>AirDrop also shares your full name (seemingly the one associated with your Apple ID, not what you have set for yourself in your contacts), both by displaying it in the sharing interface on the involved devices and by attaching it as an extended attribute to uploaded files.
>So if you AirDrop some files to your computer and then zip them up, anyone you send that zip to (a journalist, a public file-hosting site, w/e) will have your full legal name to go with them.
I wonder if Google is adding metadata as well. Otherwise there does seem to be the problem of, for example, threats being AirDropped in a public place.
Using macOS 26 and iOS 26 I was unable to reproduce their findings. I airdropped a photo from my iOS device to my laptop, and nothing in `mdls`, `xattr -l`, `exiftool -s`, `rg -i` showed my name.
It wouldn't surprise if Apple had fixed this, it's the sortof thing they would fix, but it may be worth trying with 2 devices not from the same iCloud account. Wouldn't surprise me if the code paths were subtly different in that case.
They would seem to contain identifiers as law enforcement have been able to follow up on instances where there has been airdropping of perverse images, but as noted by others the files don't include names.
The problem with airdrop (and likely why the 10 minute setting now exists) is that it includes a preview image as part of the notification request.
So other than being able to subject someone to perverse images, preview images have also been used in state-sponsored zero-click attacks to infect the phones of their targets. While that vector seems to be muted for now, the 10 minute setting provides a layer of defence against both potential future zero-clicks and receiving unsolicited previews images.
Just a tip - You can put any string as your name for your Apple ID. you can also change it at any time. I have it as Mac Book. It's not checked when making any credit card payment, AFAIK.
Just keep in mind, if you give your device to the Apple Store for repairs, they'll automatically expect the person who is picking up to have a matching ID to the Apple account.
It was a fun misunderstanding to resolve when I went to pick up my repaired Macbook Pro and they expected my ID to say Mark Suckerberg. It was resolved relatively uneventfully but still had to get the manager over.
No. Credit card transactions cannot check for name or billing a part from the zip code. Also the zip code validation only works in certain countries like the US, and Canada.
The way to validate that works is Visa 3DS or MasterCard 3D Secure. Those sent an OTP from the issuer to the cardholder on the issuer database, usually an email or SMS. The issuer of the card is the only who really knows the owner of the card.
In the US, CA the name is not validated. My company is credit card issuer and authorizer, and we don't do any validation a part from CVC. Maybe some countries/iisuers do the name validation, but is not not common at all.
They get compared yes, and it feeds into the fraud likelihood score that the merchant gets sent. And then usually chooses to ignore, because they make more from going ahead with the transaction than from stopping because it's suspicious, but it makes it easier for the credit card industry to put the liability on them.
Number, date (though I never bothered to check if it's actually checked, besides stupid frontend shenanigans when I couldn't enter it because it had a whole whooping month ahead of the current date) and CVC.
As soon as I learned what BANK NAME is acceptable name I used it almost everywhere.
I’ve never heard of this. Are you saying I could enter “MyLocal Bank” as the payer name instead of my own when transacting online with a credit card? This seems like the kind of fact that should be essential privacy knowledge if true!
This might not work super well if your package is crossing border either. Sure it's your billing address and not your shipping address, but sometimes they are all the same.
Well, for example, I can set Stripe Radar to hard match the name on the CC, for example. Very granular control is possible, but doing stuff like checking zip codes, names leads to false negatives and isn't worth it, in my experience.
When you create a ZIP, the extended attributes are saved to separate files. When you copy them to a FAT filesystem they are also saved to separate files.
Interesting, but now this information is no longer attached to the original file and you need to manually include it, when distributing the file. Also it is now kind of obvious, that there is not only the file itself in the ZIP file.
It’s not obvious if you are only using macOS, because macOS hides all of these extra files it creates. It’s only obvious if you use Windows or Linux. But of courses the chances of a typical macOS user also using Windows or Linux is very low.
Do packager programs on macOS lie about the packet contents? Otherwise the user will see it when opening the packet. The user needs to be aware of metadata when leaking stuff, e.g. EXIF data for images, non-deleted text in Word, overdrawn stuff in SVG, etc. anyways.
You mean Finder. Well Finder hides all files beginning with a dot by default. And in a Terminal the `ls` command also hides all such files by default, which is a behavior mandated by POSIX.
I mean the graphical equivalent of `tar --list --file`. tar doesn't hide files beginning with a dot and neither does my graphical file roller (Engrampa).
If you're someone who's bought into the Apple ecosystem over multiple devices, or ave a partner or children who are also using devices in the Apple ecosystem, then your Apple ID is something that is very definitely tied to you and probably difficult to change/give up when you replace your phone.
I don't think it would be at all surprising to find that the vast majority of people use their legal name or something closely associated with their identity, and that it persists over multiple devices.
As defensible as it may be, your behavior is very far from the norm. You may not consider this a aggressive privacy practice but demographically speaking, it absolutely is.
In April 2024, Le Monde Group’s majority stakeholder became a financial endowment, or fonds de dotation (FDD), named Fonds pour l'indépendance de la presse.
This structure is also used by Mediapart, owned by Fonds pour une presse libre, and Libération, owned by Fonds de dotation pour une presse indépendante, with Mediapart being inspired to emulate The Manchester Guardian (which has been operated by a trust since 1936): https://www.lesechos.fr/tech-medias/medias/le-monde-appartie...
Jason doesn’t participate here, for political reasons:
“I am not a regular reader or participant of Hacker News – I find the general VC/Silicon Valley/libertarian vibe over there to be pretty off-putting – but there's some good stuff there if you take the time to look.”
