Getting hired can take weeks or months for the average job seeker. That is a lot of organizations that have your detailed information stored somewhere, under who knows what kind of conditions, for who knows how long. Furthermore, the prevalence of data breaches and ransomware attacks means you are exposing your personal information to a significant risk when you look for a job.

The never-ending cat and mouse game where we are constantly trying to protect our right to privacy against creepy corporate marketers watching everything we do on our devices, tech companies have developed a stalking tool called “browser fingerprinting.”.

What is browser fingerprinting?

Web fingerprinting uses JavaScript code on a web page or location to analyze your browser settings, computer, and other hardware specs, such as fonts, monitor screen resolution, which OS you use (and what version), extension settings, the type of graphics card you have, and other hardware configurations.

The point of browser fingerprinting is to enable the tracking company (data controller) to identify unique individuals among a sea of Internet users so that they can be tracked, a behavioral profile can be created, and then targeted advertising can be served to them.

In this way, a site can track your browsing habits without relying on cookies, which we are all now aware of and have learned to block and delete.

However, fingerprinting can be used to recreate tracking cookies that you have already deleted.

Let me repeat that.

In spite of your knowledge and consent, corporate trackers are not only peering into your machine to see its configuration and characteristics, but they are also re-creating trackers that you have deleted.

And this doesn’t just apply to the sites you visit directly. The pervasive inclusion of remote resources, like fonts, analytics scripts, or social media widgets on websites means that the third parties behind them can track your browsing habits across the web, rather than just on their own websites. – source

Browser Fingerprinting for fraud prevention

It’s not all bad. Browser fingerprinting is used to help detect fraud, unauthorized log ins say to your bank account, and even dating apps.  I personally have no problem with its use for security purposes. The issue is that everyone is using it and most aren’t using it for your security, they’re using it to track you and your specific characteristics to profit from your data.

There are no rules, industry ethics, or legislative oversight whatsoever.

What can browser fingerprinting detect?

The totality of data that browser fingerprinting can siphon from you specifically is an effective tool in building your individual profile.

  • Your user agent header info
  • your Accept header
  • your Connection header
  • you’re Encoding header
  • your Language header
  • your list of plugins
  • your platform
  • your cookie preferences (allowed or not)
  • your Do Not Track preferences (yes, no or not communicated)
  • your time zone
  • your screen resolution and its color depth
  • your use of local storage
  • your use of session storage
  • your pictures rendered with the HTML Canvas element
  • your pictures rendered with WebGL
  • your use of ad blockers
  • your operating system and version
  • last key pressed
  • which browser you are using
  • which add-ons you have installed
  • your installed fonts
  • your microphones
  • your webcams
  • what kind of graphics card you have installed
  • your CPU and # of cores
  • how much RAM you have
  • Battery level
  • Bluetooth status
  • accelerometer info
  • …and more.

See your browser fingerprint

The following sites allow you to see your browser fingerprint:

Arguments against mitigation

There are some privacy “experts” and enthusiasts that say attempting to mitigate browser fingerprinting with add-ons and tools just makes you stand out more and create an even more unique profile.

I disagree with this position for 2 reasons.

  1. Stand out to whom? Whom are we afraid of, so much so that we should be scared to use the tools and resources that we want on our own devices as we see fit? And what are we afraid of? That they’re going to track us more?
  2. Given the specific data browser fingerprinting captures, doing nothing is already a unique fingerprint. I mean, how many people with your IP address use the same version of the same browser, and are on the same devices that use the exact same OS, CPU, GPU, RAM, and Fonts?
    Yes, many people across the internet may have that exact same configuration, but this isn’t about averages and weeding through them to find the one that matches you. We are way past that now.They are spying on you through a direct connection to your device, and gathering data specifically to you and your hardware. No matter what consumer level tools you use, unless you’ve created them yourself just for your own usage, you’re not the only one on the planet who is using them.

Arguments for mitigation

In my opinion, you should use whatever tools at your disposal to limit data collection against you without fear that something will anger the data gods and make you even more of a target. We haven’t been able to hide among the crowd for at least five years.

The more of us who make it harder and harder to siphon our data, the more the cat and mouse game continues, the more I can make my data fuzzy, incorrect, uncertain…the more data collectors will have to spend in time and money to keep trying to thwart our efforts to keep their noses out of our private actions and business.

