I like to try websites out before tying my identity to them. How do you do it? Simplelogin? I honestly won’t manually make a new gmail for every new website I try and I to want the option to see what emails I get.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
With gmail if you have an account like example@gmail.com you can then sign up for a website such as netflix with email example+netflix@gmail.com and gmail will forward it to example@gmail.com, but you’ll still see the full address on the To line so you’ll know where the mail came from. Anything after the + can be whatever you want. This lets you sign up with a different email address for every site you visit without having to create new addresses with gmail. You can also make a filter to hide spam if one of the addresses is compromised.
only works with very simple scripts though - I’d assume that checking for a ‘+’ in front of the ‘@’ and removing everything inbetween is very simple if your goal is to spam everyone from a data-leak
That’s very true. I cannot attest to the knowledge and skills of potential spammers. However, more common than data leaks are data selling, and I doubt any company would bother to manipulate the email addresses they buy from others.
I feel like numbers are much more difficult, aren’t they? There are limits to how many there are, and the generally cost money to register. How does generating a unique number per service per user work?
I host my own Simplelogin instance and generate a new address for every service. Combined with Bitwarden, I now have a unique address and password combination for each account.
I’m still not clear on the value proposition of simplelogin.
I seem to get the same thing with a domain and a catch all address.
How do you reply to emails to your catch-all?
Hit reply.
This is why I just moved from protonmail to Fastmail. With Fastmail I can send from arbitrary addresses using my domain. Why it’s not that simple with proton is beyond me and now that I’ve tested everything with Fastmail these past few weeks, I see it’s a choice.
I almost signed up for simplelogin but realized I was being sold something that should just be included. Plus setup was convoluted as fuck.
Meanwhile Fastmail is intuitive so far.
And when those addresses wind up on mailing/spam lists and they’re coming from multiple places, you’re screwed. That’s why email forwarders became a thing, catch-alls aren’t new, but you lack the control most want with them.
Plus, Proton does support plus/+ addressing, which does the same thing as a catch-all. You know the email addy it came from.
If I were a professional spammer, the first thing I’d do to clean the address list I have is to strip out plus addresses. It’s a simple regex.
On how to filter, I can send any address straight to the trash apparently just like simplelogin. I’ll know who sold or leaked my info because it’s in Bitwarden and I can just search my vault to see who I handed that particular address to.
But in some cases you don’t want to use arbitrary addresses, but the exact same that was used to send you an e-mail. For me this is necessary and Simplelogin hides my real e-mail address. Additionally, I can with ease deactivate addresses and minimize spam by a lot.
I can reply from ANY address from my domain including the exact one that was used to send me an email.
I can “deactivate addresses” by sending messages to a particular address straight to trash with rules.
Edit: turns out Fastmail has a masked addresses feature built in, separate from a catch-all. It’s basically simplelogin built in, if you want to enable it. Proton is looking more and more overpriced.
I… did not know you could self host. Well that’s neat.
I use Ironvest (formerly Blur), unlimited random email aliases. AnonAddy (now addy.io) and DuckDuckGo offer similar solutions. Ironvest is closed source, AnonAddy has open source clients.
Regardless, you do need to establish some level of trust, as any service that receives or forwards email gets a look at it. The services I mentioned above all have some established rapport, and need to maintain that in order to be commercially viable.
Which of those work for phone numbers (SMS validation)? Email is easy.