Suggestion: unique/masked email addresses

I was thinking that it would be great if unique/masked/temporary e-mail addresses could be offered as part of Librem One’s e-mail service in the future, something like spamgourmet or the masked e-mail facility of Blur

Earlier this week, I tried to log on to a hotel’s WiFi with both spamgourmet and Blur email addresses, and they were both rejected as non-genuine e-mail addresses. Obviously whoever provided the hotel with WiFi badly wanted the guests’ real e-mail addresses (I wonder why… :roll_eyes:). I don’t know if they were able to work out that the e-mail addresses were masked ones by some technical criteria, or if they maintain a list of domains to check against e-mail addresses and/or DNS MX records.

If I had registered with a primary e-mail address I doubt that I would have been given any realistic opportunity to opt out of tracking/data collection. A VPN would deal with tracking etc., but I would have had to divulge a primary e-mail address to get to that point first. :rage:

4 Likes

Yeah, I’m with you on this one. I was at a motel on the way from Buffalo NY to Boise ID and a motel on the way had a sketchy unencrypted WiFi and I had to use it because a Hotspot was only giving spotty 2G speed. The people running the motel were real dodgy about security when I complained about the irregulariites. I had my own VPN but if I tried using it they would stall my bandwidth.

+1

It would be great if Librem One offered ephemeral and/or trackable masked addresses.

I much prefer Blur’s approach (a masked e-mail address that is not related to your true address) because it looks like services could reverse engineer your primary address from a spamgourmet address.

2 Likes

My guess: Only if you are careless enough to choose a username that obviously relates to your true email address.

I note though that spamgourmet says

“spamgourmet is currently not accepting new users”.

One difficulty that I had with Blur is that there is zero explanation of what the service is or how it works unless you register. Spot the irony!! Maybe you need a throwaway spamgourmet address in order to register with Blur. :slight_smile:

Good question. Did you ever find out more?

My guess would be: Hard-coded list of known unacceptable domain names.

I’m not sure whether, either way, offering this via Librem One will solve the problem.

If they (“Hotel WiFi”) are hard-coding unacceptable domain names then when Librem One reaches critical mass, its domain name will be on the list.

If they are using technical means then it is an arms race between the mail service provider and the unacceptability detector, which would probably end in … being added to a list of unacceptable domain names.

There is a point where maintaining an ever growing blacklist or ever more complex algorithms becomes more effort than a whitelist which really messed with that arms race.

But the difference is that if we support Librem One and they implement it, then everyone will have an implementation. Once something becomes common practice, they can’t blacklist providers without consequences.

1 Like

Interesting to see some more responses to my original suggestion. Since I made it:

  • Spamgourmet has ceased accepting new users as @kieran said. I also found a note about this on a spamgourmet-related forum somewhere. At some point it will shut down completely.
  • A new service called Burner Mail has started up, although you need to go for the paid service to get more than 5 temporary addresses. The feature set for the paid service looks quite good.
  • I found yet another similar service: E4ward. I have no idea who is behind it: it looks less slick than Blur or Burner Mail, but seems to have all the essential functionality.

Burner Mail and E4ward let you use a domain of your own, which is quite a good feature IMHO. It gives you some peace of mind: if they close down, then you can quickly set all e-mails to your domain to be forwarded to you while you sort something else out.

The downside of using your own domain is that it could weaken the anti-tracking side of things. In theory, someone could work out that you are the only person using that domain, and then track you on just the domain instead of the whole e-mail address.

OTOH, the downside of not using your own domain is that sooner or later companies that want to do tracking based on e-mail address will spot that a huge number of their users are creating accounts from the same domain, and may take action to block it. I can understand someone like Dropbox doing this - every new e-mail address is a claim on resources that they offer for free. I think (but I’m not sure) that Ryanair has done something similar, and that puzzles me: I would have thought that they would put as few obstacles as possible in the way of me buying plane tickets from them. It hardly seems likely that tracking their users by e-mail address is worth more to them than selling cheap flights :face_with_raised_eyebrow: (you have to provide a lot of identifying info to travel by air anyway), but you never know. :wink:

I have found with Blur that very occasionally there is a glitch: for a period of a few hours some e-mails get to the temporary mailbox, but then disappear, and some don’t even show up in the temporary mailbox. It has been a while since this happened to me, but it is one of the things that made me start thinking that Librem could offer a similar service. It could be integrated with their e-mail service, rather than being a separate add-on. I reckon that that way it could be made easy to use and very reliable, and also offer the use of custom domains for people who want them.

1 Like