Hacker News new | past | comments | ask | show | jobs | submit login

As a user I can't see why any random app needs to know my true email address.





From the article:

> If a customer contacts us asking for support, and we need to look up something in their account, typically we can just ask them for the email address on their account. But with “Hide My Email” that wouldn’t be easily possible, because the customer would have to figure out the privaterelay.appleid.com email address used for their account.

> Furthermore, if there are platforms where AnyList doesn’t support Sign in with Apple, like Android, and someone wants to log into their account, they’d have to know their privaterelay.appleid.com email address. (And that certainly won’t be easy to find if you no longer have an iOS device.) And then they’d have to create a password with us, since they wouldn’t be able to sign in using Sign in with Apple.

> Finally, for a service like AnyList, which is heavily focused on sharing lists with other people, the “Hide My Email” option greatly complicates collaboration. Typically, customers share a list by typing in the email address of the person they want to share with. If that person already has an account, the list is instantly shared. But with the “Hide My Email” option, your spouse or friends obviously won’t know your privaterelay.appleid.com email address, so when they enter your email address, our systems will believe that you don’t have an account. At that point, you’ll get an email from us asking you to create an account. If you accidentally create a new account, it won’t include the work you’ve done in your existing account created via Sign in with Apple. And if you manage not to make that mistake, then there would be a link between your email address and the account you created with Sign in with Apple, negating the value of hiding your email address.


For the first point, the app can explicitly tell the user what their login is, or otherwise assign some unique identifier the user can use when contacting support. The app can also offer to contact support for them, which can pre-fill the user identifier.

For the second, that’s entirely the user’s choice. Your app can also allow them to associate a new email address for this purpose (which strikes me as exactly what you actually want since the real unstated motivation here is getting the user’s email).

For the third, don’t make me type in someone’s email. The exact same issue as described happens if they have multiple email addresses too. Just let me use my OS’s sharing mechanism to send a special link that they can open to establish the sharing connection. An invite to share, as it were. Not only does that solve the problem, it’s significantly more user-friendly.


> For the second, that’s entirely the user’s choice. Your app can also allow them to associate a new email address for this purpose (which strikes me as exactly what you actually want since the real unstated motivation here is getting the user’s email).

So the solution here is for a developer to add a bunch of code to their codebase on at least 4 platforms just to get to the same exact functionality and level of privacy, but with a worse user experience?

> For the third, don’t make me type in someone’s email. The exact same issue as described happens if they have multiple email addresses too. Just let me use my OS’s sharing mechanism to send a special link that they can open to establish the sharing connection. An invite to share, as it were. Not only does that solve the problem, it’s significantly more user-friendly.

As a user, I find that functionality to be incredibly clunky by comparison (on all platforms). It may be moderately better on iOS than Android, but even then Anylist and others are running multiplatform apps. If I'm using a computer and I need to manually copy a link, open my email client, compose a new email, type the subject and a message, paste the link, and hit send, that feels dramatically more cumbersome than just entering an email address and hitting "share". It also takes a good amount of new code to implement something like that on an existing system that uses email-based sharing, which I don't think developers should have to deal with just because Apple built a lousy login system.


> So the solution here is for a developer to add a bunch of code to their codebase on at least 4 platforms just to get to the same exact functionality and level of privacy, but with a worse user experience?

You need to support letting the user change their email address anyway. Letting them change it from the privacy forwarding email to something else is no different. And that shouldn’t even interfere with using Sign In With Apple going forward because surely you’re using the user’s unique identifier from Apple to associate the sign-in with your service’s user.

Also FWIW you can use the Sign In With Apple JS approach on non-Apple platforms. This is obviously useful for web, but Apple’s developer site says it’s “for web and apps on other platforms” so you could use this from Android too, it will just take some more work.

> As a user, I find that functionality to be incredibly clunky by comparison (on all platforms).

As a user, I have never connected with someone on a service by typing in their email address. Not only do people routinely have multiple email addresses (e.g. work and personal), but people also often use unique addresses for services (e.g. plus addresses), so it’s not at all a reliable mechanism.

> If I'm using a computer and I need to manually copy a link, open my email client, compose a new email, type the subject and a message, paste the link, and hit send

Why would you do all this? The service can offer a mailto: link that pre-fills the body, so all you have to do is click it, type in the recipient’s email address, and hit Send. And this lets you customize the message as appropriate. Better yet, on Apple platforms you can use the built-in share functionality, including on web with the Web Share API[1].

And if you really don’t want to do all of that, you could have me enter an email that you send a special link to rather than looking up in your user database. That’s still not great for me as a user because it means I’m giving you someone else’s email address, which I don’t want to do, but it’s better than nothing.

The simple fact is, if your sharing mechanism requires me to know the email address someone else has already used to sign up for your service, it’s a crappy sharing mechanism.

[1] https://caniuse.com/#feat=web-share


What kind of solution should apple have made then, that would protect user privacy to the same degree?

> For the first point, the app can explicitly tell the user what their login is, or otherwise assign some unique identifier the user can use when contacting support. The app can also offer to contact support for them, which can pre-fill the user identifier.

as thomaslord said, this is an enormous overhead, where a lot can go wrong.

> For the second, that’s entirely the user’s choice. Your app can also allow them to associate a new email address for this purpose (which strikes me as exactly what you actually want since the real unstated motivation here is getting the user’s email).

Even more overhead, and more data to manage.

> For the third, don’t make me type in someone’s email. The exact same issue as described happens if they have multiple email addresses too. Just let me use my OS’s sharing mechanism to send a special link that they can open to establish the sharing connection. An invite to share, as it were. Not only does that solve the problem, it’s significantly more user-friendly.

For native only apps, this would also add an additional overhead, as you need to develop a server to handle this.

The point is simple: if you want to protect your email address, that's on you. I personally use a different email address for each service, because it's important for me. But I don't expect everyone will bend over backwards to accommodate me, and neither should you.


And when you're using the web app on a desktop? There's no easy sharing mechanism there.


Email, Telegram, WhatsApp, etc, etc. Lots of them.

Because it's your identity. Login systems have moved away from the 'username' concept that we used to use, because it was another thing we could forget. Email addresses are inherently unique and allow identifying a person for support calls or login or whatever.

I'm not saying this is necessarily a good thing, but this is how things work and I don't have a better suggestion.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: