I host my own Simplelogin instance and generate a new address for every service. Combined with Bitwarden, I now have a unique address and password combination for each account.
this post was submitted on 20 Nov 2023
44 points (95.8% liked)
Privacy
31424 readers
941 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 4 years ago
MODERATORS
I.. did not know you could self host. Well that's neat.
I’m still not clear on the value proposition of simplelogin.
I seem to get the same thing with a domain and a catch all address.
How do you reply to emails to your catch-all?
Hit reply.
This is why I just moved from protonmail to Fastmail. With Fastmail I can send from arbitrary addresses using my domain. Why it’s not that simple with proton is beyond me and now that I’ve tested everything with Fastmail these past few weeks, I see it’s a choice.
I almost signed up for simplelogin but realized I was being sold something that should just be included. Plus setup was convoluted as fuck.
Meanwhile Fastmail is intuitive so far.
But in some cases you don’t want to use arbitrary addresses, but the exact same that was used to send you an e-mail. For me this is necessary and Simplelogin hides my real e-mail address. Additionally, I can with ease deactivate addresses and minimize spam by a lot.
I can reply from ANY address from my domain including the exact one that was used to send me an email.
I can “deactivate addresses” by sending messages to a particular address straight to trash with rules.
Edit: turns out Fastmail has a masked addresses feature built in, separate from a catch-all. It’s basically simplelogin built in, if you want to enable it. Proton is looking more and more overpriced.
And when those addresses wind up on mailing/spam lists and they're coming from multiple places, you're screwed. That's why email forwarders became a thing, catch-alls aren't new, but you lack the control most want with them.
Plus, Proton does support plus/+ addressing, which does the same thing as a catch-all. You know the email addy it came from.
If I were a professional spammer, the first thing I’d do to clean the address list I have is to strip out plus addresses. It’s a simple regex.
On how to filter, I can send any address straight to the trash apparently just like simplelogin. I’ll know who sold or leaked my info because it’s in Bitwarden and I can just search my vault to see who I handed that particular address to.
deleted
Which of those work for phone numbers (SMS validation)? Email is easy.
I'd never use a temp email when I'm paying, considering they have my CC info. For random accounts that I won't check the mail accounts of, temp is great. Not going to trust a company for this.
Those addresses are there until you delete them. What does them having your CC have to do with it? Better yet, why do they have a CC? Meaning a real one? Not a masked one? Fuck that!
Ah, you'd use Privacy.com? Decent idea I suppose.
Its (incredibly) rare for me to use a card online if it's not privacy. I also used them constantly in real life thanks to places that have apps that let you add CC's. My gym, Supermarket, Gas at Kroger, Car wash, etc.
Do you pay for the premium tier? I would like a decent credit score, and using my card for normal, everyday purchases doesn't bother me as much.
Edit: Well, technically, they have your data anyway. It's like using Paypal for everything. TBH I'm OK with the system as it is right now, but I'd like greater adoption for Monero so I can make purchases directly using that instead of converting it to fiat once again.
No, I joined before it all changed and the only difference was how many card a month you can make. Currently, I believe they push the real transaction info to your bank so they'll show normally on your bank statements, where mine just say privacy.com, as well as the browser addon and web app, which are are all now a paid feature.
That said though, the $10/mo is worth it for what you get in the end. My whole purchasing life would change without it.
If they are going to push the transaction to my bank anyway, I'm definitely not trying it. As I said, even PayPal will obscure the buyer's details from the seller. What's the point?
Only on the free plan, but verify that. Even if you did do it on the free plan it's still very much worth it. You still have the protection of different cards for different people, the fact they lock to who you use them with, the ability to set spending limits, burner cards that only work once, the ability to pause or delete cards at will etc. All of that is a huge win either way, even if the transaction info goes to the bank. But even then that's an option.
I would be OK doing that if they didn't link to my debit card in the free plan (last time I checked)
How would expect them to do it? I can't see how they wouldn't link to you card if you expect to spend money. Moneys got to come from somewhere. Auth tokens are the safest way of doing that, prior to them upgrading to that it was done through ACH, which is not only slow, it's much more dangerous for the user since they have actual checking acct info. Auth tokens don't work that way, and even if there was a breach, your checking acct info isn't there, only a token they can't use. The way they're doing it is the smartest way for both speed, and your acct safety.
They link to one's credit card in the premium plan. That's what I would have wanted to see becoming universal in their services, but unfortunately that's behind a paywall
Gotcha, so you mean actual (credit) as a funding source vs debit? Can you link that? I didn't see that in the comparison, I'd possibly consider that.
I can do that now with Capital One, but having that all together would be nice. Kinda surprising, I'd think those habitual wrongful charge back types would wreck that for everybody.
My apologies, I thought privacy.com supported credit cards, but apparently they don't, even in the premium tier. Indeed, I would like virtual cards for my credit card, since I'm never going to buy anything with my debit card anyway. I wish the other banks had something like Capital One
With gmail if you have an account like example@gmail.com you can then sign up for a website such as netflix with email example+netflix@gmail.com and gmail will forward it to example@gmail.com, but you'll still see the full address on the To line so you'll know where the mail came from. Anything after the + can be whatever you want. This lets you sign up with a different email address for every site you visit without having to create new addresses with gmail. You can also make a filter to hide spam if one of the addresses is compromised.
only works with very simple scripts though - I'd assume that checking for a '+' in front of the '@' and removing everything inbetween is very simple if your goal is to spam everyone from a data-leak
That's very true. I cannot attest to the knowledge and skills of potential spammers. However, more common than data leaks are data selling, and I doubt any company would bother to manipulate the email addresses they buy from others.
I feel like numbers are much more difficult, aren't they? There are limits to how many there are, and the generally cost money to register. How does generating a unique number per service per user work?