Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Firefox Privacy IT Technology

New Firefox Service Will Generate Unique Email Aliases To Enter In Online Forms (zdnet.com) 70

An anonymous reader writes: Browser maker Mozilla is working on a new service called Private Relay that generates unique aliases to hide a user's email address from advertisers and spam operators when filling in online forms. The service entered testing last month and is currently in a closed beta, with a public beta currently scheduled for later this year, ZDNet has learned. Private Relay will be available as a Firefox add-on that lets users generate a unique email address -- an email alias -- with one click. The user can then enter this email address in web forms to send contact requests, subscribe to newsletters, and register new accounts. "We will forward emails from the alias to your real inbox," Mozilla says on the Firefox Private Relay website. "If any alias starts to receive emails you don't want, you can disable it or delete it completely," the browser maker said.
This discussion has been archived. No new comments can be posted.

New Firefox Service Will Generate Unique Email Aliases To Enter In Online Forms

Comments Filter:
  • Sweet (Score:5, Interesting)

    by encrypted ( 614135 ) on Friday May 01, 2020 @10:27AM (#60011116) Homepage
    Nice, let's hope services don't ban the aliased emails though. I noticed this happen with the apple id email security.
    • Comment removed based on user account deletion
      • by pl3 ( 6811702 )
        Yay! More fake slashdot accounts registered under junk emails which get a starting score of 2 for their first posts! Yay!
    • Re:Sweet (Score:4, Interesting)

      by AmiMoJo ( 196126 ) on Friday May 01, 2020 @12:13PM (#60011578) Homepage Journal

      Would be nice if there was an open source implementation that you could run on your own domain. That would be far less likely to get banned.

      • I agree, I feel like something like this wouldn't be hard to do at all. I mean if you own your own SMTP server, you could literally just create an account for a purpose, use it until your done with it and get rid of it. I can't imagine it would be too hard to automate it with a simple UI either.

        • by amorsen ( 7485 )

          Many email servers support plus addressing. Mine does, as you can see above. If an address gets spam you know who is responsible. That saves a lot of trouble. Obviously that scheme can reasonably easily be ruined by smart spammers.

          • by EvilSS ( 557649 )

            Many email servers support plus addressing. Mine does, as you can see above. If an address gets spam you know who is responsible. That saves a lot of trouble. Obviously that scheme can reasonably easily be ruined by smart spammers.

            Yea but many websites don't support it. I've tried it in the past and about 50% of the time the form validation flags it as invalid (even though it obviously is valid).

            • by Tool Man ( 9826 )

              Many email servers support plus addressing. Mine does, as you can see above. If an address gets spam you know who is responsible. That saves a lot of trouble. Obviously that scheme can reasonably easily be ruined by smart spammers.

              Yea but many websites don't support it. I've tried it in the past and about 50% of the time the form validation flags it as invalid (even though it obviously is valid).

              It depends on the character used to separate the base and added parts of the email address.
              I found that many sites (improperly) reject the '+' character that Google uses, so I configured Postfix for my own domain to use the underscore.
              Nobody complains about name_spamsite@domain.

          • by mysidia ( 191772 )

            Obviously that scheme can reasonably easily be ruined by smart spammers.

            Maybe the scheme could still work no matter how smart the spammers are with some revisions.... if you use a suffix for ALL contacts, and if no suffix is given: Have that go to an auto-reply bot instead of a mailbox... a bot that only responds to messages that come from a sender passing DMARC alignment with SPF or DKIM.

            The bot has one purpose.... to provide a link for generating a suffix contactID for any person who wants t

            • by amorsen ( 7485 )

              Your ideas will certainly work.

              I cannot be absolutely sure, but I am more than 90% confident that no spammer has yet figured out my actual email address from the address listed here on Slashdot. The fancy proposals you have will only become necessary if spammers actually grow a brain.

              So far, most spammers believe my email address is slashdot@...

        • by AmiMoJo ( 196126 )

          You can just set to a domain that redirects all mail to your real account and block individual addresses as they get spammed, but it's a bit of work and when someone does a dictionary attack against it you are in trouble.