Nothing about all of this is perfect, and we can’t get this right without significant legislation that provides some oversight and protections, or at least limits who can observe and control our activities. Until then, I will do what I want with my device. Isn’t that the point of privacy and freedom in the first place?

What can you do about it?

I do not like reinventing the wheel. Many have done good work on this issue and explaining pros and cons of some “solutions”.

Before I do that, I’ll just tell you what I use and how I use it.

Firefox

I use multiple browsers for various things, or just to mix it up now and then. But I like that Firefox has some privacy features and controls out of the box and can be tweaked and customized to harden it even further.

https://www.mozilla.org/en-US/firefox/new/

Firefox’s add-ons that I use (some may be redundant) to address fingerprinting, cookies, tracking, and social networks.

  • Firefox Containers. Containers allow me to put visited sites inside a barrier that prevents that website’s cookies from seeing other cookies and information about my browser or device other than what’s inside its own container. By default, Firefox puts Facebook in a container.
     https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/
  • Privacy Badger (from EFF) “Privacy Badger is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser.”
     https://privacybadger.org/#What-is-Privacy-Badger
  • HTTPS everywhere (from EFF): This is more about general security than it is browser fingerprinting.
    “HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure.” In short, it forces every website you visit to use its “HTTPS” secure version and warns you when you’re visiting a non-secure website.
     https://www.eff.org/https-everywhere
  • Disable JavaScript. Since browser fingerprinting relies on its use of JavaScript, simply disabling JavaScript from running has a significant effect on trackers that use it.I suggest running your own experiment by installing just this extension on your Firefox browser and see the difference in what the browser fingerprinting tools above can and cannot see when you toggle JS off and on.
    https://addons.mozilla.org/en-US/firefox/addon/disable-javascript/
  • Use a VPN. I will discuss this more later, but if you already have or use a VPN service, you definitely want to use it when you want to throw a misdirect at the websites you visit.

I use other tools such as a Pi-hole, my own VPN and use different operating systems mostly because I just generally like tech and trying different things. Having some variety in how you use your devices, and the internet can make it more difficult to get a clear read on your exact details.

Even if you’ve read this far you may not care about any of this. If you’re using work devices on work networks, whether they’re tracked and fingerprinted may not directly affect you.

If it’s your own fingerprint and it angers you that random websites are peeking at your hardware configurations, you may want to mitigate that.

Below are some guides and solutions put together by privacy organizations that have done a deep dive into possible solutions including using advanced Firefox settings.

More guides, solutions and options

There are no doubt more options and solutions available to you, but this is enough to get you started in the right direction.

In previous articles, I talk about creating pseudonyms online to keep your real information out of non-official databases. When you’re developing your pseudonyms, sometimes any made up address is good enough. I mean, does that company really need my home address just to allow me to download their white paper? They absolutely do not. Today, let’s talk about some privacy tips for shopping online.

For those times when any address will do, use (what I call) the “Law and Order” method. Watch enough of the TV show “Law and Order” and you’ve undoubtedly seen an episode where the “perp’s” address on file is a vacant lot, abandoned building, or in the middle of the East River.

Do that. I mean, who are you going to get in trouble with? The company offering the white paper? What are they going to do, go to the police and complain that you didn’t give them your home address in order to be able to read their branded, aggrandizing, promotional PDF? Yeah. Sure. Find that statute on the books for me.

You can also use non-familiar public addresses such as a public library, post office, public park, the Washington monument, or some obscure roadside attraction in Iowa. Or just make one up. Google Maps makes it easy to find the location and address of every place on the planet, in turn making it easy to give out a real address that is located anywhere.

When you need a physical address

There are times when you must use a real address. Shopping online and other mail won’t get to you if you tell Amazon that you live in the middle of the Ohio River. Also, official profiles such as work, insurance, the DMV and so on require accurate, truthful information, and in many cases it’s illegal to do otherwise.

Unfortunately every option here isn’t free, and it sucks that we sometimes have to pay for privacy, but in this instance addresses have never been private.

You’ve probably heard me repeat that almost every data breach includes addresses. Of course, that would be the addresses they have on file for you.

