inactive after I sign up.

The percent of times I want to recieve email communication from something I have to sign up for is very close to 0.

Get your own domain through someone that has an email service that supports aliases. Every sign up can have a different address. It's like $10 per year and you're email is not at the mercy of whatever mega-corporation owns your email.

Any suggestions on which provider to use?

IMO, it depends on how many mailboxes and aliases you need. Providers like Fastmail charge by the mailbox (with up to 600 aliases for each). Same with Runbox, Mailbox.org, etc. (the number of aliases varies). Migadu provides unlimited domains, mailboxes and aliases for a fixed price that decides how many outgoing mails you can send everyday from all mailboxes in that account.

I use FastMail like this. They support both catch-all (comapny@domain.com) and user-specific forwards (company@user.domain.com -> user+company@domain.com) for domains with multiple users.

As the people above mentioned, look for one that supports a catch-all address. It makes it very easy to manage. You can even respond using a real "DoNotReply" account and the alias as the "replyto" address for the rare occasions you do want to reply. Yes, Google Apps does this well, but there must be others.

Google Apps works great for this. You can also setup a catch-all account and not need to pre-configure the aliases in advance.

What about resetting your password?

Every big company has their own laws. G,F are abusing and Apple is providing the solution and I think it is far better than what we have.

I think the question is, is it more problematic than the current situation, whereby users wholly distrust companies with their data, because those companies have shown again and again that they can not be trusted with it? I’d say no.

That’s one possible question. Another is whether an even better remedy exists.

For example, do we need the ability for Apple to delete the link between a company and all their users in one sweep, or is it sufficient to make it easy for individual users to cut such ties?

If the latter, could we remove that giant master switch, or move control of it to a third party?

(I haven’t watched the video, so, possibly, that giant switch doesn’t exist. Skimming https://developer.apple.com/sign-in-with-apple/get-started/ didn’t tell me that, either)

> That’s one possible question. Another is whether an even better remedy exists.

There is, it's called IM2000 where email becomes a pull-based system instead of push-based (so users would have to consent to spam, and spammers have to store their spam to send it in bulk). Unfortunately, despite many attempts to switch over we're still stuck on the current incarnation of SMTP.

Looking it up, it removes so many advantages of email, such as I don’t lose old mail when your now defunct IM2000 ISP goes out of business.

There also isn’t an easy transition from now — I can see exactly why we’re “stuck” with what’s actually a pretty great last bastion of decentralization on the Internet, for all its warts.

You could always use IMAP to sync your email as normal. The advantage of IM2000 is that it just changes the server-to-server protocol (with some changes for how clients send emails).

But yes, the transition would require replacing SMTP so once again we're stuck on a system that is terrible enough to grumble about but not terrible enough to change.

(I would also argue that Matrix is becoming a new decentralised system for the internet, as well as ActivityPub depending on who you ask.)

If a better remedy exists someone else can build it. Nobody is forcing us to use Apple products/services.

The commenter is saying that Apple controls the email address and forwarding too, so you cant actually communicate with your customer if they don't want you to.

If you trusted the company enough to give them your email address directly, I'm sure you would've done that. This is a great move. I get so much spam and I'd like to be able to not get it if I don't want it. Long after I've moved on from a service they are still sending me emails to get me back or to do some other transactions with them.

Yes, and that's simply not true (if you want to be communicated with). You can communicate with the address just fine if you configure your email properly. The only "issue" is that there's a shortlist of valid from emails that you as a company need to configure before sending me an email. Dunno about you but insofar as I'm concerned: please f'ing sign me up for the same everywhere else! And just for clarity in case anyone reading thinks I'm some privacy concerned lunatic: I'm a marketer.

This is not about configuration. Apple provides a proxied email and controls the forwarding. They can disable that and prevent the company from sending anything to a customer. What part of that is not true?

It’s not true in that this is not mandatory. Users are free to provide a non-private or even a non-Apple email. Apple only has as much control as your users give them. If you think that’s bad, maybe you should consider why those users don’t trust you.

As a user I value this debate because it highlights a pitfall I had not considered. I suspect many people will not not immediately think of the downside to going through apple

Almost anything is better than getting spammed by whatever service of the week you signed up for.

By that logic, Google controls Gmail and they can control access to your email.

As I understand the original commenter's position it is that:

1. when your business is on the app store it can be difficult not doing whatever Apple wants you to do because not doing what they want you to do can come close to destroying your business. This has often been compared to being a hostage of Apple.

2. If you suddenly decide to stop paying the Apple tax or if Apple decides to ban you - cutting you off from new business - it can certainly be problematic and can kill many businesses but you could theoretically keep going because you could have a customer base you inform of your decision and tell them to download your app from your homepage instead of the app store etc. In short - in the event of Apple not liking you anymore you can communicate with your customers.

3. In this new setup if Apple does not like you anymore you cannot tell your customers hey Apple doesn't like me anymore.

Thus Apple increases its ability to hold your company hostage and thus I do not believe it is the same logic as Google controls Gmail unless when selling an Android app Google only allows you to do so if your customer has a Gmail account.

Yes, that's also a problem that people have brought up several times in other stories. Google/Gmail has outsized control, is a major source of spam, and changes or breaks email standards whenever they want.

Centralization of communications is not a good thing and it's worth discussing whether we're going in the right direction.

Not the same:

Google does not have a mapping between an application and email address the customer used in that application. Also Google is not really enticing a customer not to provide the service provider any email address other than the ones in the mapping.

FastMail, ProtonMail, or an AWS server upon which your run your own email can also be disabled by the owner of that service. Unless you run your own on-premise server, that risk always exists. And even then, your ISP could block your server. There comes a point when the paranoia gets unreasonable.

You can switch your DNS and move your mailbox, but you have no control over Apple's proxying service.

I suspect that GP originally wrote "so you cant actually communicate with your customer", to which I answered in the next minute, and later added "if they don't want you to." (If not, my mistake for misreading.)

This version is deplatforming is going to be oh so much fun.

Is that true? If the only email address that a company has for a user is a forwarding address created through Sign In, wouldn't Apple banning the company from the App Store presumably also cause them to get rid of the email forward, meaning that nothing the company sends will actually reach the customer?

If a company is abusing Apple's users I'm sure that they could?

