A match made in privacy heaven?

If you read my previous blog post, you’ll note that my company recently launched an Android mobile phone app called 1ncemail. The goal of 1ncemail is to prevent merchants from tracking your purchase while still enabling them to send you your receipt via email. By opening up 1ncemail, you get an email alias that forwards to your regular email but the alias disappears after it is used such that the merchant can’t spam you or sell your email address or more importantly track you across your purchase. This is especially important where the company tracking you might not be an individual merchant but a payment processor (say Square, cough cough).

So fast forward to today where, as an avid user of random password generating security browser plug in LastPass, I had an epiphany. You see LastPass will generate a random string of characters (using constraints you set like upper and lower case, special characters, numbers, etc) to use as your password on a site. LastPass stores the password for you, encrypted with a master password, so you don’t have to remember “O6ff$4dr9#.” Now, I’ve had people suggest to me that 1ncemail provide aliases for use for registering to websites but I rejected it because it didn’t fit the onetime use model of 1ncemail because people need to be able to reset their passwords, get updates, etc. So if you haven’t figured out my epiphany, I’ll spell it out for you:

What if, just imagine if,,,,not only did LastPass provide a unique password (which protects you against security breaches of your password spilling over from one site to the next) but actually also provided a unique email alias. That alias would ONLY be good for that domain and only allow them to send you emails. It wouldn’t prevent tracking of you on their site but it would prevent them from selling your email or providing it to a data aggregator who could cross reference your purchases from one site to another. While you could do this with LastPass now, using mailinator or one of the other random email websites, the process is laborious, akin to generating your own unique passwords. Seemless integration with LastPass would be amazing!

LastPass remembers your passwords so that you can focus on the more important things in life.

So what do you say LastPass? Want to partner up? Now, I’m under no illusion. The geniuses at LastPass may have already considered this and rejected for some reason I haven’t though of or they could just take my idea and run with it. Nothing patentable about what I’m doing with 1ncemail. However, I’d love to partner up with them or at the least get credit if they decide to implement this idea. I’m just excited to use it.

Oh, and LastPass, please start accepting #bitcoin for premium use.

 

Update: Looks like my idea was proposed 2 years ago. See https://forums.lastpass.com/viewtopic.php?f=7&t=83723&p=277575&hilit=email+alias I thinking i should just create a browser add-on that supports this feature even if not integrated seamlessly with LastPass.

Email confusions

It always amuses me when people don’t know their own email address. I mean, I can understand typos and forgetting some overly complicated string of characters but some people fundamentally seem to always get their own email address incorrect.

I’ve currently been involved with an issue with Redbox whereby one of their customers consistently enters MY email address as their own and I get their receipt (along with what they rented, when they rented, from where they rented it and the last 4 digits of their credit card number). This isn’t just a typo because they do it consistently. I’ve called Redbox (now 3 times) asking them to block my email address. At least the first two times the customer service representative probably just “unsubscribed me.” The third time I asked to speak to a manager and they allegedly marked it such that if the customer attempts to enter my email address at a location they will be presented with an error. It remains to be seen.

Curiously the manager suggested I hit the “unsubscribe” button on the email, to which I pointed out there was none (see picture below). Even more curiously, the manager said that sometimes people have the same email address. Huh? I can only hope that she meant something else to which I’m not sure. I tried to explain that email addresses were unique and someone else couldn’t have the same one though maybe a similar one. She glossed over my explanation. We’ll see if they actually blocked my email address.

Unfortunately this particular email address (I have nearly a dozen) is overly simplistic so I could easily see someone mistaking theirs with mine. This reminds me of Steve Wozniak’s early acquisition of the phone number 888-888-8888, which proved completely useless because of the number of inaccurate calls he received.

Apparently I’m not the only one who has this problem, as this ArsTechnical article points out.

 

redbox