As for your mail and packages, there’s also another problem. Theft. According to C+R Research 44% of Americans have some kind of package delivered weekly. 36% of Americans have had a package stolen at least once. 56% know someone who has had a package stolen. 54% of those surveyed said they have some type of worry or fear about buying a product online that will be delivered to their home due to the potential of it being stolen. There is a better way.

We know how to protect ourselves when purchasing online, so how do we get our stuff without giving our real address away or risking package theft?

Get a P.O. Box

The time tested solution is a Post Office box. A PO box allows you to send and receive mail from its address rather than your home address. A letter sized PO box will run you around $99 (more or less) a year at either your local post office location, or any number of UPS stores who offer PO boxes. You don’t necessarily need to get a large box for packages as most will still hold them for you as long as you don’t make it a habit of leaving them there for long periods of time.

Pro: Some states will even allow you to use your P.O. Box as the address on your driver’s license.

Con: Many financial services, insurance, or other accounts won’t let you use a P.O. Box as your address. The workaround for this may be to find a mailbox place where the box addresses are listed as “suites” instead of “P.O. Box”.   Another trick get around this restriction by using the address of the post office, and then your box number as if it’s an apartment or unit in the building. T’s not 100%, but it works more times than not.

To find the closet UPS store that offers PO boxes: https://www.theupsstore.com/mailboxes

To find the closet U.S. Postal Service location who offers PO boxes: https://www.usps.com/manage/po-boxes.htm

There are also many independent mailbox type stores all over the world.

Amazon Locker Delivery

If you shop from Amazon, you don’t have to give them your address to receive your packages. Amazon locker delivery has thousands of locations across the country and around the world that allow you to pick up your package from one of their lock boxes. They can also be used for returns as well.

They’re usually located inside or outside a major store or community area, and are self-service. To use delivery lockers instead of your address, you simply choose the option at checkout, and pick the location of your choice. When your package has been delivered you’ll get a code delivered by text/SMS message, go to your locker location, and get your stuff.

For extra a privacy (or anonymity) Amazon also sells and accepts gift cards. You’ll likely find them in the store at the same kiosk as all the other gift cards. Get yourself a gift card (pay with cash), make your order from a device that’s not yours, on an internet network that is not your home, choose lockbox delivery at check out… I’m sure you see where I’m headed here.

Some restrictions do apply, such as size and weight of the package, and you can find them here: https://www.amazon.com/gp/help/customer/display.html?nodeId=201910770

To check if there’s an Amazon locker near you: Amazon Locker Hub

UPS store locations and lockers

UPS also has delivery lockers, and you can request that your UPS deliveries be taken to a UPS store location closest to you. This is not a privacy option since to my knowledge there is no way to request this at check out, you have call and intercept the package when it’s first being processed and request it be directed to one of the locations. But I thought it important to mention if package theft has been an issue for you.

General Delivery

This may come as a surprise, but people didn’t always have mail boxes on their homes, and the post office doesn’t go door to door in every town. The U.S. Postal Service has long offered General Delivery services that lets anyone with ID have mail addressed to their local post office for pickup. The service is typically for anyone without a permanent address, or who needs a temporary mailing address, but it’s open to all.

I’ve used this service years ago when I’d moved to another city. All I had to do was go to my local post office, tell them I was interested in General Delivery for a short time, show them my ID, and that was it. I think I used it for 6 months, checking in every 90 days to let them know I still needed the service. It was actually pretty awesome since the Post Office was in walking distance at the time. God Bless the U.S. Postal Service. More info about signing up for general delivery here: https://faq.usps.com/s/article/What-is-General-Delivery

Simply use someone else’s address

This is more of an option for shopping online and any other non-official deliveries. Most e-commerce sites will let you send your order anywhere, or have a gift option that you can choose which will prompt you to put in the address of where you want the “gift sent”. It’s cheap, it’s crass, but you know what? It works. You still get your stuff without having to give up your home address.

I never use my home address unless I absolutely have to. Even when dealing with companies who currently have great track records for keeping company data secure, nothing is foolproof or un-hackable. Once the information has been stolen, you can’t get it back.