But you're right, it does give Apple power, just the same power that has already ceded to Facebook and Google through their logins.

The reality is that companies need to understand that user's are sick and tired of being spammed, and are rightly annoyed by needing to provide every company with their email address for no good [to the user] reason.

I think the difference is that with a Facebook or Google login, companies could also easily just require that they get permission to see the user's email address (which isn't super uncommon to see with OAuth logins), so they wouldn't need continual access to OAuth after the first login (unless a user switched to a new email address and stopped checking the old one, which I think is somewhat rare).

I totally agree with your point that this is arguably a good thing, though; although I don't personally own or use any Apple products, there are fairly few services I'd want to sign up for that I'd want to ensure that they had my real email, and I'd be happy to make sharing my email address an opt-in choice rather than the default.

Or, you host a video site like YouTube, you’re not aggressive enough in controlling “hate speech,” and Apple boots you from the platform. How, as a user of this app, am I supposed to re-establish control over my account?

Apple holding the ID information and all that that pertains is the only company I would like to hold that data. I can see no reason why Facebook or Google or any company that profits on the sale of information should have my data. I appreciate that advertisers want to maximize their ad spends but ad-tech has gotten so creepy ... Apple’s move here I fully support. I look forward to seeing apps using it more often and perhaps eventually all the apps I use as well so that I can move all my logins via it.

Apple sells me thousand dollar phones and services. Until they start selling my data to ad brokers and becoming a Google I’ll support Apple on this going forward.

The reason it got so "creppy" is because that is how Google makes money; meaning that if this Apple-sign-in or anything else truly messes with their revenue Google will stop accepting Apple email addresses (or any kind of circumvention to their tracking), and they are fully in their right to do so.

Google would be stuck here. Apple users are some of the most valuable users on the internet. Pushing them away would also hurt Google's bottom line.

I know. And I’m sure they know it, too. They and the rest of the industry will just have to find new business models that respect privacy. If they can do that and this privacy first kick doesn’t fade out of favor they will be on top still printing money like always but if not they’ll get left behind. I think the thesis that Apple is going with is hardware and paid for services are the future and free to use things like the open web are going out of favor or must if you want to be secure and anonymous online.

Google doesn't sell your data. They sell adds to companies that they show to you. The companies never see your data, and it's effectively Google's most valuable resource. They have far more reason to keep it safe than Apple. Doesn't Apple sell ads as well, btw?

Also, you may want to check the news about Apple selling data ...

The big difference is that Apple does not have the incentive to collect user data in the first place. This is why Apple's ML strategy has tended to lean towards on device, while Googles has been in the cloud. Apple has taken the stance that the best way to keep a users data safe is to never have access at all.

Google aggregates all its data points about me and sells that as a service to advertisers. It makes sense. Advertisers want to pay for ads that will lead to sales.

Yes Apple sells ads on its AppStore and allows ads in apps. But what they sell is the chance to be in front of a billion affluent iOS owners which is different than using every bit of data from every Google property to create a profile of a user so as to target ads even more effectively or show you even more extreme videos to keep you ever more engaged a la YouTube.

You're welcome to add non-social logins. The constraint is that if you add any social logins, you also have to support Apple Sign-In.

There is no requirement that you only support apple sign-in, you just aren't allowed to require user's to sacrifice their privacy to use your app.

This is a big deal. One of the reasons services are so keen to require e-mail addresses from users with social logins is so that, if they drop that login service for whatever reason, users can recover access to their accounts using their email address. (A few major sites have done this recently, if I remember rightly.) This effectively eliminates that safeguard. They're not just forced to implement Apple Sign-In, but to make themselves dependent on it forevermore in a way that cautious companies have avoided.

What's a social login, though. At what point is Instagram using facebook a social login or not (it's the same company).

This isn’t a fuzzy abstract line-in-the-sand thing; social logins are specific libraries, and either you’ve got those libraries in your app or you don’t.

If Instagram is using https://developers.facebook.com/docs/facebook-login/ with the little “log in with Facebook” button, it’s a social login. If they have their own proprietary way to do it in-house, it’s not, and not subject to Sign In With Apple.

That easy.

It's not that easy. Instagram belongs to facebook. So logging in with facebook is not strictly a "social login". Same with Tinder, IIRC they only had facebook login, to piggyback on the fb profile. That's not really social as in "chose one of those providers".

If it "chose provider" then yes, apple could shove in their own with the pretense of user privacy, while it is painfully obvious that it's just leveraging their appstore control to grab market.

Not even OAuth can be unambiguous. I can have a single OAuth login. That could be myself as provider, or leveraging some other provider, which could be more or less connected to my app.

I'm guessing olliej meant OAuth provider. FB and Google are the leading ones, so people implement those. Sign in with Apple is one as well.

The comment is saying you're free to implement your own auth mechanism using plain ol email or a phone number, but you also have to support Sign in with Apple

Indeed, technically it's any OAuth provider, but in reality how many

a. actual users have a non-FB/Google OAuth identity

b. apps have something other than google or facebook login?

I've literally never encountered an app that had anything other than google or facebook for their oauth login. The only site I ever encountered that used something different was stack overflow a decade ago, and I recall them killing it off or at least complaining about it.

I suspect that the reality is that in a regular user's experience Google and Facebook login are the only ones they've ever encountered.

We also offer LinkedIn, GitHub, Yandex and (soon) WeChat. Most users actually use LinkedIn, but we are a recruitment firm so the stats are biased, but it's not true that only Google and FB are the options offered everywhere, at least not in this part of the world.

GitHub is a provider that I use to sign in to some sites.

By not providing 3rd parties access to email, Apple makes themselves not only the controllers of the physical devices and also over the full identity of their users

Third party apps don't have to use e-mail for logins. They can use user names.

Backers of e-mail based sign-in often call it a "frictionless" method for the users to sign up. What it really is, is a frictionless method for them to collect information about their users.

As a user, I'd much rather use my email than have to make up a new username for every site. Emails are already public, it's not always some cynical conspiracy.

Uh, email addresses aren't already public - there isn't some magic email directory in the cloud (I mean aside from those aggressively hoarded by trackers, advertisers, and marketers because you had no choice but to use your real address once).

But this is also specific to "social" logins - eg ones where you aren't intentionally providing your email address.

