Email aliasing is one of the most underrated privacy techniques that has yet to go mainstream. For the privacy-conscious user, it offers a degree of separation between all your accounts, making it harder for data brokers to correlate your various accounts across different services by not using the same email address to sign up. For security, the same technique can also help defeat credential stuffing while obscuring your true email address, which is the central hub where all your identities can be managed (and the email address itself is literally half of the login information a would-be attacker would need to attempt to login). Your inbox is a critical thing to protect since a breach can offer information about additional accounts you have (via the emails already sitting in your inbox like updates, notifications, sign-in verifications, etc) as well as allowing an attacker to simply hit “reset password” on websites where you already have an account and thus take them over. As for mainstream users, the biggest advantage is probably the ability to manage spam more effectively – particularly from companies who refuse to respect opt-out links – from a single inbox, rather than having one inbox for professional use, then logging out and back into another for online shopping, then another for personal or newsletters, and so forth or simply having to give up and hope the spam filters don’t falsely flag anything important (or let junk though). Email aliasing makes effectively managing and controlling your inbox incredibly easy. With that in mind, this week, let’s examine some popular email aliasing services that the privacy community has to offer.

  • mox@lemmy.sdf.org
    link
    fedilink
    arrow-up
    7
    ·
    7 months ago

    You can, but that doesn’t solve the privacy problem, since all the aliases on your custom domain correlate to the same person (or small group of people) and can therefore be used for tracking.

    • refalo@programming.dev
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      That small group of people gives you plausible deniability, there’s no way to prove who it was. And the more you open it up for others to use, the more likely it wasn’t you.

      • rar
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        7 months ago

        It’s all about risks vs benefits. You can open up your domain for more users, but that also can make you potentially liable for what other users do with your domain from law enforcement if something nasty happened.

        • refalo@programming.dev
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          Potentially liable how? There are specific protections for service providers from third-party content in many countries, such as Section 230 in the US and Articles 12-14 in the EU.