Trust is a crucial factor when shopping online. In order to make a purchase, you must provide accurate information (billing address) and a mailing address for delivery. It’s a lot of information to leave on someone’s server for eternity. Moreover, you have to be confident that the company (and those who are sharing that information) have the knowledge and resources to keep it all safe. The reality of the situation tells us that nothing is invulnerable.

Not a day goes by without some company reporting a data breach of  their customer’s data. Most often, the lost data consists of names, addresses, phone numbers, emails, date of birth, and credit card information. In almost every case, the data breach happened weeks or even months before the company informed you, far too late for you to do anything. Essentially, we cross our fingers and hope for the best when we shop online.

If this happens to you, you’ll likely get $8.52 worth of free credit monitoring for a year, backed by a company that’s already lost your information in the past (Equifax). YAY!
I’m sorry, but that’s not good enough. We need to start protecting ourselves against constant data malpractice and mismanagement.

Disclaimer: Companies providing financial services adhere to U.S. and international banking laws and require truthful information. In order to open an account with them. DO NOT attempt to create an account with ANY financial services company using A pseudonym. It is likely that you will not pass the verification process if you have had previous issues with banking, have been on check systems, or have defrauded a financial institution. In such a case, scroll down to Gift Cards.

Privacy cards

A virtual credit card provides an extra layer of security for online transactions. It is essentially giving one company your credit card information, however I believe it is preferable to trusting dozens of companies to keep your information forever. When you search “virtual credit cards” you will find a number of options, but I prefer Privacy.com.

You can create virtual cards on Privacy.com that can be used for one-time purchases, or cards with monthly spending limits. With its browser add-ons, you can create cards on the fly, close them when you’re done with them, or set them to expire after a single purchase. Privacy cards are wonderful because they will work with whatever billing address you give the merchant, so that you don’t even have to give them that (we’ll cover how you get a package later). A verified US checking account is required to use Privacy.com, or you can attach a debit or credit card. Privacy.com is PCI-DSS compliant.

https://privacy.com/

Capitol One Eno

If you’re a Capitol One credit card customer they offer a similar service to Privacy.com called Eno. Like Privacy.com Eno allows you to create virtual card numbers to use online, lets you lock or delete cards on the fly, and with the browser extension lets you create new cards right from any check out page, and has many of the same features as Privacy.com. Eno works with U.S. Capitol One credit card customers only. Capital One is FDIC insured.

https://www.capitalone.com/applications/eno/virtualnumbers

PayPal

PayPal is the original e-commerce payment company designed to provide a layer of protection between you and an online merchant. PayPal works a little differently in that you connect your bank account or credit card to your account, and when checking out online you choose the PayPal option. They also offer a variety of other financial services including business accounts, and a debit card for your account. I’ve been a PayPal customer for years and have always been happy with the service. Back in the day when I was just starting out as a freelancer I lived out of my PayPal account.

Pro Tip: Although PayPal does request that you link a bank account or credit card to benefit from all the features, it is possible to have a PayPal account without it and still use it to make purchases, send money to family and friends, receive money, and request a debit card on the account that allows you to spend money from it.

You will still have to fund the account if you want to spend money through it. One way that still works is to just invoice yourself at a different email address. You will be connected as a customer or contact in your PayPal account, but not connected as a source of funding.

Creating a PayPal account is pretty easy, and you generally only need to have not screwed PayPal to qualify. PayPal is not FDIC insured, but uses FDIC insured banks to hold your funds.

https://www.paypal.com/us/home

Gift Cards

By far the easiest and closest thing to e-commerce anonymity is the gift card. Gift cards spend like cash pretty much everywhere. Stores, restaurants, bars, and online. Some even let you withdraw cash from ATMs. They are great for one time purchases, not so much for subscription services but results vary. I’ve paid for a VPN service with a gift card in the past, and they charged it every month until it ran out of money. I keep at least one gift card around for those times when I don’t want to use any of the options above.

To be clear I’m not talking about reloadable debit cards which require adherence to U.S. banking laws, gift cards are purchased in already set amounts and when you’ve exhausted the funds on them, they’re dead.

Visa, MC, and Amex gift cards generally come in $25, $50, and $100 denominations, and you can find them at pretty much any drug store or retailer, usually where the dozens of other TGI Friday’s, XBOX, and iTunes gift cards are.