They're a public endpoint designed to intake communications from anybody. Identity is an outcome from people using the same email, and that's a valid reason for using a proxy, but the address itself has always been public.

More in-depth article about it: https://www.troyhunt.com/im-sorry-but-your-email-address-is-...

If you just have a username and password, what do you do for account recovery after a forgotten password? If not an email address, would a cell phone number be any better?

For accounts that really matter (not throwaways), someone needs to know a fair bit about the user's identity to ensure recovery works. It can be delegated (and probably should be), but that moves the identity problem rather than eliminating it.

Maybe someday we'll all have two Yubikeys (one for backup) and register with each website using them, but that's not how things work today for most users.

You obviously provide an E-mail address in your user profile. You don't have to log in with it.

This "problem" has been routinely solved by free forum software and other systems for decades now.

Yes, but traditionally we didn't mind sharing our E-mail address with random Internet forums.

(I still don't. My email address is public. But some people apparently do.)

The only accounts that really matter to me are:

- financial accounts: they would never use a third party login anyway.

- social accounts: None of them are going to let you login with third party accounts anyway.

- work accounts: Again they arent going to use social media accounts. They are going to use some type of ADFS federated account.

- My AWS account: I use Google Authenticator for that.

Google lets you set a backup email for account recovery.

I lost my original Reddit account because I never gave them my email address and it was hacked. (Using a throwaway password set back when I didn't care about Reddit.) I contacted support and they shut it down, but without some other way of knowing it belonged to me, wouldn't give me my account back.

My comment was directed more to using “Sign in with Apple” for accounts “you care about”. None of the accounts I care about, use third party logins.

Apple not only gets more power over the app developers, they also get more power over the users. If you want to leave apple devices behind, you'll now need to change your e-mail addresses for every service.

You can have and use an Apple ID/email without owning an Apple device.

And you don’t need an Apple email address to use an Apple ID.

Didn't know that, interesting. Thanks.

If I want to switch away from Gmail or Facebook, it's the same exact process. This is a problem, but not any worse than the alternatives.

You don't need to leave your icloud behind even if you're leaving Apple devices.

I agree that Apple's intentions are not beneficent, but that's also not the point. There is a strong bias in tech/geek culture towards "decentralization" (it's even become something of a marketing buzzword thanks to recent technologies), but decentralization does not always result in more power for the individual. Look at the Android ecosystem. Do you feel like you're in control on your Android device? I used to think that. Maybe 2-3+ years ago. Today? Not so much. I feel like an Android device is just a means for any number of third parties to gain access to the most private details of my life. That does not make me feel like I have power. It makes me feel powerless.

> Do you feel like you're in control on your Android device?

Absolutely. I have hundreds of different independent ROMs to choose from many of which are completely FOSS. I get to add or remove any app I want and don't even have Google Play services installed.

The only software I don't control on the device are the proprietary drivers and boot loader. But that's no different from my Linux desktop.

While this is entirely true, it’s not effectively true for the average non-technical user. Balancing control of one’s personal content in a way the average user can take advantage of is something Apple, whether benevolent or not, has been an effective champion of as of late. And I (and many others) would argue that therein lies an important distinction at iPhone scale.

I couldn’t agree more. It’s quite easy for more technically adept users to forget how scary and daunting something like custom rom installs can be. Just because something is technically feasible, doesn’t mean it’s accessible to many or even most users.

Wow cool

Rather than complete decentralization, maybe what we're looking for is having opposing large organizations, as popularized by John Kenneth Galbraith?


It’s a very good point.

I think you are right that it will be an issue in the long term if things stay the same. Somewhere I hope this forces the other players in the field to react, to avoid Apple getting too much power.

I don’t see anyone else right now that can force app devs to support this scheme (for instance I saw countless signup pages that reject gmail’s + syntax, companies clearly don’t want to be filtered), nor that would be trusted for now by users to not abuse the situation.

Perhaps Microsoft could ? barely, as they for instance were sticking ads in their browser.

So, in a way I see Apple doing what only them can do, and hope it creates enough precedence for other minor identity managers to step in and being a more sane solution for the long run.

Microsoft already tried a single login platform. They were one of the firsts. It’s a hard product to land.


It's a hard product to land if no-one trusts you.

Maybe, but I trust Microsoft more than Google. The trust list, Apple > Microsoft > Google > Facebook.

It's a pretty easy product to land when you control the hardware, the OS, the developers, and to a large extent, the users.

Could this make accounts less transferable between platforms? Eg, an audio book app account?

They said "you must implement sign-in with apple if you implement other third party logins". The inference is A) You (app developer) can build your own login - then this is not an issue B) You (user) can switch login - developer has to provide this switch feature, but if they do, it is not an issue

Why are we calling the service you want register with for the third party?

You are the 1st party, the service you want to use is the 2nd party and Apple is the 3rd party.

Yes but as a user I don’t care. If a developer gets booted then it’s probably because the developer didn’t do something that was in the best interest of the user. Probably frustrating for developers, but again, not my problem. I also highly doubt Apple would do this without a good reason, so again, this is pro-user. As a user, I don’t care if it’s annoying to implement some feature or other or computer with onerous requirements. If a developer doesnt want to comply, then shut down the company.

I don’t understand this complaining. Everyone who has a business has to deal with these sorts of things. That’s why people pay businesses, so we don’t have to deal with the hassle. This is the essence of running a service, such as developing apps.

> that was in the best interest of the user

Or in the best interest of Apple.

As a user, why should I care if it’s also in the best interest of Apple? As a user, I want to use my phone and use services on that phone. The business position of Apple does not concern me. Users only care about what’s best for them. Apple stopping companies from screwing me over sounds great from my perspective. As far as I’m concerned, Apple can make as much money as they want, it’s no skin off my teeth.

“But then Apple will be a monopoly and you’ll get screwed anyway”. Maybe. But no more than I’m already being screwed by every other cable provider, cell phone company, data broker...etc. I like Apple products. I will continue to spend too much money on them. I’d rather be screwed by Apple in exchange for some pro-user policies, than screwed by every other company that’s already screwing me in exchange for...oh right, nothing.

When the best interests of Apple and the best interests of its customers diverge sufficiently, the customers will leave. This is their entire pitch, so they better get it right. At least people need not worry that advertisers would be Apple's true customers.

