this post was submitted on 27 Oct 2024
29 points (96.8% liked)

Privacy

31958 readers
905 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

There is the diceware method to make passwords random and strong to crack. But is it advisable to use this method to make random names for email addresses? That is the concern I have, when a person makes a random email address, they inevitably introduce things with which they can be identified, breaking the previously stated randomness, what ways are there to avoid this?

top 11 comments
sorted by: hot top controversial new old
[–] Darorad@lemmy.world 18 points 2 weeks ago (1 children)

Are these emails you need to memorize? Diceware would work.

Otherwise I'd just use something like simplelogin and just have it automatically generate one. Then just save it in your password manager.

[–] manito_manopla@lemmy.ml 2 points 2 weeks ago

They are email addresses that I have to memorize, they are not temporary.

[–] colournoun@beehaw.org 9 points 2 weeks ago* (last edited 2 weeks ago)

https://simplelogin.io/ (owned by Proton) is great for this. They have a feature to generate an email address by random word or even by uuid.

[–] sloppy_diffuser@sh.itjust.works 8 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

There is anonymity and pseudonymity.

Do you need your opsec to be resistant to state-level actors (oppressive regime, censorship, illegal activities)? Well then you need to make sure you don't introduce anything that will deanonomize you.

Are you trying to be resistant to mass data collection efforts used for profit? Being on the pseudonymity spectrum is a good step.

Dealing with the latter is like dealing with a bully. Make it not worth their time. They just want to put you in bucket X so they can estimate the most likely way to influence you for reason Y. Pseudonymity is about having multiple aliases that get put into different buckets so their privacy invasive efforts are less effective.

[–] ivotedfornader@lemmy.ml 2 points 2 weeks ago

Great comment, friend. Thank you!

[–] deadcatbounce@reddthat.com 3 points 2 weeks ago

Use an anonymous email proxy like (https://)addy.io . Create an email address for every site.

Hopefully, I haven't misunderstood your question.

[–] TheOubliette@lemmy.ml 3 points 2 weeks ago

That is a good idea just so that you don't have to think about any potential privacy issues. Your email could be {firstword}{secondword}{4 numbers} and so long as the words and numbers are randomly generated, you can avoid accidentally including personal references or biases.

Your username does not need to be high-entropy, though. It will be semi-public. So it's not about strength against dictionary attack or similar, it is just about leaving the selection process up to a random process that isn't witnessed by a third party. You can write scripts that will generate these kinds of things using Python and the faker library.

For me I use ddg email aliases with bitwarden. It's great and free. I tried others but ddg works great but doesn't have any of the bells and whistles.

[–] propter_hog@hexbear.net 2 points 2 weeks ago

I usually pick usernames and email addresses with diceware. Unless I've got a zinger in mind like with the propter hog one.

[–] plinky@hexbear.net 2 points 2 weeks ago

like why do you need email addresses? use temp mail for garbage registrations and two-three stationary emails which you remember for stuff which is linked anyway

[–] Ebby@lemmy.ssba.com 1 points 2 weeks ago

I sort of do this because I own my domain. I generally pick an annual keyword email filters can lock on, followed by an identifier with whom I'm contacting.

It's easy to trace if addressed get breached, especially unreported breaches, and add to a burn list if they get spammed.

Also, if I have no intention of responding I give fake info or if I need that rare password reset link I know when to look in the spam.

Yeah, using my domain is it's self a bit trackable, but enough friends and family use it I figure poisoned data is sweet justice.

Fun fact, but for some reason old fake accounts have boomed in popularity; like data brokers with bad information bounce verifications off each other, linked it to some poor sap in another state, and snowballed into an actual profile. I'm going to use that identity as an alt profile for something someday.