If you do purchase store/company specific gift cards they can only be used at that store. This can also come in handy when using services such as Uber, which, in my opinion, is extremely creepy with the amount of information they track even when you’re not using Uber. Uber gift cards are now a thing, so you can grab one to use when needed instead of giving Uber your credit card information.

All the above offer some measure of protection, and even anonymity online. While none are perfect solutions for every situation, having a few available in your arsenal to use as needed should provide you with more than enough options to choose from.

Our phone number is one of the most personally identifying pieces of information that we have.  With it anyone can find our name, address, track down our social media profiles, and totally dig into our lives with very little effort. Since most of us aren’t international spies with an arsenal of burner phones and throw away numbers we tend to hold on to the same phone number for years so that the people we want to communicate with can still find us, and also recognize us when we call.

Yet with so much on the line (pun intended) when it comes to protecting our privacy and security, anytime we are asked for our phone number to sign up for something, or get $2 off of our purchase we instinctively blow our own OPSEC (Operational Security) and give it up without any resistance.

Additionally, (and related) spam calls are out of control. By some estimates as many as 50% of all calls in the U.S. is spam. It may be virtually impossible to ever stop offshore companies (and the U.S. companies who hire them) from respecting any U.S. laws governing this, and it doesn’t look like any major advancements in IT security is going to ever be able to stop the continuous data breaches that dump personal account information into the public domain. There is a better way.

The first thing you need to do is let go of the notion that you can only have one phone number like it’s 1913 and yours was officially assigned to you by the Wilson administration.  Like email addresses, you can have as many phone numbers as you want.

The goal of having alternative phone numbers in your privacy toolkit that you can deploy at a moment’s notice is to be able to provide a layer of protection, and even anonymity, between your real information and who you’re sharing that number with.

How virtual phone numbers work

A virtual phone number is not attached to one line or device. Generally you forward calls to a virtual phone number to a device of your choice that already has phone service.  There are  ton of virtual phone services out there, and you’ve likely heard of some popular options like Grasshopper, Ring Central and others. It would be impossible to mention them all, so I’ll stick to the services that I have personally used  to give you an overview of how they work, and how you can use such services to protect your privacy.

Google Voice virtual phone number

12+ years ago when I started my first web company I needed a free/ cheap way to have a phone number I could use online, that was not my personal phone number. I found Google Voice (https://voice.google.com/about), a VoIP (Voice over IP Protocol) phone service that allows you to create a virtual phone number, and have calls and messages to that number forwarded to an actual phone.

At the time I was able to find a vanity number and still use that number online today. Today available numbers are limited, but in most cases you can still pick your area code. If your alias lives in a different city you may want to see if a number in that area code is available before you create your alias’ address.

Google Voice features

  • Free to use for calls and texts in the US.
  • Uses VoIP which means you use it online
  • Has a companion app which lets you choose whether to call from your Google Voice number of actual carrier number
  • It has voicemail with text transcription which you can access through the app or online.
  • You can have your Google Voice number ring to multiple devices.

For more info just go to Google Voice, check out the Google Voice article on Tom’s Guide.

If you already have a Google account, you can create a Google Voice number and use the basic service for free.  Or you can create a new Google account just for this purpose.

Note: In order to use the calling app and be able to choose which number to use to make calls, your phone needs to be signed in to the same account as your Google voice number.

MySudo virtual phone number

MySudo (https://anonyome.com/)is a pretty neat application that provides more of an all-in-one solution of privacy tools and options. You will see me mention MySudo again but for the purpose of this article we’re going to hit on the phone number feature.

With MySudo you can create distinct profiles with their own phone number, email, and virtual credit card. It offers end-to-end encryption and free, unlimited communication (call, chat, and video chat) between MySudo users.  You can create multiple phone numbers for different uses, and all without ads, or tracking. As a matter of fact they don’t even ask for your name.

MySudo is available on the Google Play Store and Apple App Store. The free version is obviously limited but still very useful especially if you just need an alternate phone number with the ability to get incoming calls and messages.

 

Get a cheap second phone number

One of the issues you may run into when creating online accounts with a virtual number is that some service will not let you verify with a VoIP number.  For situations where you don’t want to give up your “real” phone number, I recommend simply getting a cheap second phone.