>If a developer gets booted then it’s probably because the developer didn’t do something that was in the best interest of the user.

This is not true with Apple. They often ban superior apps to force their users to use Apple's inferior apps.

Once you understand this, you will be able to understand that this isn't pro-user at all. This is giving Apple control, and making it harder to switch in the future.

Do you have any examples? I can’t think of any instance apple forced users to an inferior app, besides either an app blatantly violating user privacy (like tracking children) or a company they outright purchased, like Siri and what is now Shortcuts.

I’m not saying it’s definitely never happened, but I’d be love to read about some examples.

I’ve noticed the exact opposite. The Apple apps are surprisingly basic. If I want any real functionality, I’m forced to buy a third party app which results in Apple getting more money. They have direct motivation to avoid doing what you claim. How would they make money on their own free apps?

but this is a good next move for us consumers if you think about the overall position and dynamics of the industry relative to privacy. but as you point out, it doesn't mean we can let our guard down. we have to remain vigilant to imbalances of power that threaten our civil liberties (like the right to privacy).

once apple starts gaining traction with this feature, it's positioning will inevitably change, possibly for the worse, and then we back another borse who will keep apple in check.

unlike on game of thrones, our watch never ends.

The best solution imo is an open and federated email proxy standard, so that others can self-host an equivalent identity protection layer.

Just like facebook or google can block your account and prevent you from accessing all those logins you linked ever again.

So you better log in with your own email, but of the 3, I’d rather pick Apple as the lesser evil!

Apple isn't just holding your authentication like Google login, but Apple is also exclusively holding your contact information. This means Apple has a sore authority to completely cut your access to your users: you have zero means to reconnect to them. This is different from other authentication methods where the provider does get an email address where they can use that communication medium to bypass the platform if needed.

I agree. This is a direct response to Spotify's recent moves

You could just ask the user for their “real” email post sign up. Send a test email to make sure it’s real.

I am sure users would simply love that. The point of sign in with Apple is that I don’t have to give out my real email. If you ask me for it anyway, I’m gone.

Users already do that with many sign up flows now. We are talking about a button press + an auto filled email field, doubt conversions would plummet.

What information would you gain from sending a test email? Wouldn't test emails sent to Apple's anonymous forwarding email also go through?

There's really no such thing as checking for a "real" email address, though lots of sites do blacklist known anonymous email domains like 10minutemail. But nothing can stop you from just signing up for a new Gmail.

Senders to Apple's email proxy needs to be pre-registered first (and I highly suspect the generated addresses are scoped to each individual app's whitelist), so no, not everyone can send to those addresses.

The sender already is pre-registered. We're talking about users who have successfully Signed In With Apple ID.

After signing up you would request a non proxy email. Hence, the “real” email. You would then test that the user supplied email is legit.

But nothing is stopping the user from supplying a proxy email address in your textbox where you ask for a non-proxy email address. Sending a test email doesn't tell you whether the user-supplied email address is a proxy email address or a non-proxy email address, since your test email will go through in either case. That's the whole point of a proxy email address instead of a completely fake email address, is that emails sent to the proxy email address will still go through.

I imagine if you did you would be swiftly (hah) kicked out of the App Store

>It shows Apple actively seceding an opportunity for exchanging marketing data in favour of user privacy.

Apple isn't ceding anything here. They still have your email address, they have the record of your activity on the site you're accessing. They are withholding your email address from the site you're accessing, which is good for your privacy. But you make it sound like they've sacrificed something in doing that.

If google had done this, everybody would be up in arms about how google was further overreaching in their goal to gain complete control of the internet and are preventing poor little mom and pop websites from being able to meet their marketing goals.

So I take it that you didn't watch the video or read the transcript where they state explicitly that they don't record or track that information.

Just because you believe the FB/G nonsense that the internet is only possible by gross violations of user privacy doesn't mean everyone else buys into it.

They have to store the information, if for nothing else than to correctly forward emails to your real address.

They have a list of what websites i sign into with my Apple ID. Which is more information than they used to have. If you switch from signing in with your email address to signing in with your apple ID, that's one more entity that knows about that relationship than otherwise would.

I'm not trying to say this is a bad thing, I love what apple's doing here. I'm just trying to push back against any suggestions that apple is giving something up. They are collecting more data about their users now than they were previously, and positioning themselves as the gatekeeper of user identity. There's every indication that they're doing this for the right reasons, and it's good for users, but it still increases their control and their stored user data.

To me this suggests then that the absolute amount of data collected isn’t necessarily a useful metric

I'm not quite sure what kind of metric you're referring to, but Apple is simply centralizing data collection of its ecosystems. The incentive is more comfortable service interaction and less entities receiving information about you.

On the other hand, Apple is tightening its control over its own ecosystems as every interaction has to go through them. Moreover, they're inhibiting anonymous usage of services as more and more things required direct or indirect verification of the user. This entices the market to normalize the demand for unique virtual identities.

All they have to record is alias->real in a giant table.

They don't need to record what app or service got the alias address, and they explicitly state that they do not record any details about interaction with your service, or any emails that go through the alias. It's an explicit statement in the linked talk.

When someone starts forwarding illegal content via these accounts the feds will ensure that the recipients are disclosed.


Which accounts doing what?

Businesses sending to a cloaked email?

The mapping but not necessarily the user's activity.

Apple's business model is selling hardware, not selling advertising. It's not really a sacrifice for them. It's a "strategy credit" https://stratechery.com/2013/strategy-credit/

They don’t have a “record of your activity.” They only know that you have signed in with Apple on a site. They aren’t tracking your behavior or usage. The Apple JS doesn’t have to be on any page except the sign up/in.

And you don't have to use the Apple JS if you don't want to, since it's really just a library to download the appropriate button image and to do OIDC.

> If google had done this,

Google provides a similar thing as an OAuth/OpenID provider. (except they track all that stuff and share the email with the site/app).

And you know, don't currently have a monopoly on iOS application distribution that it could use to strong arm developers on their platform to always make using it an option.

I'm a big fan of the feature, was quite thrilled to see it, but aren't they the provider of the redirect? So there is privacy to anyone but Apple: they'll know (if they wish to) that you signed up on Some Site with a burner email in a way they might not have if you used a regular burner email service.

