this post was submitted on 03 Jun 2024
67 points (95.9% liked)

Privacy

31854 readers
142 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Email aliasing is one of the most underrated privacy techniques that has yet to go mainstream. For the privacy-conscious user, it offers a degree of separation between all your accounts, making it harder for data brokers to correlate your various accounts across different services by not using the same email address to sign up. For security, the same technique can also help defeat credential stuffing while obscuring your true email address, which is the central hub where all your identities can be managed (and the email address itself is literally half of the login information a would-be attacker would need to attempt to login). Your inbox is a critical thing to protect since a breach can offer information about additional accounts you have (via the emails already sitting in your inbox like updates, notifications, sign-in verifications, etc) as well as allowing an attacker to simply hit “reset password” on websites where you already have an account and thus take them over. As for mainstream users, the biggest advantage is probably the ability to manage spam more effectively – particularly from companies who refuse to respect opt-out links – from a single inbox, rather than having one inbox for professional use, then logging out and back into another for online shopping, then another for personal or newsletters, and so forth or simply having to give up and hope the spam filters don’t falsely flag anything important (or let junk though). Email aliasing makes effectively managing and controlling your inbox incredibly easy. With that in mind, this week, let’s examine some popular email aliasing services that the privacy community has to offer.

top 13 comments
sorted by: hot top controversial new old
[–] SpyDallyCandour@programming.dev 27 points 5 months ago

+1 for SimpleLogin. Not affiliated, just been using it for a few years now and it's been rock solid and a complete game changer.

As an example someone tried a banking scam on me, and I asked them to read back the email address associated with my "bank account", and they instead read back the alias I'd used on some other random website I'd put my credit card number into 6 months prior. This proved what website leaked my credit card, but also they were trying scam me (as if the request for a 2fa code wasn't proof enough)

[–] s38b35M5@lemmy.world 14 points 5 months ago* (last edited 5 months ago)

Re: DuckDuckGo:

You can sign-up and manage your aliases from any browser on any OS

But not on the TOR or Mull browsers on Android:

ETA: I use both DDG and SimpleLogin. I recently bumped up against the ten alias limit in SL, but I prefer the ease of creating outgoing aliases in their dashboard vs the DDG method of manually typing with underscores. That said, they both come in handy and I have dozens of DDG aliases that helped me break my dependence on gmail as my single email provider. Never tried Addy.

[–] carzian@lemmy.ml 13 points 5 months ago

I've been using Addy for years and it's been great. I believe I'm on the lite plan and have never (to my knowledge) hit any limits. Definitely recommend.

[–] pathief@lemmy.world 7 points 5 months ago

I don't know which provider is the best but I've been using Proton Pass and it's excellent. Proton Pass is a password manager but you can use it just to generate email aliases on the fly. The paid version has unlimited aliases and only costs 2 euros a month. I think it's a very nice value.

[–] RGB3x3@lemmy.world 7 points 5 months ago

I've been really enjoying the Proton suite of mail, drive, and VPN. Don't use proton pass because I have to log in to sites from locked-down systems too often, but the aliases tool in Proton Mail is great.

(Not a paid shill, I pay proton because I want to get away from Google)

[–] mox@lemmy.sdf.org 7 points 5 months ago* (last edited 5 months ago) (1 children)

Anyone using a forwarding/alias service might also want to search the web for "disposable" email domain blacklists, and petition the maintainers to remove the service you use from their lists.

These lists are often adopted by web developers, leading to many web sites rejecting forwarding addresses, or sometimes even accepting the addresses and then silently dropping messages while claiming to have sent them. As these lists become more common and widely used, forwarding services are becoming useless on more and more sites.

[–] lemmyvore@feddit.nl 0 points 5 months ago (1 children)

You can get your own domain and host email on a decent provider who offers a way to make aliases (and doesn't nickel and dime you for it).

[–] mox@lemmy.sdf.org 7 points 5 months ago (1 children)

You can, but that doesn't solve the privacy problem, since all the aliases on your custom domain correlate to the same person (or small group of people) and can therefore be used for tracking.

[–] refalo@programming.dev 2 points 5 months ago (1 children)

That small group of people gives you plausible deniability, there's no way to prove who it was. And the more you open it up for others to use, the more likely it wasn't you.

[–] rar@discuss.online 0 points 5 months ago (1 children)

It's all about risks vs benefits. You can open up your domain for more users, but that also can make you potentially liable for what other users do with your domain from law enforcement if something nasty happened.

[–] refalo@programming.dev 1 points 5 months ago

Potentially liable how? There are specific protections for service providers from third-party content in many countries, such as Section 230 in the US and Articles 12-14 in the EU.

[–] FirstCircle@lemmy.ml 4 points 5 months ago

I use the one that's built in to the Fastmail service. I have a custom domain just for aliases. The Fastmail alias-creation API is integrated with the Bitwarden app (which I use) so that makes creating new accounts (that use email addresses as usernames) on websites really easy. I also use Spamgourmet which is free, convenient, and has been around a very long time. No custom domains there, but they let you use a variety of their domains and they have some short ones which is nice, but I do find that they're blocked pretty often, mostly by major mailing list services.

[–] mahony@sh.itjust.works 1 points 5 months ago

I use 33mail.com, anyone using that? just the free option, never needed more than 10mb/month.