You can find some good deals on second-hand phones on sites like eBay, at your local pawn shop, or if you have an old device lying around use that. For service, you can use any number of pay as you go services that can be purchased at most major retailers. Use cash.

A while back I picked up a used, dual sim, Xiaomi Redmi Note 7, running Android 10, in great condition off of eBay for $94.

I went to the local Walmart and purchased a TracFone sim kit ($10) which comes with 3 sim cards, and you can pick your network (T-Mobile, Verizon, or AT&T). I also purchased (2) TracFone $20 mo. pay as you go plan cards (2 GB data, unlimited talk, and text). Since I wasn’t using it as a main phone, and it would mostly be connected to my home Wi-Fi, I didn’t need much data. (I’ve since renewed with $10 mo. plans, still unlimited talk and text, and data rollover.)

When setting your service up you can choose your preferred area code. Also, TracFone doesn’t ask for accurate identifying information or credit cards. You can re-up your month-to-month plan by buying renewal cards with cash. This could come in handy if you’re using this to create one of your pseudonym profiles.

Update: It was reported on 6/14/2020 that Verizon wireless intended to purchase TracFone. Not sure how this will affect the flexibility of the service, but I’ll be keeping an eye on it for you.

The goal here isn’t so much anonymity, but to protect my phone number. If you sign up for something using your real name and use your alternate phone number, it will then be associated with your real name.

You could also use this phone as your 2-factor authentication phone. For extra protection from the normal tracking, I also de-Googled it and installed Lineage OS. (We’ll talk about Lineage in future articles)

Yes, you also could just buy an all-in-one burner phone (phone, sim, and reassigned number), but typically the models are cheap (because they are used as disposables)  and overpriced. For the same to a few bucks more you can snag a nice used feature phone with decent specs that you may actually want to use.

Virtual phone number pro-tips:

  • Check to make sure the phone you’re thinking of buying works on your preferred pay as you go to service before purchasing.
  • Make sure it’s unlocked and works on GSM networks to give you more flexibility. AT&T, T-Mobile (and the rest of the world) are GSM. Sprint, Verizon, and US Cellular are CDMA. Phones created specifically for CDMA networks will not work on GSM networks, and visa versa.
  • Make sure renewal cards are in stock where you shop most. Nothing worse than not being able to find renewal cards, and end up having to use your credit card to purchase another month of service.
  • Walmart has a decent choice of pay as you go plans, and always has renewal cards in stock.
  • If you ever get stuck, and can’t find plan renewal cards and have to re-up online or through the phone, go out and pay cash for a $20, $50, or $100 Visa, or MC gift card and pay with that.
  • DO NOT use re-loadable cards since they require truthful information to adhere to banking laws.

This is by no means an exhaustive list of solutions and options. If you search for “virtual phone numbers” you will get a crap load of results. I merely wanted to let you know that you do have options, and touch on a few that I’ve used and can recommend.

Do your due diligence, look around, ask questions and find an option that has the features that work best for you and your specific needs.

Virtual or “burner” phone apps are plentiful. Many are not what they seem, are ridiculously overpriced, are just excuses for data tracking, and some are created by companies or developers whose existence I can’t even verify. Proceed with caution when thinking of installing apps on your phone.

It is a good bet that one of the many organizations that have your personal, or business email address will lose, misuse, or mishandle it in some way. It is also highly likely that it will be days (or longer) before you are informed of the breach (if ever). Time that gives whoever has your information ample opportunity to discover your other accounts which use that same email address.

If you’re employing psuedonyms (or aliases) for non-official accounts & communications your pseudonym is going to need an email address.

It’s true that strong, unique passwords help to protect those accounts, it is email discovery that makes them easy to find in the first place. If you are like most & use the same or similar passwords across the web, then it becomes a race against time to see who can move faster to secure your other accounts, you, or the bad guys.

Using email aliases with forwarding provides a layer of protection between you, & the mishandling of your information which exposes all your other accounts.

How email forwarding works

An email address has 2 parts. In the example: johnsmith@domain.com the section before the “@” is called the local part. The area after the “@” is called the domain.