Personally, I'm fine with Apple having that kind of info as I generally trust them and also that my main concern is the same with your frustration of my email ending up in yet another leak seemingly frequently.

> Personally, I'm fine with Apple having that kind of info as I generally trust them

...up until Apple decides to change their leadership, or their business model, or the mobile market implodes and they start looking for new revenue streams, or their relationship with the US government changes, or ...

I get that as a practical matter we are forced to trust somebody somewhere eventually, but at best we should be saying that "Apple doesn't seem motivated to abuse this information for now."

This is a common perspective, and it is generally correct and worth considering.

However, for a company like Apple to change its stance would take a long time. Culture is sticky and, furthermore, they simply don't have the mass data collection and processing pipelines necessary for such an about face. There would be a fairly long period (my guess is years) during which consumers would be able to change providers.

Data sticks around for a lot longer than “a long time”.

Which is why it's nice that current-Apple is committed to not collecting data.

My comment was the work Apple would need to do before collecting that data. Anyways, GDPR gives you the right to deletion at any time. Apple has publicly committed to offering GDPR rights to everyone.

Which is why Apple protects your data in a way they can't access it - in the event that they change into Google and Facebook in future they have no access to the current information.

I don't think it's valid to say Apple can't access your data. Maybe I'm understanding it wrong, but wouldn't that mean all your data would have to be encrypted with a private key that only you have? All I use to access my Apple data is a password, which I can reset at anytime.

Correct, all your data on apple's services are encrypted such that apple can't access them. The final fallback for account recovery is the "iCloud key vault" which is covered in documentation they published. Those are essentially HSMs gated by your account password and passcode, and a counter that triggers recovery key erasure.

I think the primary security white paper describes exactly how it works, but essentially there's a set of shared symmetric keys that are encrypted to public keys for each of your devices. Outside of the key vault path, the way a new device gets access to those keys is one of your other 2fa devices encrypt a decryption key to the new device when you approve it. The basic result is that there is no point in which the key material is transmitted unencrypted off a device.

I mean, Apple can push a software update that changes how this works. But what you describe is still a lot better than nothing.

> all your data on apple's services are encrypted such that apple can't access them

This is only true for certain services.

Yeah, I do agree here - as much as I love to believe that this is a core belief of all the employees at apple - and in my experience this is a true statement - we have to remember that Apple is a company, and there is undeniably a huge marketing ability in privacy given that their business model doesn't depend on selling information.

But there's also a huge security benefit to apple not tracking this information: A hacker/angry-former-employee/creepy-current-employee can't access it either (eg. like the various stories we here about fb,uber,etc admins and employees spying on people).

To be perfectly cynical, I'm willing to temporarily give the benefit of the doubt to the company that's not currently selling my personal information to marketers, over the companies that are doing so flagrantly.

Exactly. With Apple it's "what if" their customers suddenly become advertisers, whereas Google and FB their customers already are advertisers.

Apple is in a unique position where they can sell hardware at profit making prices to a huge customer base. Even if we are at peak iPhone, current Apple users are not going anywhere (I tried to switch my wife to an Android phone once and it was a disaster hah). Privacy moves like Apple ID will only solidify the current user base. Best in class products like AirPods and the AppleWatch also lock users in - in a good way though.

I've noticed that since this announcement it is also pulling some stout Android users I know who have become disillusioned with how Google is slowly locking Android down. The constant bad press Google has received combined with the Apple privacy drum beat is starting to pay dividends for Apple.

While that's all true, again as a practical matter, a massive multi-decade-old denizen like Apple in some ways has more cultural and institutional inertia than even the US government. Especially now. Life is short; Apple's "for now" has been 43 years running.

The company has been around for over 40 years. Have they done anything to suggest that they’ll just randomly go rogue? Their brand is built on some amount of user trust, if they start violating that, there’d be significant market risk which makes no sense for them to do. They can and are already winning when it comes to privacy, violating that would be incredibly stupid from a business perspective. Privacy is one of their competitive advantages.

I feel more importantly they go to great lengths to create a brand image (because after all, everything else aside, they are a for profit company) and I imagine that reneging on the privacy angle would be considered to be damaging to the brand.

I feel of all the major tech companies, Apple is way more invested in retaining their brand image.

That's answered in the video: They don't record app usage, they don't record or monitor email that goes over the cloaked address.

The problem with burner address servers:

* They don't protect against fake addresses (which is why many services actually block them)

* They are much harder for regular users to use

* They're annoying to use, and fundamentally require providing your email address to yet another third party

Apple Sign-In clearly make the use of cloaking addresses much easier.

Again this still only applies to "social" logins, you're welcome to have your own login system.

Not knocking the system, quite thrilled by it personally: the other option is Google or Facebook at this point and if I got off OAuth and email with Google (leaning towards buying a personal domain and going with proton mail or similar, may wait until this built in burner option is available), I could probably rid myself of them (Facebook is more of a mental break I’d need to make, honestly). I’d love this.

I’ve personally tried personal burner email addresses for forums sign ups but the thing I found is that it is a maintenance (if that’s the correct word) nightmare. If you go with the ones that last for a brief period of time, you better guard the credentials because there’s no clicking forget password.

I’m hopeful of the feature, but even if it proves to not be that great, I’d still rather they be my identity provider over Facebook or Google so it’ll still feel like a net win.

Conceivably they could theoretically even spy on your emails with the companies you 've signed up with, including apple's competitors. It could even lead to potential legal issues for apple. At least plain email is considered distributed and does not rely on gatekeepers.

As opposed to Google and Facebook that convinced users to install apps that went around the App Store so they could record everything that you do with your phone or Facebook buying Onava (a VPN provider) with the express purpose of spying on you?

Apple could in the future become evil after 40+ years. The other two companies are actively evil.

iirc they actually paid those users. And i don't think any company should be trusted. Apple was part of prism and is known to strong-arm their users to stay locked in their ecosystem. This sign in is a good step for security, but i don't think there can be such a thing as corporate-owned privacy.

“strong arm their users”?

Do jack booted thugs come to my door to force me not to buy an Android device?

Do you really think most users were aware that they were giving up their privacy? Even if you assume they do, Google broke a contract with Apple by using a developer certification.