          Something like this that makes it as easy as a few clicks would be great.

        • I think it would be easy, to write a browser add-in that automatically creates a new adress on the fly at some provider, by filling in the mail account creation forms with random data and such, do the entire verification process, and merely ask you to enter a CAPTCHA or the like that can't be automated.

      • I've been doing this for a decade. The back-end of my mail server is SQL-based, and it has a table that maps aliases to actual accounts (even those not on my server).

        Postfix looks up any inbound address against that table to decide whether to accept it, then hands it of to the LMTP server, which delivers it to the real address.

        I've only occasionally thought of implementing a web page to allow remotely setting them up.

    • by hawguy ( 1600213 )

      Nice, let's hope services don't ban the aliased emails though. I noticed this happen with the apple id email security.

      There's a simple solution for that -- if a merchant doesn't accept your aliased email address, don't do business with that merchant. You're the one with the money, if they don't want to accept your money on your terms, don't give it to them.

      It's like if a brick and mortar merchant refused to do business with you if you don't provide your phone number (I'm looking at you, Radio Shack), if they won't accept your obviously fake number (I used 415-555-5555), then buy your batteries somewhere else.

      • There's a simple solution for that -- if a merchant doesn't accept your aliased email address, don't do business with that merchant. You're the one with the money, if they don't want to accept your money on your terms, don't give it to them.

        Just to give an opposite perspective: as a merchant who has persistent problems with a small number of customers whose email addresses don't work, sometimes because their ISPs insist on non-standard behaviours and treat anyone who doesn't comply with their pet wish list as junk or even drop the mail silently, please go ahead. I would be delighted if the tiny fraction of our customers who have broken email just went away, because they cause considerable stress and wasted time, sometimes even generating more

  • Spamgourmet (Score:5, Interesting)

    by lloydchristmas759 ( 1105487 ) on Friday May 01, 2020 @10:30AM (#60011132)
    Spamgourmet has existed for quite some time, and does the same thing.
    • Shhhhhhh..... the first rule of spamgourmet club is you on't talk about spam gourmet.

      It's one of the few services that are not blocked by people now.

      • by Kokuyo ( 549451 )

        It's blocked often enough, that's why I had them register one of my own subdomains. I my own subdomain and spamgourmet.com is now interchangable for my account.

        Well, actually for any account :D.

        • Anything that blocks based on fake email aliases is probably not worth doing business with, because the only reason to block is because they're an advertiser or make money from advertising (remember, advertisers are the enemy here, not the consumers).

  • Spamgourmet (Score:4, Interesting)

    by kila_m ( 548924 ) on Friday May 01, 2020 @10:32AM (#60011142) Homepage
    Ive been using Spamgourmet for this.. sadly Josh died recently. Many of the websites that want to abuse your email address ban the domains, so they'll have to figure away around that.
  • Do you mean to say that Chuck.U.Farley@EatMyShorts.com isn't unique enough?

    We will forward emails from the alias to your real inbox

    So really just an automated way of setting up a throw-away e-mail account. Except that Firefox still knows where to forward the e-mail. No thanks. When one of my temp accounts starts to pile up with crap, I just stop using it. There are probably a few Nigerian government ministers with millions of dollars just waiting for my response out there.

    The other good thing about throw-away accounts is that I can log on from time to time and

    • by Kjella ( 173770 )

      Well I don't really see this as a service for throwaway mail, more like compartmentalized mail. Like you actually want to read them in a timely manner and without logging into dozens of different accounts, but without giving each and every one of them the chance to sell your email to spammers and compromise your true inbox. Throwaway emails are more those "fire-and-forget" emails I use when somebody requires email activation, where I rarely or never need to check that inbox again.

