Re: Icloud .com
Celena Holtzberg
You can use a web browser to view information stored in iCloud from anywhere. You can also access certain iCloud+ features. Learn what you can do with the following apps and features on iCloud.com on a computer:
You turned on Advanced Data Protection for iCloud: When you turn on Advanced Data Protection for iCloud, you automatically turn off access to your data on the web, so you can only see Find My iPhone and iCloud Settings at iCloud.com. If you want to see all the apps and features on iCloud.com, you can turn on Access iCloud Data on the Web in iCloud settings on your device. (Advanced Data Protection for iCloud can remain on.) See the Apple Support article Manage web access to your iCloud data.
You can use Find Devices on iCloud.com to remove a device from the Devices list and remove Activation Lock. When you remove Activation Lock, someone else can activate the device and connect it to their Apple ID.
In the last few months any time I have tried to log in to iCloud.com I've gotten a message during the login process that says I need to verify the email associated with my AppleID, which is a mac.com address. When I ask to be sent an email so that I can verify it, the system says one is sent, but it never shows up (not in my Inbox, Junk, or any of the other folders I can access on my iPhone). I can't check for it any other way, since I would need to log in to iCloud to check for it, but iCloud says I need to get the email in order to log in.
I know it's not a problem with my AppleID, because when I enter the mac.com email address and my password, I get a two-factor verification number sent to my iPhone. I say to allow the conection and enter the number in iCloud.com, at which point I get a pop-up which says "Your Apple ID email address must be verified before you can sign in."
As I said, if I enter my mac.com address, the system says an email has been sent, but it never shows up. When I tried to enter the @me.com or @iCloud.com aliases, thinking maybe mac.com is no longer supported, I got an error message that says "the application type specified is unacceptable."
It does give the suggestion that I can change my AppleID, which is COMPLETELY UNACCEPTABLE as a solution. The last time Apple forced me to change my AppleID I lost all of my iTunes purchases and their tech support was unable to restore them, even though I spent hours on the phone over the course of two weeks trying to do so. I'm NOT going through that again, so need a solution that allows me to keep my current AppleID.
After confirming what I had described (i.e. can't login to iCloud.com, can't verify email, can't change to me.com/icloud.com) the tech had me try the same things at appleid.apple.com. When those didn't work, we tried logging in with a different alias - I picked the me.com version, using the same password as I used for the mac.com one - and verifying again with the mac.com email on file. That also didn't work, but when I entered the same me.com email that I'd just used as my AppleID, it allowed the change, instantly verified and got me into the account. I went and logged in to iCloud .com using the me.com alias and got in without any further problems.
TL;DR: iCloud kept asking me to verify @mac.com email address associated with my @mac.com AppleID, but didn't send a verification email or let me switch my email to @me.com/@iCloud.com aliases. Logged in using @me.com alias and switched the email for verification to match and it worked.
However, I cannot get eM Client to connect to my iCloud calendar. For the server settings, I have , and for the username and password, I have entered the same username and app-specific password that I have for email.
If the error remains, send me please the CalDav logs from the iCloud account. You can allow them in Menu > Tools > Settings > Advanced. After that just close eM Client, reproduce the error and send me those logs to mark...@emclient.com.
Why your devices would request resolution of that special domain if they presumably are not using Private Relay would be a question for the manufacturer or software developer of the device or software sending those requests.
Of course, Apple will advise you to use their DNS service, so they can get info about what it is you're doing with your devices, and build a profile (bye bye privacy). It's easy to claim things won't work if you don't, fear of that is almost always pretty convincing...
iCloud Private Relay is basically Apple's implementation of oDoH (Oblivious DNS over HTTPS), the idea is you'll be using a proxy server (relay) to avoid the destination (DoH server) knowing who the request is coming from. Would be nice, if the relays would not be managed by Apple, thus not being able to collect the info anyway.
Can i just clear something up here, my Apple Account is set up NOT to use Private Relay..... apparently why the apple systems are interrogating mask.icloud.com is not 100% understood but it may be that they are doing this to determine my account setting its then that they determine that my account is valid and eligible to use the facility but I have it switched off.
I only have occasional access to apple devices, so not really sure, however, reading this article indicates it is something you need to enable / disable on the devices (the article has zero hits on the word 'account'), read here.
Once you changed the setting (false), you might still see entries in the pihole query log for mask.icloud.com and mask-h2.icloud.com, reply, not blocked. A dig for these domains should return a (lot?) of IP addresses (regional differences).
You'll probably notice things that used to be blocked (ads) are now showing (pihole no longer used after the initial lookup for the apple relay info).
Just as a data point, metrics.icloud.com is on my blocklist from StevenBlack/hosts/master/hosts; it is also one on my top 10 blocked domains. I have several Apple devices (phones, tablets, TV devices, etc.). Despite this domain block, I have no adverse effects using any of my Apple devices.
My uneducated speculation is this domain is used to collect...metrics...for Apple that are not otherwise needed for correct function of the devices. This domain has always been blocked in my use of PiHole over several years, and has never caused an apparent problem with my usage.
Based on what the 2 other Apple users of your solution are saying in regard to this, let's leave it as is for now, if is been there before Private Relay as has been indicated then this will not be an issue.
For me, the only impact I've ever seen is trying to view embedded images in some web-client emails (outlook.com in particular, but not all). In these cases, the images would not load unless I used the BLOCK_ICLOUD_PR=false line in pihole-FTL.conf. There may be other ways around the specific case I encountered, but that was my observation.
For what it's worth, I've reverted to the default Pihole behavior of blocking the Private Relay function, and the devices themselves are set to use Private Relay when they can (i.e. when Pihole is not in use).
This error appeared yesterday out of the blue. I'd been on appstoreconnect.apple.com working on an app update and later in the day when I tried to log in again I immediately get the error, "Failed to verify your identity. Try Again". No verification code is sent and it's not a password issue, as that's a different error.
I'm able to log in to iOS devices and Apple's apps, like the App Store Connect App. I was even able to log in to the Apple Support App and change my password, but I still couldn't access any Apple websites. If I try to log in to icloud.com, searchads, appstoreconnect.apple.com, developer.apple.com, or appleid.apple.com I immediately get the same error and no 2FA code is sent.
I've seen online that others have had this issue and some resolved it by appending a verification code to the end of their password, but that hasn't worked for me. (Even though Apple's sites fail to send the 2FA I was able to get a code by going into iOS Settings->iCloud->Passwords & Security->Send Code).
Apple Developer Support and regular Apple Support haven't been able to help so far (they also told me to try appending a 2FA code to my password). I had to create another Apple ID just to be able to get back into this forum and also the Contact Support page. But now that I have a support case the only way I can communicate with the rep is by logging in with the ID that actually has the login issue.
The issue may be rare, but it's been around for several years and Apple has set up its support systems in a way that makes it extremely difficult to get support in these circumstances. In fact, regular Apple Support has no ability to even transfer a call to Developer support.
I'm sorry to hear you're having the same issue. At least you're not alone in your frustration. If you haven't already, you should open a developer support ticket so they know multiple people are having the issue. If they have two accounts with the same problem that they can examine it may reveal a common core issue.
59fb9ae87f