Ur arguments are extreme. Apple does lock-in users and developers more than anyone else by enforcing rules and taking away/not implementing features, that's trivial for anyone who has an ios device to see. Agreed though, facebook and google also lock-in users by providing enough free services to users that they don't want to leave. That's a different level of coercion though.

You still haven’t given concrete examples....

Apple is the one that handed over iCloud keys to the Chinese government. Next to Apple, those two are lightweights at being evil.

Google was upfront about what their app did and paid their users for that data. It's just like a Nielsen box. I had installed it on an unused tablet myself, tapping the notification to check in weekly, and collecting enough Amazon credit to pay for Prime. https://www.google.com/landing/panelresearch/

Were they upfront with Apple about their use of the enterprise certificate?

Were they clear in telling people “we can record all of your internet activities including messages, banking information”, etc.?

Yes Apple stored data on Chinese servers, but your private keys never leave your device. Do you have any evidence to the contrary?

> we can record all of your internet activities including messages, banking information

What the app was capable of collecting is different from what the app actually collected, which was clearly specified when signing up. The app is still available in the Play Store, and people still use it because nobody was surprised by what it collects. https://play.google.com/store/apps/details?id=com.google.and...

> Were they upfront with Apple about their use of the enterprise certificate?

Who cares? There's nothing evil about circumventing some arbitrary Apple policy to give users an app that they want.

> Yes Apple stored data on Chinese servers, but your private keys never leave your device.

Not your private keys but Apple's private keys, which gives the Chinese government unfettered access to everything Chinese users store in iCloud https://techcrunch.com/2018/07/17/apples-icloud-user-data-in.... Worse, the change was applied retroactively to data the users had stored in iCloud prior to the change. No other US tech company comes close in evilness.

What the app was capable of collecting is different from what the app actually collected,

Yes they pinky promised not to collect all of your data. So will you email me your social security number if I promise not to use it?

Who cares? There's nothing evil about circumventing some arbitrary Apple policy to give users an app that they want.

Yes there is nothing wrong with breaching a contract....

Not your private keys but Apple's private keys, which gives the Chinese government unfettered access to everything Chinese users store in iCloud https://techcrunch.com/2018/07/17/apples-icloud-user-data-in.... Worse, the change was applied retroactively to data the users had stored in iCloud prior to the change. No other US tech company comes close in evilness.

That’s not how public/private key pairs work and the article said no such thing.

The app is still available in the Play Store, and people still use it because nobody was surprised by what it collects. https://play.google.com/store/apps/details?id=com.google.and....

So you’re absolutely sure that every single person who downloaded the app was aware of what it was able to collect and that everyone who downloads it was legally of age able to consent to data gathering?

> Yes they pinky promised not to collect all of your data. So will you email me your social security number if I promise not to use it?

That's dense. If you use Apple email, they also collect your social security number if someone sends it to you, and they (and the Chinese government for Chinese users) have the ability to reset your password and gain access to any service is sign up for, despite pinky promises otherwise, and Apple's software has permission to read absolutely everything you do on your phone. In just the same way, what they have the ability to do exceeds what they tell their customers they do. What the app actually collected was specified, and there remains no evidence that they did anything more than they told the panelists.

> Yes there is nothing wrong with breaching a contract....

There is certainly nothing evil about giving users what they want in spite of the whims of a capricious (and actually evil) middleman.

> That’s not how public/private key pairs work and the article said no such thing.

Apple encrypted user's iCloud emails and iCloud data in a way that Apple still has access to for search. It is Apple's keys that matter in this case, not the user's keys for communicating with Apple.

The article said exactly such thing: "Before a switch announced in January, all encryption keys for Chinese users were stored in the U.S., which meant authorities needed to go through the U.S. legal system to request access to information. Now the situation is based on Chinese courts and a gatekeeper that’s owned by the government [emphasis added]."

There is certainly nothing evil about giving users what they want in spite of the whims of a capricious (and actually evil) middleman.

So users want to install software that can intercept all of their communications? I’ve never heard someone say, “I would give up all of my privacy and install a network sniffer/key logger on my device of someone paid me*

Apple encrypted user's iCloud emails and iCloud data in a way that Apple still has access to for search. It is Apple's keys that matter in this case, not the user's keys for communicating with Apple.

That’s also not how email works. Email is not a secure communications and is never encrypted. Besides that, you don’t need to use an Apple provided email account.

The article said exactly such thing: "Before a switch announced in January, all encryption keys for Chinese users were stored in the U.S., which meant authorities needed to go through the U.S. legal system to request access to information. Now the situation is based on Chinese courts and a gatekeeper that’s owned by the government [emphasis added]."

That’s not how public/private key encryption works - despite what you read from techcrunch. The whole purpose of a public private key pair is that you (or your device) creates the key pair, you send the public key out for anyone to use. They then use the public key to encrypt a message and you keep your private key. Anyone can encrypt a message and only you can decrypt a message with your private key. Am I really explaining how public/private key encryption works on Hacker News?

> So users want to install software that can intercept all of their communications? I’ve never heard someone say, “I would give up all of my privacy and install a network sniffer/key logger on my device of someone paid me*

I just told you that I did exactly that. If you read the reviews of the app on the Google Play Store, you will find many other users confirming that they knowingly and happily made the same deal. The Nielsen box itself contains a microphone that can hear everything in the room, and people happily sign up for the payment.

> That’s also not how email works. [Blah blah blah.]

You missed the point. The point was that Apple has the exact same access as Google from the operating system. There is a difference between what the operating system allows an app to do and what it actually does, which you have repeatedly conflated.

> That’s not how public/private key encryption works.

Now you've confused end to end encryption with public key encryption. It's a bit ridiculous that I have to explain the difference to you, but here it goes. iMessages is end to end encrypted. ICloud services like mail, drive, and docs are not. By handing over the iCloud keys to China, Apple has given the Chinese government unfettered access to this information and, by extension, all services which can be accessed using those credentials.

Now that you understand the problem, do you understand how that is evil?


In some cases, your iCloud data may be stored using third-party partners’ servers—such as Amazon Web Services or Google Cloud Platform—but these partners don’t have the keys to decrypt your data stored on their servers.

If Apple is in fact lying,I’m sure a lot of government agencies would be glad to know.

You're pointing to the US privacy policy. That support website does not support China.


