this post was submitted on 30 Aug 2023
30 points (96.9% liked)

Privacy

31954 readers
564 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I've been trying out Firefox Relay for a couple of months, and I really like the idea of hiding my real email address. The only thing putting me off from this concept is the fact that it makes my experience significantly worse, as it's now harder to quickly understand where the email comes from.

A simple example: if I give my real email address to an online shop, I will receive a confirmation email with

From: Online Shop

Which is trivial to read.

If I give a generated Relay address, then the emails will come as

From: "noreply@onlineshop.com [via Relay]"

Which is much harder to parse off a quick glance, especially on smaller screens like a smartwatch.

When receiving emails, I don't really care if they were forwarded via Relay, and I would much rather see the original sender in the From field. Is this necessary for proper privacy, or just an issue specific to Firefox Relay? And if so, is there any other email masking platform that supports what I'm looking for?

top 18 comments
sorted by: hot top controversial new old
[–] SpyDallyCandour@programming.dev 6 points 1 year ago (2 children)

Worth giving SimpleLogin.io a look. It has customizable display options for this. (not affiliated, just enjoy using it)

[–] scorchingheat@lemmy.world 1 points 1 year ago

I've heard of them before, good to know they support this. I'll check out their plans, thanks!

[–] Atemu@lemmy.ml 1 points 1 year ago

Emails received via SimpleLogin in Protonmail have the original From: in the headers though:

From: Stack Overflow 
To: stackoverflow.redacted@aleeas.com

The setting you mentioned is only used for these headers:

X-Pm-Original-From: "Stack Overflow - do-not-reply(a)stackoverflow.email" 
Reply-To: "Stack Overflow - do-not-reply(a)stackoverflow.email" 

which affects what it says in the subject line when you reply:

[–] jet@hackertalks.com 5 points 1 year ago (4 children)

I HIGHLY recommend using custom domains and a email catch all instead of relay services.

Example Online Shop sends email to OnlineShopName@email.mydomain.com

Now in your email client you can filter by the To: line for OnlineShopName@email.mydomain.com and see everything

If you use a service like fastmail that supports dynamic from addresses, when you reply to one of this catch all emails your client's from address will be set to the address you used.

[–] lustrum@sh.itjust.works 3 points 1 year ago (1 children)

Damn I wish Proton did that! I have to create and delete aliases on the fly on the rare occasion I need them.

But yes I love the custom domain catch all option. Stuff like adding prefixes to do filtering. bills, shopping, newsletters. Then allows easy and automatic filtering to folders.

[–] Cralder@feddit.nu 2 points 1 year ago* (last edited 1 year ago) (1 children)

Proton does offer this with simplelogin right? (Unless I misunderstand what you mean) I always sign up to stuff as website@myalias.mydomain.com where the alias and domain are chosen once and then all adresses to that domain forward to your proton inbox.

[–] lustrum@sh.itjust.works 1 points 1 year ago

Yeah it does. But I don't use simple login.

[–] scorchingheat@lemmy.world 2 points 1 year ago (2 children)

Thanks for the recommendation! Unfortunately this approach doesn't really work for me since my domain includes my real name, I'm also relying on email masking for some degree of anonymity.

[–] jet@hackertalks.com 1 points 1 year ago

You can always get a new domain with one of those monero domain resellers.

Email relay is more like bathroom door lock privacy, it prevents someone from trivially knowing your email, but your identity is discoverable (court order to relay service, ip logs, payment info).

If that fits your use case, great!

[–] BitSound@lemmy.world 1 points 1 year ago

Use Fastmail, and you can have masked email addresses that come in like regular email. You can look at the "To:" line to tell where the email was sent to, but the title remains the same.

[–] Atemu@lemmy.ml 2 points 1 year ago (1 children)

Custom domains and aliasing services have two slightly different purposes as aliasing services can serve to mask your identity aswell.

A custom domain still enables tracking across accounts.

[–] jet@hackertalks.com 1 points 1 year ago (1 children)

It would require a human to do that linking. Nobody knows how many people have emails at your domain.

You could use a anonymous domain hosting service to register the domain as well.

[–] Atemu@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

It would require a human to do that linking. Nobody knows how many people have emails at your domain.

Advancements in data science in the past 2 decades have shown the opposite.

You could use a anonymous domain hosting service to register the domain as well.

The problem is not the paper trail between domain and you but the domain being a proxy for you, the person. Let's take an example: You register the totally anonymous domain algk3oii01aslf0.com. Super duper secure and anonymous, right?
Now you use a catch-all to register your accounts using servicename@algk3oii01aslf0.com on facebook, Google, M$, Reddit and what have you.

Do you see the problem here? If those services were to collaborate (indirectly, they do on a certain level), that'd enable them to identify you as a single entity across these services. Your activity is tracked and attributed to a certain identifier. Whether that identifier is your real name or just a random UUID is of little relevance; it's still you being tracked.

For the services I listed, this discussion is probably redundant as they have thousands of other means to fingerprinting you but you don't have to make it easy for them either.

[–] Klystron@sh.itjust.works 2 points 1 year ago

+1 for fastmail. Been using it for over a year now with my custom domain, very happy. Synced with 1password so it can autogen masked emails.

[–] VonReposti@feddit.dk 3 points 1 year ago (1 children)

Addy.io shows it as "Company 'noreply at company.com' "

So it is possible to more transparent. Of course when I click on it to show the actual email it shows something like "alias+noreply=company.com@mydomain.com" as that's the relay mail which replies actually get sent to.

[–] scorchingheat@lemmy.world 1 points 1 year ago (1 children)

I was aware of SimpleLogin but I hadn't heard of this service before, thanks for the tip! I'll try to check them out and come back with a comparison.

[–] VonReposti@feddit.dk 3 points 1 year ago

They recently changed their name from AnonAddy which might be a reason you haven't heard of them. I've been very happy with their service for a long time now.

[–] 000999@lemmy.dbzer0.com 2 points 1 year ago

Have you tried using aliases? I have ones set up for all my different accounts that get filed into specific folders