this post was submitted on 09 Mar 2025
9 points (62.9% liked)

Open Source

34022 readers
155 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
9
πŸ”₯ Introducing Privacy-Kit πŸ”₯ (privacyportal.org)
submitted 11 hours ago* (last edited 8 hours ago) by [email protected] to c/[email protected]
6 comments fedilink hide all child comments
 

Privacy-Kit is Privacy Portal's latest FOSS tool aiming to bring privacy to the masses.

🚨 Add a Hide-My-Email feature to your site with one line of code.

Hide-My-Email

🚨 Include Subscribe-Anonymously for your newsletter in the same way.

Subscribe Anonymously

We'd love to get community feedback.

Follow our community for the latest updates.

Look Under The Hood: (edit)

  • When a user requests to generate an email alias, a popup would appear (similar to "Sign In With Apple") prompting the user to sign in with Privacy Portal in order to authorize generating and filling the email alias.
  • As mentioned in the library's Github page, an account is required in order for Privacy Portal to be able to forward emails to your personal email address.
  • Privacy Portal has a transparent and fair business model that allows small creators and businesses to use our services free of charge under a certain usage threshold.
  • Privacy Portal is built for privacy and processes all emails in memory without writing them to disk. It does not store, collect, share, nor sell any user data. Privacy Policy
  • Users can sign up on Privacy Portal with an anonymous email address for even more privacy.
  • Email Aliases generated for a particular website can only relay emails authorized by said website and are unusable by other third parties making it a perfect solution for eliminating spam, and email sharing accross websites.
all 7 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 4 minutes ago

We've noticed some misconceptions about email aliases and some recommendations that are bad for privacy in the comments. We'd like to share our thoughts on the matter in case anyone is interested in learning more about it.

1. How do email aliases protect you online?

Why not simply use an extra email account with plus-addressing (as one commenter recommended)?

  • If your goal is to protect your privacy online, you must reduce your digital footprint. You simply cannot achieve that by providing the same email address (even if it's a secondary email) to different services online. The plus sign does not prevent you from being identified. Data brokers can easily link all your accounts in that case.
    • With privacy-kit, every service would have a completely unique and unlikable email alias making it impossible for data brokers to link your accounts by email addresses.
  • If your goal is to protect yourself from spam, using plus-addressing does not prevent your email address from being sold to third parties and spammers. Spam won't necessarily go to you main email in that case, but you'd still be receiving it in your secondary email. Your inbox would quickly become cluttered and unsafe.
    • When using privacy-kit, every email alias is tied to the website it was generated for and only accepts emails from domains registered and verified by the website owner. This means privacy-kit email aliases cannot be shared with third parties and cannot receive unsolicited mail.
  • If your goal is to protect your privacy against email service providers and aliasing services, using a secondary email address with plus-addressing does not have any impact. Your email provider, responsible for storing all your emails, can simply access them at any point in time. If you're using an encrypted email provider, they would have read access to your emails before encrypting and storing them.
    • When using Privacy-Kit, our Mail Relay service is designed to process emails in-memory and never storing them to disk. This means upon reception of an email, Mail Relay can encrypt your email with zero access encryption and relay it in its encrypted form to your email provider. Your email provider, responsible of storing your emails, cannot access the contents of your emails in that case. This allows you to do a separation of concerns between providers responsible for storage and providers responsible for encryption with zero storage.
2. Are we evil? 😈 providing a free service to steal and sell your data?
  • First of all we are not a free service. Our business model is very fair and transparent and allows us to fully fund the operation of our services and the development of new products for our users. That said, we do have a free plan aiming to help small creators and businesses provide privacy functionality under a certain usage threshold.
  • We have spent more than two years designing and building our existing products from the ground up to provide best-in-class privacy for our users. We opened Mail Relay to the public almost a year ago.
  • We're also contributors to select Open-Source projects aiming to improve Free-Speech online. For instance, we are contributors to Lemmy: e.g. https://github.com/LemmyNet/lemmy/pull/4881
3. Lots of unfounded accusations in the comments. Here are some answers:
  • No. We're not hiding our Github repo. It's actually the first link in our post. It's also available in the linked blog post and available on our website.
  • No. We're not hiding the fact that users need to sign up to use Hide-My-Email. It is technically impossible to provide the service otherwise. This requirement is mentioned in the first paragraph on privacy-kit's Github README.
  • No. Privacy-Kit's repo is not sketch because it only has 2 contributors. The repo is open source and verifiable by anyone. It uses a very permissible MIT License and it was just open-sourced yesterday. Contributions are more than welcome ❀️.
  • No. The privacy-kit repo is not just a website and it does not import unknown code as suggested in the deleted comment 😳. It actually contains the privacy-kit library code, which is a lightweight library with zero dependencies. It also includes two HTML pages for testing under a /test directory. These are not part of the library bundle.

We just felt the need to clear these misconceptions.

Thank you all for supporting us in our mission to improve privacy online ❀️

[–] [email protected] 9 points 10 hours ago* (last edited 10 hours ago) (2 children)

Regarding those screenshots:

But then visitors immediately have to create an account with pportal .io to actually get at the newsletter/sign-up/etc.?

I had a quick look at your main page but it did not answer that question.

I understand that a web dev who wants to offer this has to open an account or get an api key of they want to use your service.

Also I could not find a link to the git repo.

edit: according to OP's answer it is as I thought. Yet another company that collects data both on sites and their visitors. Another iteration of the good old Free model a lΓ‘ Google.

edit2: my personal recommendation is still that people get themselves at least one extra email account with plus-addressing. From a trusted provider of course.

[–] [email protected] 6 points 10 hours ago (2 children)

this site seems super sketch in general looking at the original privacy portal. on the github page there's no listed contributers besides themselves with a MIT license, and they only have two things, a mail service thing and a file app with a rather barebones site in general.

just looks weird

edit: also, the description is kinda misleading it's not a "for the masses" type thing it's just for site owners and two rather basic things.

[–] [email protected] 5 points 10 hours ago

We usually don't trust new services either but here are a few points that might address your concerns:

  • The privacy-kit library was just announced yesterday. There are no external contributors yet but it's open source and anyone is welcome to help make it better.

  • β€œfor the masses” means that it doesn't require high technical skills and anyone can include it to their website. This is one of our goals: democratizing online privacy.

  • Our website is simple on purpose. We aim to keep it this way. We build everything from scratch to reduce external dependencies to the strict minimum.

  • We're also contributors to Lemmy and other select FOSS projects: https://github.com/LemmyNet/lemmy/pull/4881

[–] [email protected] 1 points 10 hours ago* (last edited 9 hours ago)

When a visitor requests to generate an Email Alias using Hide-My-Email or Subscribe-Anonymously, a popup will appear with an OAuth Authentication page using the Privacy Portal OAuth provider. Once authenticated, the email alias will be filled in the email input in the case of Hide-My-Email or the user would get automatically subscribed to the newsletter using an alias in the case of Subscribe-Anonymously.

If the user already has a Privacy Portal account, they just need to sign in otherwise they would need to register a free account.

This information is available in the links included in the post (you can click on the "Privacy-Kit" link in the post for the Github Page.)

For easy access here are all the links included in the post:

Edit:

  • We do not collect data from sites and users as claimed by [email protected].
  • We do not have a free business model (a la Google) either. We have a transparent and fair business model. We offer our OAuth services free under a threshold in order to allow small creators and businesses to benefit from our privacy features.
  • We're a small team with a lot software experience aiming to make something good.