    • I don't want throwaway addresses, I want fixed ones I can turn on and off. Eg I have an account with Ebay, and Ebay spew spam constantly. But I need to have my email address (unique to them) turned on while I am selling something, though I turn it off in between times. If I "threw away" an Ebay address after every time I sold something it would be a flaff to keep creating a new one for them, even if they allowed that (IDK).
  • by stabiesoft ( 733417 ) on Friday May 01, 2020 @10:35AM (#60011152) Homepage
    Can do this. I've done it for a few years now. Any new account I setup gets a new alias on my server. If they get too spammy, I just remove the alias. It is way more work though than this firefox feature though.
    • Same. With my own domain name, each website I buy from/register with gets a unique email address.

      So far, I've caught a major railway, MLB organization and 2 large ecommerce sites giving those email address to 3rd party marketers. Plus, a few smaller online stores.

      Sadly - while each got reported to the federal govn't anti-spam organizations, nothing has been done.
    • Same here but instead of maintaining an list of aliases or having to go create one before I use it, I use the address extension character. Typically + I changed mine to a -

      so me-subj@mydomain gets to me@mydomain but keeps the -subj part.

      Should I get too much spam then I create an actual address/alias for it that ends up delivering it to /dev/null

      • I do the same, just have a regex forwarding rule to two different inboxes (personal and 'accounts'): *-account(s)?@ lets me use -account@ emails. Sometimes confusing to the recipients when I give it to them and they don't understand domains ("Do you work for us?").

        It's occasionally revealed some interesting facts; for example, a few years ago my mouser-account@ email (Mouser [mouser.com]) got a deluge of spam - but no publicly disclosed data breach. Other offenders have been Amplitude Studios [amplitude-studios.com], Gamespy, and of course

  • Great feature (Score:5, Insightful)

    by Openstandards.net ( 614258 ) <slashdotNO@SPAMopenstandards.net> on Friday May 01, 2020 @10:36AM (#60011160) Homepage

    Been using that capability using a wildcard feature of PostFix for over 10 years. I can say it has been one of the best features of email I can imagine.

    To give an example, after there were fraudulent purchases on my credit card, I was able to identify the vendor that leaked it because the thief used an email address to sign up for a service with my credit card that I only gave to this vendor.

    I can also send specific email addresses to /dev/null that become spam targets without impacting incoming emails I care about.

    Very glad to see Firefox begin to open this type of capability to the public.

    • Same here, except about a decade and half ago I switched from sendmail+qmail to MSFT Exchange which also has had wildcards forever. After many years of using wildcard emails, I have a decent sized filter which silently discards a whole bunch of them. I also have some spam filters which filter based on both source and destination, for example any email which claims to be from amazon.com goes straight to Junk Mail unless it comes to the email which I only use with Amazon. Same for banks, etc.

      I will say one th

  • by AndyKron ( 937105 ) on Friday May 01, 2020 @10:42AM (#60011186)
    It's amazing how many popups accept fuckyou@fuckyou.com Some will then say "you're already subscribed"
  • The fight between anonymity versus identity is old and never-ending. This new service is a great idea no doubt, but it will definitely be taken as a provocation by those who already have to fight off spam.

    I'll stick to my old practise: when a site wants my e-mail address, but it doesn't offer me something of value in return, then I'm simply at the wrong site.

  • by dskoll ( 99328 ) on Friday May 01, 2020 @11:11AM (#60011318) Homepage

    Looks like the giants are discovering a feature I implemented almost 15 years ago [roaringpenguin.com] in Roaring Penguin's anti-spam solution.

  • by nospam007 ( 722110 ) * on Friday May 01, 2020 @11:27AM (#60011390)

    Just enter whatever@yopmail.com
    They also have dozens of aliases if that one is blocked.

    • by jimbo ( 1370 )

      There are hundreds of temp email services around. The point is to make it more convenient, which is always welcome IMHO.

    • I use mailinator.com. It also has countless aliases, but I found them hard to find nowadays.

      Also, there is bugmenot.com. Shared logins so you're not bugged by having to log in. With a browser extension so all you have to do is right click on the password field, and select "bugmenot".
      The only problem is that they are centralized and have been harassed by side owners previously, to block their site from the service. (Does anyone know an alternative? alternativeto.net only spits out Login2, which seems to be d

  • until it's blocked by all the mail harvesters that make such addresses useful in the first place.

