I should start by saying the techniques I present here will not only help you stay private when you register for webinars. You can also use them for signing up for newsletters and other online uses. They also have uses offline. With the National Stalking Helpline reporting a 10% increase in calls since March 2020 it is increasingly important to protect your privacy when you are out and about. You might be taking you car for a service, dropping clothes off for dry cleaning or registering with a new dentist and be asked for your email address. Anyone close to you will be able to take down the details you supply.
Instead of using your private email address in these situations, you can create masked emails. Giving a masked email address in these scenarios will have privacy benefits. I will mention how you should use a different email address for each service you register for. This will make it harder for a stalker to find your social media accounts and harass you or social engineer your contacts.
We have probably all signed up for a webinar or newsletter or some other service and then been sent a barrage of unwelcome follow-up emails. Even though you trust the company holding the seminar, they might be using a third party service for registration. Reputable companies will not do anything which you do not agree when you agreed to their Privacy Statement and Terms of Service. The issue is it is not practical to read through these documents and understand all of the nuances for every single webinar that you sign up for.
As an example, a well-known web hosting company has an upcoming webinar hosted with a popular video conferencing service. When you register for the webinar, you have to agree to the video conferencing service's Privacy Statement and Terms of Service. These documents are around 8,500 words combined (excluding any of the documents linked off). It may be perfectly inoccuous but still, I would prefer not to give them my email address as I do not how it will be used and whom it will be shared with. Instead I can create a masked email address and get rid of it if I start to receive unwelcome marketing.
Masked emails, also called burner emails, are used to protect your privacy. You can use them once or maintain them for an extended period. Essentially you use them to create an alias so you do not have to give your personal email to companies. We will go into a little more detail on this right now.
There are a few services, which we will look at below, which let you create masked emails. You can also create aliases on your own email server, if you have one. With the services, you create new email addresses. You use one of the new addresses for the webinar sign up form. Now when the host wants to contact you, they send an email to that alias address. The service provider then forwards any emails for you to your personal email address. This way the host can contact you without having your personal email address. You leverage the benefit here by creating a separate email address for each webinar host you sign up with. You should use this principle when you create social media accounts too. That way it is much harder for anyone to track you between services. Any compromised email addresses can be deleted and you still get to keep your personal email address.
Stalkers can use Open Source Intelligence (OSINT) to piece together information about you made available by social networks. Using this publicly available, personal data they can then stalk, harass and carry out doxxing attacks on you. By using a different e-mail address for each network and also masked emails when signing up for online webinars you can complicate this activity. This reduces you attack surface.
Another trend I have seen is having to create an account to signup for a webinar. Whether you have to create an account or not, you might consider making up an email address. The issue here is that you will not get emailed the webinar joining link or reminders so you don't forget to join!
The easiest way to set up masked emails, is probably to use your own email server. This way you have a much higher limit on the number of accounts you can create. Essentially you are limited by the number of accounts you are willing to maintain. Not to worry if you do not have your own email domain and server. There are some great services out there.
- No hard limit on the number of aliases you can create.
- You need your own domain and email server.
simplelogin.io is a service for creating masked emails. It is open-source and has a free plan. With the free plan, you can create 15 email alisaes. There are also iOS and Android Apps. The AppPrivacy box on the iOS store states that the developers do not collect data from the app. Secure login via a physical U2F/FIDO key is also available on the free tier. The premium tier adds PGP encryption and unlimited aliases.
- Open source,
- generous free plan with 15 aliases,
- secure two factor login with U2F/FIDO hardware token support,
- iOS app which does not track you, Android app also available.
- You need to pay to get more aliases.
Blur is a service provided by Abine . As well as email aliases, you can create masked cards and phone numbers (many people use these in dating apps to keep their phone number private). There is some data linked to you collected by the app . It might be necessary for fraud prevention, since the app provides masked credit cards. If you just want the credit cards, Privacy.com is another option.
- 10 free aliases,
- generate phone alias phone numbers and credit card details too.
- Some data collected in app (possibly required for compliance reasons).
MySudo is another privacy service . It has similar functionality Blur.
- 3 free aliases,
- easy to create new identities each with email and phone number,
- virtual card included in paid plan identities,
- some data collected in app (possibly required for compliance reasons),
- paid plan capped at 9 aliases.
Proton is a secure and private email service created by particle physicists who worked at CERN. You can create aliases on paid tiers. You can have catch-all emails if you have your own domain. With a catch-all email you can enter a randomly generated email address in a sign up form, without having an account matching that exact address. You will still be able to receive email for the account. Although there is a free tier, to get features important for extra privacy you will need the Plus or Professional account. Proton Email is a fantastic, open-source service for increasing security with end-to-end encryption. If your main focus is privacy, from a pricing view, the other options might be better suited to you.
- Open source,
- Paid tiers offer more privacy boosting options than the free tier.
- Create a new masked email (using your own email server, simplelogin or another service mentioned above).
- Fill out this masked email in the registration form. As a privacy bonus you might consider using a pseudonym instead of your actual name
- Remember to create a new and hard to guess password if you have to create an account to register for the webinar. Use an open-source, security audited password manager like Bitwarden to store the password. You can also use the password manager to save your alias, Job Title, Company and other details filled out in the form. Finally, set up multi-factor authorisation (MFA) whenever this option is available.
- Once the webinar is over you can either delete the alias or keep it to use for other webinars with the same host.
There are a variety of uses for these approaches. You might use them as described for maintaining your privacy when signing up for services. I don't think many would argue that this is not a socially acceptable use case. You might also consider using the emails to get extended, free access to Netflix or other services offering a free trial. Here the social acceptance is less likely! If the provider is providing a decent service many people would argue that you really should support them by paying for it once the trial is over.
Going back to the privacy case. Consider a small startup hosting a webinar which you find useful. If you burn the signup email address after the webinar for privacy reasons, you should consider tracking them on social media. That way you can stay on top of new ways you can support them. I would imagine they rely on those webinar subscription emails, to a certain extent, to get support from their audience.
I really do hope you have you found this post interesting as well as useful. Let me know if there are other similar services you know of which I can include in updates. Do you host webinars yourself? What are your thoughts on using these methods? Would they have a serious impact on your viability? Also get in touch if you want to see other posts in this area. If you have found this post useful and can afford even a small contribution, please consider supporting me through Buy me a Coffee.
Finally, feel free to share the post on your social media accounts for all your followers who might find it useful. You can get in touch via @askRodney on Twitter and also askRodney on Telegram . Also, see further ways to get in touch with Rodney Lab. We post regularly on OpenBSD-centric content and security as well as online privacy. Also subscribe to the newsletter to keep up-to-date with our latest going ons.