Enhance User Privacy on Your Website with Ease | Privacy Portal
privacyportal.org
A simple tool for website owners to enhance user privacy with anonymous email and newsletter subscription features.

Privacy-Kit is Privacy Portal’s latest FOSS tool aiming to bring privacy to the masses.

🚨 Add a Hide-My-Email feature to your site with one line of code.

Hide-My-Email

🚨 Include Subscribe-Anonymously for your newsletter in the same way.

Subscribe Anonymously

We’d love to get community feedback.

Follow our community for the latest updates.

Look Under The Hood: (edit)

  • When a user requests to generate an email alias, a popup would appear (similar to “Sign In With Apple”) prompting the user to sign in with Privacy Portal in order to authorize generating and filling the email alias.
  • As mentioned in the library’s Github page, an account is required in order for Privacy Portal to be able to forward emails to your personal email address.
  • Privacy Portal has a transparent and fair business model that allows small creators and businesses to use our services free of charge under a certain usage threshold.
  • Privacy Portal is built for privacy and processes all emails in memory without writing them to disk. It does not store, collect, share, nor sell any user data. Privacy Policy
  • Users can sign up on Privacy Portal with an anonymous email address for even more privacy.
  • Email Aliases generated for a particular website can only relay emails authorized by said website and are unusable by other third parties making it a perfect solution for eliminating spam, and email sharing accross websites.
  • theRealDonaldDuck@lemmy.mlOPEnglish
    41·
    23 hours ago

    We’ve noticed some misconceptions about email aliases and some recommendations that are bad for privacy in the comments. We’d like to share our thoughts on the matter in case anyone is interested in learning more about it.

    1. How do email aliases protect you online?

    Why not simply use an extra email account with plus-addressing (as one commenter recommended)?

    • If your goal is to protect your privacy online, you must reduce your digital footprint. You simply cannot achieve that by providing the same email address (even if it’s a secondary email) to different services online. The plus sign does not prevent you from being identified. Data brokers can easily link all your accounts in that case.
      • With privacy-kit, every service would have a completely unique and unlikable email alias making it impossible for data brokers to link your accounts by email addresses.
    • If your goal is to protect yourself from spam, using plus-addressing does not prevent your email address from being sold to third parties and spammers. Spam won’t necessarily go to you main email in that case, but you’d still be receiving it in your secondary email. Your inbox would quickly become cluttered and unsafe.
      • When using privacy-kit, every email alias is tied to the website it was generated for and only accepts emails from domains registered and verified by the website owner. This means privacy-kit email aliases cannot be shared with third parties and cannot receive unsolicited mail.
    • If your goal is to protect your privacy against email service providers and aliasing services, using a secondary email address with plus-addressing does not have any impact. Your email provider, responsible for storing all your emails, can simply access them at any point in time. If you’re using an encrypted email provider, they would have read access to your emails before encrypting and storing them.
      • When using Privacy-Kit, our Mail Relay service is designed to process emails in-memory and never storing them to disk. This means upon reception of an email, Mail Relay can encrypt your email with zero access encryption and relay it in its encrypted form to your email provider. Your email provider, responsible of storing your emails, cannot access the contents of your emails in that case. This allows you to do a separation of concerns between providers responsible for storage and providers responsible for encryption with zero storage.
    2. Are we evil? 😈 providing a free service to steal and sell your data?
    • First of all we are not a free service. Our business model is very fair and transparent and allows us to fully fund the operation of our services and the development of new products for our users. That said, we do have a free plan aiming to help small creators and businesses provide privacy functionality under a certain usage threshold.
    • We have spent more than two years designing and building our existing products from the ground up to provide best-in-class privacy for our users. We opened Mail Relay to the public almost a year ago.
    • We’re also contributors to select Open-Source projects aiming to improve Free-Speech online. For instance, we are contributors to Lemmy: e.g. https://github.com/LemmyNet/lemmy/pull/4881
    3. Lots of unfounded accusations in the comments. Here are some answers:
    • No. We’re not hiding our Github repo. It’s actually the first link in our post. It’s also available in the linked blog post and available on our website.
    • No. We’re not hiding the fact that users need to sign up to use Hide-My-Email. It is technically impossible to provide the service otherwise. This requirement is mentioned in the first paragraph on privacy-kit’s Github README.
    • No. Privacy-Kit’s repo is not sketch because it only has 2 contributors. The repo is open source and verifiable by anyone. It uses a very permissible MIT License and it was just open-sourced yesterday. Contributions are more than welcome ❤️.
    • No. The privacy-kit repo is not just a website and it does not import unknown code as suggested in the deleted comment 😳. It actually contains the privacy-kit library code, which is a lightweight library with zero dependencies. It also includes two HTML pages for testing under a /test directory. These are not part of the library bundle.

    We just felt the need to clear these misconceptions.

    Thank you all for supporting us in our mission to improve privacy online ❤️

    • A_norny_mousse@feddit.org
      2·
      6 hours ago

      No misconceptions on my side.

      Your business is about three things:

      • convenience for the visitor
      • web sites being able to signal “we care about privacy”

      Both these things are what makes the hype around web privacy/anonymity.
      You pinky swear that you don’t sell or otherwise abuse personal data, but you still get class A data about which users visit and deeply interact with which site.
      Why should I lay all my eggs in one basket in the first place?
      Of course the same could be said about a secondary or tertiary email provider but then quite a few exist who are at least as trustworthy as your solution.

      I said your business is about three things; I think it’s easy to see that the first two lead to you growing your business.

      About your elaborate emoji- and buzzword-laden replies, let me reply with Shakespeare: “The lady doth protest too much, methinks”

      People have every right and reason to be extremely skeptical about offers like these.

      BTW I deleted one of my comments because I realized I was wrong. That seems to have rubbed you the wrong way?

      • theRealDonaldDuck@lemmy.mlOPEnglish
        3·
        4 hours ago

        We understand that trust needs to be earned. We’re in it for the long run. We totally agree with you that users shouldn’t put all their eggs in one basket. This is why we’re bringing our products as an alternative to existing ones in some cases and we’re innovating with new functionality like privacy-kit that doesn’t exist today on any other service.

        You pinky swear that you don’t sell or otherwise abuse personal data, but you still get class A data about which users visit and deeply interact with which site.

        • When you register an account with Privacy Portal, you don’t have to trust us. You can simply use an anonymous secondary email during the registration. We don’t know who you are. You can also use privacy-preserving payment methods if you decide to upgrade your account.

        • When you go on a website, we don’t get any information from that site. We do not deliver the library from our servers. Website owners can integrate it directly in their website (or though CDNs). The only time we do get information is when you request to generate an email alias on that site. This is when we receive and process your request. Once that happens, we generate an email alias for your account under the OAuth application of that website. We don’t collect any data from websites. We only store the email alias to provide you with the service you requested.