  • This idea has some serious issues with it:

    1) Mozilla has to have an SMTP relay server running and if many people start using this service it might mean a lot of expenses. Also some email providers may refuse to allow SMPT relay in principle.

    2) Once Mozilla decides it's not worth it and kills the service you may find yourself locked out of many websites which either don't allow to change your email or require to verify your old email before changing it to a new one. Strangely Mozilla's own account system

    • by mysidia ( 191772 )

      Also some email providers may refuse to allow SMPT relay in principle.

      That criticism isn't valid / does not make sense. Email providers by their very nature have to accept SMTP connections from other MTAs relaying traffic to the destination domain's MX servers; that's how e-mail routing on the internet works.

      If the account is really important, then you should probably be giving them your real e-mail address rather than one relying upon a 3rd party relay service to reach you.

      That also provides higher

  • A Brief History of anon.penet.fi - The Legendary Anonymous Remailer [december.com]

    Written in September 1997.

    Short version:

    anon.penet.fi was an anonymous remailer from 1993-1996.

  • Sorry, this might seem off-topic at first, but...

    I've been arguing for years that we need new kind of service, along the lines of an identity provider. What I'm imagining is a single service that wraps together all of your account management in one service (SSO, email address management, account management), while not including in it any other service (e.g. storage, mailbox hosting). The main service that they would provide is to be a universal authenticator and account management system, so that I can p

    • All I hear is "single point of failue".

      If this should exist, it should be decentralized, with everyone's stuff residing solely on his system, and its core should not be a piece of software or a service, but a protocol.

      But I'm saying for years, that home servers (with a VPN to e.g. the phone and a fast uplink) should be standard and if necessary legally mandated.

    • Apple starts doing this with "Sign in with Apple" button but I don't trust Apple much more than Google or Facebook.
  • However, you can easily do the same thing with Postfix on your own mail server. The likelihood that someone will ban your own mail server's domain is slim to none. I use both + and _ as wildcard characters (setting up multiple wildcards in Postfix can be done, but it's tricky). GMail has + but there are way too many email address "validators" that reject valid addresses with + symbols in them. Underscores, on the other hand, are never rejected. So, myaccount_somewebsitecom@mydomain.com is an automatic
  • Amazing! No longer have to rely on CL for my email relaying needs :) :) :)

  • I guess this is also an easy way for Mozilla to link a person more tightly to any telemetry they gather.
  • Who is paying for all this and why? Out of the goodness of their hearts? Maybe I'm just too cynical.

  • I've been using $name+$uniqueID@gmail.com for ages.

    E.g. BAReFOOT+slashdot2020@gmail.com, it that was my real name.

    And everything received without such a tag, gets dumped in the spam folder by my mail client.

    • by Barnoid ( 263111 )

      What do you mean "like Google"?

      These wildcard addresses have existed long before Google and are supported by many MTAs. You can also place dots anywhere in the local address (part before the @) since dots are ignored (i.e., hello@abc.com = h.e.l.l.o@abc.com = h....e....l...l...o@abc.com).

      In fact, the mail address standard allows (almost) any character in the local part of an address (see the address specification in RFC 5322 [ietf.org], which finally resolves to atext [ietf.org]).

  • SimpleLogin.io does that already. And it's open-source, can be self-hosted, available on Chrome/Firefox and iOS/Android.
  • Look, I love Firefox, that's my preferred/primary/only(ish) browser.

    1. No, I'm not having all of my e-mails go through one company -- isn't that the whole entire point of this exercise? I don't want to trust that Mozilla isn't reading all of my e-mails. Might as well be google. Don't be evil, until it becomes profitable to do so.

    2. No, I'm not making it obvious to everyone that I'm doing it, or they'll just block it, obviously.

    3. No, add-ons are terrible in every way.

    4. No, because I can do it myself. A

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...