DuckDuckGo's email protection service is now available for all users
DuckDuckGo's email protection service is now available for all users. The privacy-friendly option, which debuted last year, is still in beta.
Until now, the only way to get a @duck.com email address was by joining a waitlist, and waiting for a few weeks or so for the notification to arrive.
What is DuckDuckGo's email protection service
DuckDuckGo's email protection is an email alias-service that hides your real email address. It allows you to create a custom @duck.com email address that collects mails that are sent to it. The service removes all trackers from the mail, including those that maybe hidden in images and scripts. Once it has purged the trackers, it forwards the mail to your main email's inbox. The company has announced that it now supports Link Tracking in mails to remove trackers from URLs. The service has been upgraded with Smarter Encryption, that replaces insecure HTTP links with HTTPS whenever possible.
How to get a @duck.com email address
Mobile users
If you have the DuckDuckGo mobile app on your Android mobile or iPhone, go to the Settings page and tap on Email Protection.
Desktop users
Do you prefer using it from your computer? Then you will need to install the DuckDuckGo extension on Firefox or Chrome, and visit http://duckduckgo.com/email. macOS users can use the privacy service from the DuckDuckGo browser directly.
Click on the Get Started button, agree to the terms and services, and the website will prompt you to choose your @duck.com email address. Next, you will need to choose the email address to which your mails should be sent to, aka the forwarding address, e.g. your Gmail, Outlook email ID.
Note: You may change the forwarding address at anytime from the Email Protection dashboard.
DuckDuckGo's email protection does not require a password, when you try to log in to your account on a new browser or device, it will send an authentication code to your registered email address. Enter it to access your @duck.com inbox. Now, you can submit your new duck address in place of your main ID whenever you need to create accounts with third party services.
Go ahead and try sending an email to your new duck address, or try signing up for a newsletter on any website using it, you will receive the mails in your duck inbox. The mail that it forwards to you contain a banner alerting you that trackers were removed, it also has a link for an email protection report.
Clicking on the link opens a report that tells you what trackers were removed, whether links were upgraded to HTTPS, the sender's information, etc.
The service is not limited to email-forwarding, you can reply to mails that are sent to your @duck.com address, the sender will not be able to see your main email ID.
That's not all it can do, DuckDuckGo can also create unique private Duck addresses that you can use instead of your personal Duck ID. It's sort of like a temporary email ID. This adds another layer of privacy protection. These unique addresses can be generated from the dashboard. If you start receiving spam or phishing mails, you can deactivate this address, and create a new one to replace it. Using an email-alias can protect your real ID from being harvested by websites, spam, leaks, data breaches, etc.
Here are some free alternatives for DuckDuckGo email protection: SimpleLogin, AnonAddy, and Firefox Relay.
Which email alias-service do you use?
They lied to their customers and they censor email results. No thank you.
Given recent evens with DDG they seem less trustworthy and this seems like another way for them to collect and aggregate personal information of the people using this service. Kind of like what Facebook does, but on a much smaller scale, but seemingly heading in that direction.
I use Thunderbird for my email. Desktop client only. No webmail for me. IMAP by design has several exposures that POP doesn’t (I have no mobile devices so syncing and access from multiple devices is not required). I never leave messages on the server.
So I don’t think I could use this service even if I wanted to.
OK I was wrong. It does forward throwaway email addresses. My current spam system evaporated the forwarded message until I managed to dig it out. Unfortunately, all I could see in the message that should have contained a link to complete registration was “this message contains spam”.
Usefulness probably depends on you main email address’s methods of dealing with spam. For me Catch22. I want the relayed messaged to show but I don’t want to change spam settings.
So who actually thinks installing a DDG extension in your browser is going to help privacy? These companies prey on users who don’t know how the internet works. Ripping off grandmas, kids, and refugees.
The account stops you having to use your real email address (e.g. for a website that requires email address for logon instead of a user name). The extension does have an option for a throwaway address. Sending a test email, the throwaway account immediately vaporizes on the DDG mail server. It never made it to my recipient address. In other words, the ‘click link to finalize registration’ never gets to you.
DDG not making the throwaway a timed account seems to be a major oversight that makes it less than fully useful.
After disclosure on ghacks that DDG failed to remove Microsoft tracking elements from URLs I’m not inclined to use their services anymore: https://www.ghacks.net/2022/06/18/duckduckgos-browser-microsoft-tracking-parameters-in-url/
Once a company loses users’ trust, it takes a long time to regain it again.
I do not trust DDG anymore, no thanks.
I wanted to try it, but then I’m forced to install the extension which forces me to use DDG as my search engine, which I’m not interested in. In Chrome, when the extension is installed, you can not change the default search engine to anything else.
It was aggressively urging me to install an extension when I went to the sign-up site. Installing their Android app was an alternative, but would I do that? I’ve already downloaded a ton of apps. Why is it necessary to install them in order to subscribe to an email forwarding service? I was eventually able to register after applying the extension to my browser. Since I no longer believed the extension to be necessary, I withdrew it. This seemed to be a simple ploy to persuade us to install their extension and smartphone app.
How are they going to protect people, by censorship of what their masters call propganda and disinformation?
Let’s say you work with clients from China or Russia and this DuckDuckGo E-mail protection blocks further e-mails from your Russian or Chinese clients so that you are protected from disinformation and propaganda and then lose your business clients and money.
You work with clients in asia/russia and your business has no own e-mail server nor website or domain? How are you even compliant with GDPR and CCPA?
@Hitomi
Well, isn’t GDPR (EU) and CCPA (California) related to a web site in certain regions only, but if the company doesn’t have own web site, or instead using a business platform provided by another company in other regions, then how does it apply?
Can’t speak about CCPA, but with GDPR it applies to any website, platform or system that captures/processes the personal details of any EU resident. One of the things which may be relevant to Hitomi’s comment is that you can’t transfer EU residents’ PI to any other country which isn’t deemed adequate in terms of privacy protections.
Giving genuine clients your genuine email address might be a workaround.
Desktop users need to install the DuckDuckGo extension, aka ‘DuckDuckGo Privacy Essentials’, on Firefox.
I would have been curious/interested to try this email protection service but it being tied to the company’s ‘Privacy Essentials’ extension poses a veto here. This being said, and if I do use occasionally DDG’s search engine, I nevertheless have a slight reticence to go any further than that with that company and therefor will consider the ‘AnonAddy’ extension as my sole email protection.
You forgot to hide the alias from the second image, Ash ;)
Oh, haha. It’s a throwaway account anyway. :)