It makes perfect sense, in order to prevent someone else from registering your old @icloud.com email address and impersonating you or performing password resets.

That does make sense, but I remember him talking about my gmail address. Not even sure I had an icloud email. But I could very well remember that wrong.

The point is that you don't want someone re-registering on iCloud with that gmail address because then they could impersonate you when interacting with Apple.

I still don't get it. You cancel the account, it should be gone like it never happened. Poof. If you make a new account with the same email, it should be a new account with no relation at all to the old account since that one has been deleted and is gone forever and there would be nothing to impersonate here.

Let's say you have the account johndoe@icloud.com. You use that email as your backup email at your bank. You cancel the account. Now someone else opens a new icloud account with johndoe@icloud.com. They can now access your account by "recovering" your password with the backup email.

But the GP is saying they registered their apple id with a non apple email. Why can't your delete the apple id associated with that email, then create another apple id using the same email?

> I still don't get it. You cancel the account, it should be gone like it never happened

As long as that change cascades to every single site that the user could have registered with.

Otherwise, there could be hundreds or thousands of sites waiting to email confidential information to a new person.

this already happens when you move physically to a new residence. except there isn't a system for "change of email address"

Idiots -- like yahoo -- recycle emails.

Also, emails probably persist in some systems as a guid.

You can have an iCloud account with any e-mail, including a gmail address - might have been the case there?

This makes total sense, and good of them to warn you.

MANY people tie things like password resets to your email, not to you and may not have a retail store presence you can get to for a password reset.

He's telling you - once this email is gone, it is gone and no one, including you will get it again. That is good in the sense that no one can impersonate you, but bad if you have an "ooops" moment and want to do a password reset that needs that email.

Presumably to prevent someone from hijacking accounts.

It makes total sense to me. There’s no way to really know the next person signing up is really you (even if it’s 99% unlikely it isn’t). The safest option is to create a brand new account with a different email. Maybe I’m wrong but that’s how I do my own app signups.. it seems safe to me.

A lot seems to be riding on the definition of delete.

Apple's announcement says:

must also allow users to initiate deletion of their account from within the app.

It's only "initiate" deletion, so if we treat that as Step #1, then if Step #2 is, as in the NYT example, to ring support to confirm your intention to delete you account, then this may not deter much user-hostile behavior. It just kind of smears it to a different part of the tablecloth.

It also specifically says 'deletion' rather than cancellation or disablement, but I doubt Apple are going to follow up on this eventual deletion (or alternative watered-down definition) of account past this "initiate" step.

Will users have recourse through Apple if their "initiated" account deletion request goes no further than step #1?

I’ve had people try do use credential stuffing on my accounts after major breaches. It happened on a deleted instagram account and I’m glad they blocked it.

I’d rather it work the way Apple does it than have someone try to recreate a deleted account.