Email forwarding (also called ’email alias’ services) allows you to create unique, real email addresses on the fly to use as needed. They function by using a “catch-all” feature of the domain part, while automatically recognizing any local part that you create as a valid email address, & then forwards it to you. No, you do not have to keep up with multiple inboxes. You manage your aliases from a single dashboard.

Most email forwarding services have a slew of domains to choose from with which you can create your addresses. However, for more control I recommend using your own domain, & I’ll be touching more on that down the page.

A typical use case…

Let’s assume you’re all set up, & are using your own custom domain “wabalubadubdub.com“. One day you want to sign up for something named “bobs newsletter”. Bob (like everyone) requires your email address. You simply make one up on the fly (no need to create it in a dashboard first) just for Bob such as “bobsnewsletter@wabalubadubdub.com“. Bob sends the email confirmation, which is forwarded to your main email address, you confirm. Now you are now signed up with Bob’s Newsletter.

In the admin panel of your email forwarding account, “bobsnewsletter@wabalubadubdub.com” has been created. All emails sent from Bob are forwarded to you through it. Bob only knows the email address that you have given him. Bob has no connection to or awareness of the address that his newsletter is being forwarded to. If Bob loses your email address, you just go to your dashboard & delete it. Since you have created an email address just for Bob, it’s not being used on any other accounts.

This also works offline such as sharing your email with new acquaintances, signing up for rewards cards, or applying for credit. You can literally create an email address on the fly that is only used for that purpose. You can also reply from that alias address from the inbox that it’s been forwarded to.

For Businesses

Business owners are constantly striving to keep personal business separate from their professional lives. That generally means signing up for all your business-related accounts using one or the same few business email addresses. Sooner or later your business inbox becomes the same unmanageable hodgepodge of offers, updates, & spam as your personal inbox. You cannot delete the address because you are using it in other places.

Using forwarding email addresses (or aliases) to separate your accounts is a great way to manage your business inbox, & keep it clean from excessive communication & spam from each individual source. You can even give each client their own email address for that extra touch of personalization.

NOTE: If you are going to use email forwarding services in this manner, I HIGHLY recommend using the paid version of the service that allows you to use your own custom domain. Should that service discontinue or change things you still own your domain & can recreate any email addresses as you need to. If you are only using the free version & something changes, you’re assed out & lose all functionality.

For Parents

Protecting your kids from the wild west of the internet can be a seemingly impossible chore. Kids rarely understand the dangers of giving out too much information, or which information can

be used to find other information about them, & your household. Having an email forwarding account for them to create alias addresses on the fly not only provides a layer of protection between them & their “main” email account, it also gives you management over what they’re singing up for, & the ability to cut off communication from accounts that have jumped the shark. It also allows you to check to see if any of their alias email addresses have been compromised in a data breach.

Choosing an email forwarding service

There are a few forwarding services out there including 33mail, ImprovMX, MySudo & others ranging from free & limited, to monthly fees. Each with different features & limitations. For my needs I wanted was easy to set up, stable enough that I wasn’t worried about them going out of business & leaving me hanging, had no limitations on the number of aliases I could create, allowed me to use my own domain, & that wasn’t expensive.

@Michael Bazzel of Intel Techniques, & who produces The Privacy, Security, & OSINT podcast (among other things) spoke favorably about AnonAddy some time back. I checked it out. It hits all the sweet spots for me & offers a few features that I had not considering such as Open PGP Encryption, Chrome & Firefox add-ons, & the ability to use multiple custom domains (paid version).

The 3 suggestions that follow assume you are using AnonAddy to manage your email aliases, but the strategies should apply to whatever email forwarding service you’re using.

Setting up your AnonAddy account

AnonAddy has 3 levels. Free, Lite, & Pro. The free plan gives you enough to get started if you just want to test it out, but for long term use you are limited to the free domains that they make available to you.

I recommend the LITE plan because it’s cheap ($1mo.) & it gives you the ability to use your own custom domain which to me is a critical control. Although I do not expect it, should something happen to AnonAddy & you are on the free plan you may lose your alias addresses, potentially with no way to recover them. Then you would have to change the email address on all your accounts. Not good.

By using your own domain no matter what happens you always own & control it. If need be you can recreate your forwarding aliases either on another service, or manually. But at least you do not lose access to those accounts.