This is different from the (nonexistent) Chinese privacy policy.


Facebook has had anonymous email redirects for years. Developers hated it, and circumvented it; it hands control over the communication channel from the developer to Facebook, and not to the user. The same will be true with Apple login.

There's obvious pros and cons to the developer owning that communication channel, or to a middleman owning that communication channel.

What Apple is doing here is using their total control of the application distribution channel on iOS to hold apps hostage to add an option to sell users on handing Apple control, or possibly reduce their growth by forcing them to remove the other login options.

It's mildly pro-consumer, but I think it's anywhere from mildly to very developer hostile. I'm not positive it will have a sustained effect, as developers may do what they did with Facebook and detect the proxied email and ask for the real one in its place.

> as developers may do what they did with Facebook and detect the proxied email and ask for the real one in its place.

And Apple may very well outlaw this practice.

Developers can in turn allow those user accounts to log in but only enable some features unless a real email is used.

Sure, Apple could add even more complexity to their review process (delaying approval), or give stiff penalties to developers for working around it.

Apple's recourse to remedy a situation where a developer does not want to allow Apple to forcefully insert itself as a middle-man is primarily punitive.

Thus, as stated, this is mildly to very developer hostile.

Maybe I'm misunderstanding, but I believe Apple still absolutely has your real data as well as the ability to link it to all the anonymous throwaway addresses. They just chose not to give away that data for free to every app that is asking nicely.

I agree, this is some win for privacy against random rogue apps, but I don't see how Apple would secede anything.

Could you elaborate?

If you watch the video or read the transcript they explicitly state that they do not record any of the information.

They obviously have a mapping of cloak address -> real address, but there's no requirement for them to have any record of which apps got which addresses.

This is not hard to determine. E-mail messages have headers, and the app will send registration e-mail to the cloaked address. So all it takes is scanning the e-mail headers of stored mail.

The do mention that they allow users to disable individual aliases at any time. Which would indicate that they do at least mark that for the user.

Psst…you probably meant “cede” instead of “secede”.

Ah, right. Thanks!

>It shows Apple actively ceding an opportunity for exchanging marketing data in favour of user privacy.

This is not a new thing.

For example, when the iPad launched and digital versions of magazines began to be available, Apple allowed a subscriber to provide the magazine publishing house with their email address, but also required that they be allowed to refuse to provide it.

The new thing here is to give the user a way to shut off abusive spamming of an email address they have chosen to provide.

Pretty useless, as steam and other websites have already blacklisted the idbloc.co domain as disposable, preventing user sign ups.

Is it unreasonable to believe that companies will block disposable Apple email addresses, just as they do, e.g., mailinator.com emails - often for authwalls intended purely for tracking users?

I think it's somewhat unreasonable to believe that, in the sense that Apple is pretty explicitly using their clout to make it much harder for companies to do this.

When a company blocks Mailinator, they're giving up a pretty small number of users -- those who know about Mailinator, use it, and refuse to sign up for a service that blocks it. Since Sign In with Apple is required for any iOS app that supports 3rd-party login, any company (with an app, which is mostly what this is all about anyway) that decides to block this new type of authentication will be forced to either give up all 3rd-party login options (costing them existing users who sign in this way and increasing the cost to acquire new ones), or give up their iOS app -- in either case, this probably means giving up a large number of users.

If Apple doesn’t place some guarantees around the emails, then yes, I’ll be blocking the relay domain. I don’t care to know a user’s true identity, I just want to ensure that the same person can’t use the system to trivially create unlimited new anonymous accounts on my system.

I’d like to see these:

1. Restricted to people who have associated a physical Apple device, and

2. No ability for the user to re-scramble the anonymous identifier once it is assigned to a service.

If these two criteria are met, I won’t consider it a throwaway email service.

> I don’t care to know a user’s true identity, I just want to ensure that the same person can’t use the system to trivially create unlimited new anonymous accounts on my system.

People can and have been trivially creating “unlimited new anonymous accounts” by creating new and multiple email accounts on Gmail, Yahoo, Outlook, Protonmail, Tutanota and many other “free e-mail” providers. Unless you have a list of all “free” email providers around the world and are blocking them, this stand against Apple doesn’t make sense to me.

If the App Store guidelines say you need to implement Sign in with Apple, and you implement it such that proxy email addresses are rejected, you'll likely be told by Apple to fix it per the developer agreement.

These proxy email addresses are supposed to be pseudonymous, one per apple id + app team, and are set to relay to a verified email address associated with that apple id.

Authentication will tie back to an associated physical apple device, although you can have one device associated with more than one Apple ID.

The email address isn't the user identifier. If you don't want email, don't ask for email. When you make the request, you can ask for email and/or full name, or ask for neither if all you want is the opaque token that identifies the user (and the one bit that says whether Apple thinks it's a real person).

That’s great—as long as that token can’t be trivially re-randomized and huge bonus points if that “real person bit” is a thing.

I haven’t investigated Facebook or Google SSO in depth (I always considered it a bit distasteful to participate in making these behemoths more indispensable) but if they offer some useful metadata that allows me to exclude G/FB accounts which are inauthentic or freshly created, I might look into it too.

Re-randomizing the email wouldn't make sense, as it's not the user identifier. It's literally just an email address, unique to the combination of your app and the user. If it could be re-randomized that wouldn't affect your ability to identify the user.

The "real person bit" is a thing. It's the sole bit of information Apple gives for free, which is either that Apple thinks it's "highly likely" that the user is a real person (the bit's absence doesn't mean Apple thinks it's a bot, it just means Apple can't be confident it's a real person, which might simply mean Apple doesn't have enough information to make that call).

What makes you think people would bother with your service rather than using Apple’s service?

I don't understand the question.

I run a large regional forum (10-15k active users per day) and our business model (such as it is) does not rely upon having as many randoms as possible getting user accounts.

We are quite selective when it comes to approving new memberships. We look at numerous subtle signals to decide whether to allow an account to be approved instantly, approved with limits, delayed or rejected. Email, ASN, browser behaviour, user's actions prior to the registration page, and numerous other things which strongly predict whether someone is an authentic new contributor, or a sock puppet/astro-turfer/troll/spammer/abuser etc.

