Protect IID

Protect your privacy with single-use email addresses

#2 Product of the DayFebruary 15, 2019

Learn to Protect your Internet Identity.

Single-use email address is a generated email address that is used only once when signing up for a service. It makes impossible for attackers to predict which email address was used for which service.

Discussion
Would you recommend this product?
4 Reviews3.8/5
Hello Hunters, I made Protect IID inspired by the recent Jeff Bezos National Enquirer scandal, "Collection #1" Data Breach and tweets by @levelsio (https://twitter.com/levelsio/sta...). The idea is to start treating email addresses that you use when signing up for a service similarly as passwords. They should be unique, generated and used only once. You store them with your password inside a password manager. I've gathered all the information about single-use email addresses and published in on the Protect IID page. You'll learn how they work, how to set your own with a few clicks and you can download an official Protect IID Chrome extension that generates single-use email addresses for you. If there's something you think is missing or you know how to explain something more clearly, please, let me know! :)
@pkrupar Thanks for the helpful site. You've inspired me to put this into practice. Curious -- how would this approach have helped the Bezos situation?
@aaronbailey Glad you asked, check this blog post speculating how the National Enquirer probably got the pics: https://blog.erratasec.com/2019/....
@pkrupar thanks... so lesson learned: if you start dating someone new, require they use 2FA and single-use email addresses. ๐Ÿ˜…
@pkrupar Very nice! You should add a setting that includes the current domain name in the generated email address. For example if I where to signup for Product Hunt it would generate something like: producthunt-3ef144b32a@example.com Grabbing "producthunt" from the current url, www.[producthunt].com and follow it with the random generated string. The email spec allows for up to 64 characters on the local part, so only include the first 32 characters of the domain should be safe. This allows you to quickly see if a company has sold your user info. Being able to see to domain name in the address will reveal its origin.
@chadwhitaker Great idea, Chad! I'll add it today.
Enabling a catch-all address can be problematic since spammers often buckshot thousands of emails to addresses generated by adding common-left-side-of-`@` words to the domain. To control inbound access effectively you want to keep a database of generated email addresses and only let though emails sent to valid ones. Having the database additionally lets you terminate an address if it starts receiving spams. Finally, if you also store who you gave the address to in the database, you can be the first to know when a corporate data-breach happens, or when a friend gets tricked into clicking on a fake GMAIL login. I've been doing this for the past 20 years and can't imagine why GMAIL and everyone does not do it also. https://wp.josh.com/2013/03/14/s...
@josh_levine Very good points! That is exactly what we've done with Burner Mail
https://10minutemail.com/ do the same job and it's easier to use in my opinion
@chr1s it's two different things, one is a service, the other one (this one) is more like a tutorial on how to get the same result as 10minutemail under your own domain :)
Great job!!๐Ÿ˜Š Will check it out. This looks good
Great project ๐Ÿ‘! Would love to see a Safari function as well in the future!