If registering a new domain be sure to opt-in for Who is Lock Privacy, & Transfer Lock, so that your domain registration information is private.

Of course, you need to already own, or register a domain to use for this purpose (about $14 yr). Use Hover, Go Daddy, whatever you like. Get creative & register whatever you want that is available. Remember, you may be using your new alias capabilities on professional accounts, resume’s, & such so you may want to refrain from registering anything risqué’ or immature.

There’s no reason for me to recreate the wheel here, AnonAddy has perfectly good instructions on how to set up your custom domain. It requires you to have access to the DNS settings of the domain so that you can verify ownership, & make it work through their email servers. Should you run into issues contact support at your domain registrar (For instance Hover or Go Daddy) for assistance setting up the records properly.

Obviously if budget is an issue the free options are awesome & choosing from the ample selection of domains to use will be simply fine. However, my fear is, just like with VPN’s that some email server admins will get wise to the free forwarding domains & start to block them. This may never happen, but I do not like depending on everything to go exactly right.

AnonAddyForwarding your aliases to an inbox

When setting up your AnonAddy account (or whatever service you are using) you will be prompted to provide an email account to forward your alias addresses to. For this purpose, I have another single use private email address, on an encrypted service that allows multiple inboxes.

I do not recommend using a free email account for this. By now you’ve probably heard that services like Gmail scan your emails so that they can advertise your interests to you. If you now start sending all your account emails through Gmail, you are just doing the same thing…. giving them everything about you. Enough to build a solid profile whether you use that Google account for anything else or not.

If you’re not already using one, consider Protonmail ,Tutanota or another encrypted, private email service. Besides the obvious benefits of using encrypted, secure email, these companies are privacy-focused, & do not make money from advertising. I use the paid versions but even the free versions of both are better than free email accounts from the big 3 (Microsoft, Google, Yahoo) or your cable company. And you certainly don’t want to use your work email.

Suggestions for setting up your forwarding aliases.

Again, wheel already created. AnonAddy has easy to follow instructions for setting up your aliases. When you first get started you’ll be tempted to create cute aliases, or use the automatically generated unique ones which trust me, will get confusing & hard to remember once you have 20+ aliases in your dashboard. There are appropriate use cases for creating randomly generated addresses, but maybe not with accounts that you use frequently.

Using the above example “@wabalubadubdub.com” as your domain one suggestion is using the name of the company as the local name of the alias address. For instance if creating a forwarding email address for Bacteria Frap Water Park, simply make the forwarding email that you use for them “bacteriafrap@wabalubadubdub.com“. This will make them easier to find, manage, & delete should they become compromised, or ends up sending a lot of spam.

If you are worried about someone figuring out your naming system & spamming, you could add a code or additional special word that only you know to the end of the local part of the email address. Examples: “backteriafrap007@@wabalubadubdub.com“, “bobsnewsletter-hunting@@wabalubadubdub.com“. Get creative with that, use underscores, dashes, or whatever works for you.

If you forget an alias address it is easy enough to log into AnonAddy to refresh your memory. They do not have a mobile app, but the responsive version of their website works fine.

Also, make sure that all your accounts have a way to recover them should you lose access to your primary way.

Test, discover, have fun

You will find many marvelous uses for your forwarding capabilities, & in some cases discover a slight sense of anonymity. Knowing that none of your accounts use repeated emails, thereby not leading to another account, gives you a very freeing sense of privacy & security. I have found many uses for using my email aliases including:

  • Social Media accounts
  • Downloading industry white papers
  • Friends & family
  • Resume’s
  • Rewards programs
  • Online communities
  • Web services
  • Contests / Raffles
  • Political organizations
  • Membership sites
  • Newsletter sign ups
  • Petitions / Polls

Since I’ve started using email forwarding, I’ve stopped giving out my “real” email addresses to anyone. Having this tool in your arsenal will make you more aware of how many things ask for your email, & scrutinize who is worthy of the risk, & why is not. I firmly believe having the ability to create email aliases on the fly is a critical tool to have in your privacy tool kit.

While I encourage sharing what you know to help friends, & family protect their privacy & strengthen their security, you should never let anyone know your exact privacy strategy, or any personal details surrounding it.