This saves us an astronomical amount of pointless work for our moderators and makes our environment more conducive to constructive and useful contributions. (In a way it's like Hacker News comments except we're not as pedantic about chatty contributions so long as they're good natured.)

Presumably because they'll most likely provide additional login mechanisms that are at least just as convenient (Google / Facebook Sign-in to start?)

User privacy is a great thing, and most of us smaller developers have nothing against it. However, it needs to be done in a way that doesn't threaten our business continuity.

I’m saying if you refuse to support Apple’s sign in because you want more user info, your company is not that special that users are going to hate quit Apple in outrage.

If your business is dependent on giving away user privacy to Facebook or Google unless you are doing something that integrates with them - it deserves to fail.

I don't know what any of you are talking about. You are taking my observations and making wildly incorrect assumptions about my motivations.

I don't want to know who someone really is.

I don't care how little information I get through these systems. I don't want it.

What I do want to know is that I can exclude throw-away Google/FB/Apple accounts made five minutes ago specifically to establish a new whitewashed identity on my site.

Right now I don't offer Facebook or Google login at all—specifically because I think the consequences (both privacy and the further entanglement of powerful entities) are not worth it.

You can make a throwaway email account anywhere in five minutes.

Correct but irrelevant. For aiding the registration of legit users, verifying an email address is beneficial as a way for them to ensure they are able to recover their password.

For dealing with non-legit users the email address itself isn't so important. We don't ignore it—we happily reject attempts from ~10k throwaway domains and also some whole TLDs—but it's only one in a set of signals. The reason why the click-link-in-email process is so useful is mostly because it's a way for me to inject confusing and uncertain failures to the process to make it incrementally harder to game/predict our registration system. And it lets us inject plausible yet artificial slowness so that a persistent arsehole is never able to move faster than our people.

(Far more important are the subtle signals, particularly how the user behaves prior to registration. For example if a totally clean browser goes straight to the registration page it's likely to be an arsehole in a private browsing window. Legit users almost invariably browse content immediately prior to registering.)

Correct but irrelevant. For aiding the registration of legit users, verifying an email address is beneficial as a way for them to ensure they are able to recover their password.

You can still verify their email address for password resets. You send the link with the email address to the alias and Apple forwards it to the user.

But the whole purpose of using SSO is that you are not responsible for passwords - the IDP is. You should just be able to store the user id.

How is this a relevant reply? I offered further details about my fine-grained strategies and multi-faceted custom solution, and your response is to offer a random set of blindingly obvious facts about SSO and SIWA.

Well. Seeing that you were arguing that you didn’t want to use a “random email” that could be created in five minutes. Your whole spiel about not wanting to use a random email created by Apple as if a troll couldn’t create a random email on at least a dozen different platforms makes your whole argument against using Apple’s randomly generated email kind of nonsensical.

Besides, why use any third party identity provider if you are still managing passwords? You said that you needed an email address to send a password reset link.

Again you’re making assumptions and responding to something I didn’t say. Not interesting any more.

You didn’t say this?

Correct but irrelevant. For aiding the registration of legit users, verifying an email address is beneficial as a way for them to ensure they are able to recover their password.

Why do you need to help them recover their password if you’re using a third party?

Your question is invalid because it assumes facts that I have already explicitly refuted. Not interesting.

I'm sure they will, but I'd take that as evidence that they do intend to sell it or spam me.

Which would be even more reason not to sign in at all. That said I'm sure that whenever the official guidelines come out there will be something explicit about not doing so (although of course that would only apply to apps)

Yep, this is a strong signal from Apple.

Nitpick: seceding = leaving a group, ceding = giving up something.

Hilariously because I read this my brain got into the "wait, what was the other option? which one should I be using?" state and I had to double check myself.

Thank you very much :p

fixed :)

I don't comment often on here, but just wanted to say thank you for this tool. I will be thoroughly checking out https://idbloc.co and making good use of it! It looks like it will be simpler than using disposable emails, and definitely better than creating random emails!

thanks for the kind words :-) I hope you get as much use out of the product as I already do!

A little trick I've found out is having a GSuite account added to the Gmail app and generally always using the "all inboxes" view, I've seen no ads with this setup.

I wish it allowed you to supply an email “formula” (for example “apple-sign-ups-${supplied-unique-id}@my-domain”). I understand this is a particularly “pro” request, but I’d still like it.

Again, from a customer angle I’m not 100% sold on this. I don’t want to miss an email because Apple servers are down, and if Apple decides to kill an app I don’t like, I also want the ability to disagree. Separately, I want something that wouldn’t be a pain to use on non-Apple devices.

That "formula" allows the service to identify you the user because it's your domain (or group you into a subset of users if you share the domain with other people). Apple's relay service right now gives the application zero new information about you.

Don't most people already use a secondary email for signups to sites that they don't wish to hear from? I believe it's a solved problem, even for average users.

Why do we think Apple is not going to start reading this forwarded email and then using it to target ads? Sign-in with Apple makes them gmail... but without having to provide a web interface for reading email.

I do like the layer of indirection, but I have to imagine that someday the shareholders are going to ask "why not target ads like Google is doing" and they're not going to have a good answer.

Because (if you watched the talk or read the transcript) they already explicitly stated that they will not?

They've also explicitly stated that they will not record any information about interaction with a service.

Based on Apple's general approach to data security, I suspect that there is no "company A got alias address Y" table. In principle all that they need is a table of alias->real. On the other hand maybe it would be useful to have such a table in the case a site gets compromised/starts selling information?

But they have stated explicitly in a public video that they will not record interactions or emails you send, so I'm sure it would be lawsuit city if the reneged on that.

The piece which requires state is the 'user consented to sharing data X with app Y' bit so that the user can change that consent in the future.

The email relay address could feasibly be just a reference to that state.

Because the moment they do that they lose the whole reputation they’ve spent years and years building as the ‘privacy focused tech company’. User trust goes out the window.

Wasn't Google the "don't be evil" tech company that all the "influencers" suggested their friends switch to over to when Altavista was being shady?

You guys trust companies wayyyy too much.

First of all, iCloud does have a web interface. Second of all they can’t read your email. Reviewing Apple’s numerous explanations of how the system works should make that clear. If paranoia gets the best of you, nobody is forcing you to implement sign in with Apple and you are free to not use sites that do.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact