Firefox Private Relay is Mozilla's latest experimental service
Firefox Private Relay is a new experimental service by Firefox maker Mozilla; the (currently) invite-only service is designed to reduce unwanted emails and spam by acting as a proxy email service of sorts.
The idea is not new but Mozilla may be on to something considering that trust is important for this kind of service. Users sign-in with their Firefox account, or create a new one, to start using the service. A companion add-on for Firefox is available as well which integrates the service in Firefox.
Users of the service may use it to create alias email addresses on the fly that redirect emails sent to them to the user's "real" email address. The user is in full control of the alias and may terminate or disable the alias at any point in time to cut the connection and block any spam or unwanted emails from reaching the real email address.
Users may click on the relay button next to email fields to create an alias on the fly. The alias is automatically forwarding emails that come from that service to the real email address.
The add-on's description provides further information:
Private Relay adds UI to generate unique, random, anonymous email addresses that forward to your real address. You can use your relay addresses to sign up for apps, sites, or newsletters. When you're done with that service, you can disable or destroy the email address so you'll never receive any more emails from it. And, if the service has an incident, their data won't be linked back to you.
Some features are unclear at the time of writing because of the invite-only nature of the service. Will users be able to select different domains for the email aliases or only one? It is quite common that disposable email services and email forwarding services get blocked by Internet companies and sites. It is also unclear whether Mozilla plans to introduce a paid option or options such as custom domain, if PGP or similar is supported, and whether functionality is limited in any form (e.g. number of aliases or forwards).
Users who don't have an invite at the time may check Anonaddy, an open source service that is offering free and cheap paid accounts.
Now You: What is your take on the new service? Would you use it?
Sorry if this off topic, but when I sign in to Gmail via Chrome Version 83.0.4103.34 (Official Build) beta (64-bit) under Microsoft Windows [Version 10.0.18363.815], Gmail downloads a proxy and then opens Gmail. Is this same idea that Martin describes for Firefox?
No that is something different.
So, what’s happened to Thunderbird, Mozilla’s own email client? Why is TB left out of this?
Thunderbird is independent. Someone might be able to create an add-on for the email client.
Sounds great and something that I would actually put to good use, but “invite-only alpha release” is as good as no release at all!
How long before services bans they’re domain(s) and become useless?
That’s an issue that all of these services face. The only option to avoid this is to allow custom domains or to add numerous domains to the service and extend the option regularly.
The concept is not new of course, Mozilla as a new actor is interesting.
Besides unclear features noted in the article a major point is the user’s reply to a relayed email : does the sender appear to be the user’s real email or that of the relay? Trashmail.com names this as ‘Reply-Masquerading’ and includes it as an option, even for free relays (10 emails/31days max).
The reply address is of course essential, for instance when registering to a site and having to confirm the provided e-mail address. I still use DEAs (Disposable Email Address, not the Agency!) and in which case one provided by trashmail.com, but the free version is limited in time/access.
Another major problematic, perhaps the first one, is that some sites, indeed as mentioned in the article, just refuse DEAs. I recall a site to which I had provided a valid Trashmail.com DEA (lifetime moreover) which refused it on that ground to what I changed for an imaginary gmail address which was accepted (I knew no confirmation was of the lot). This shows that some sites play it smart yet not smart enough.
This was my solution, I have Avast and disabling “Scan secure connections” in the web shield worked for me. However just disabling “Scan secure connections from browsers only” does not work.
This looks interesting.
Besides AnonAddy and now possibly Mozilla, are there other free services that offer this functionality?
The biggest problem is that the exact companies from whom you want to shield your real email address seem to be the ones who never allow temporary email providers or email forwarding services.
The worst offender is probably Google.
I wish they didn’t try to make a Firefox account required for their services. It would be more anonymous without one.
Another totally unnecessary feature.
How about working on speed improvements instead? Chrome loads pages a lot faster!
Completely inept priorities!
If you think about it for a second, what are the real priorities for real people in the real world? Reducing spam or having a web page load 10 milliseconds faster?
Reminder: the tech lead behind this is the moz employee that aggressively pushed for google-safebrowsing on as standard in the privacytoolsIO user.js privacy tweaks:
https://github.com/privacytoolsIO/privacytools.io/issues/339
archive: https://archive.ph/udEiZ
Thats right, a moz employee that trusts and works with google inserted himself into the discussion trying overrule privacy conscious users preferences, in a resource they go to trying to make themselves more private from google etc. (notanon on here tried something similar with pants and Doh iirc) but this an employee doing it, the same employee who worked on this and with Monitor, do you trust it?
Do you want your browser ids and browser account associated with your email addresses now? Do you want the ability of some third party(s) to do this? This is the capability to do these things being escelated, stated motives are irrelevant.
Other things still need fixing and reversing if privacy is important: the persistent push connection recently found sending out ids, the sending of browser id to adjust, google analytics bypassing ublock, third party trackers in the mobile browsers, the ability to remote install arbitrary executables (now escelated from arbitrary addons because why not), even the addon fiasco is still technically unfixed isnt it?
While I do aagree with the fact that no self-respecting individual would ever use any mozilla-written code, Google Safe Browsing is actually something I intentionally leave enabled on all my normie friends and relatives. The same way I tell them not to attempt to disable Windows Defender because they can’t (sure, you can, but they shouldn’t).
Don’t get me the wrong way, I am by no means defending that mozillian. I strongly disagree with enabling this feature on that config file, simply because whoever needs that config file, is also capable of defending themselves against most web malware. My point is that Google Safe Browsing in of itself can be useful.
While it is disabled on all my devices (running Chromium), I do actively report phishing domains to Google, and they take action, quite fast as well. This week alone two of my reported domains are currently being blocked by Google’s list, and keeping regular users away from those domains is crucial. You and I, and most likely most who bother reading this message can definitely tell they are fraudulent, but a lot of people can’t.
Cheers for the reasoned response Yuliya
.. something i keep in mind and believe its a problem; offering protection and ability to exploit in their own special way. The fear/protection may be overplayed or not, but it makes divesting from google and friends extra difficult. More problematic when local file and download scanning etc comes along for the ride as part of the package.
Basic awareness and opsec can go pretty much all the way, but youre right it doesnt work for everyone, thats a problem and exploitative corps catching you in their solutions is also a lingering problem.
This ‘Private Relay’ thing (likewise the ‘private DNS’ hype) are shaped exactly the same in my opinion, everyone will gloss over details because of how its named and marketed. Call proxying your personal data through aditional third parties “private”.. market it right.. everyone eats it up..
..In this case masses volunteering to stream their full email content through an inept untrustworthy corporation, while linking it with their browser and real world id (purchased service), all to hide the address. Madness.
Lastly, “We have plans to monitor and prevent fraudulent account use of Relay to help prevent spam, trolling, and other worse abuses.” obviously, and is legally required.
Wow!
SimpleLogin.io already does that. It’s open-source, can be self-hosted and available on desktop and mobile.
@Emma, I’ve just discovered SimpleLogin when its extension was mentioned by someone on
Firefox Private Relay’s extension review pages
[https://addons.mozilla.org/en-US/firefox/addon/private-relay/reviews/]
I opened an account and installed the extension, works nicely indeed.
I probably would not use it, but I get that Mozilla needs to reinvent ways to gain more revenue streams. They definitely face a serious revenue shortage if Google ever decides to drop their search deal with Mozilla. With their Firefox base still shrinking, I am not sure what sort of user numbers they have for targeting new services?
I’ve been using this masked-mail service for years using a DNT (https://dnt.abine.com) account. DNT stands for Do Not Track me. They had a very popular addon of the same name. The addon used to send a “Do not track” signal (which was then a new thing) with browser traffic and also prevented tracking attempt by cookies. Since most major browser added sending the do not track signal feature, the addon since renamed Blur (https://addons.mozilla.org/en-US/firefox/addon/donottrackplus/). It’s a very useful addon but I like their masked mail feature most
Ditto to that. Blur is a great service. If you are trying to test a web service and don’t trust them, you can create your account with a masked email address. If it turns out to be legit you can give them your real email afterwards. Similarly, if you cannot cancel an account on an online service, Blur is handy; just change your personal info, and also your email address to a Blur forwarding address, and then you can abandon the account. Or you can give a forwarding address to referral services that hound you unmercifully, even after you’ve hired one of their contractors. IMO these are all valid use cases for a forwarding email address.
>Users of the service may use it to create alias email addresses on the fly that redirect emails sent to them to the user’s “real” email address. The user is in full control of the alias and may terminate or disable the alias at any point in time to cut the connection and block any spam or unwanted emails from reaching the real email address.<
Good explanation but almost no one's going to take the time to understand what this ad hoc masking does. We can already create aliases in most clients and services, those same clients and services have spam/phishing/malmail blockers, as do AV's.
'Cept few even understand what an alias is, how to use one, why they need to or how this will help with spam, etc.
A flowchart of the path emails take coming and going is tortuous enough; this throws it for a figurative loop.
So, you get an account, give them your email address, they sell it to google, and unless you use web mail, Firefox never gets your email anyway so you open a GMail account to use this service, which makes the service moot? Round and round.
Cabin fever and too many mushroom salads has boldly sent Mozilla to where no one has gone before!
What they really need is a browser based subscription VPN. :)
I would definitely consider using this if it doesn’t require creating an account.
There’s a small chance I possibly would use it if it requires creating an account that is not linked to the browser in any way.
There’s no way I will use it if it requires an account linked to the browser.
Firefox ‘Private Relay’ appears on AMO :
Private Relay by Mozilla Firefox
[https://addons.mozilla.org/en-US/firefox/addon/private-relay/]
Experimental, invite-only alpha release.
Quoting,
“Please note: this add-on is an experimental, invite-only alpha release. We will add a wait-list at relay.firefox.com soon.”.
Some users’ comments ON AMO are relevant of the fact they’ve tried it, but how did they manage to get an invite given there’s no wait-list? Seems as confused as the extension’s features themselves.
Been using 33mail.com for several years. You pick a subdomain and create unlimited aliases on-the-fly in the free tier.