Firefox’s Private Relay service tests anonymous email alias feature

Email addresses are impossible to live without and yet, despite years of technological advance, can often be just as tricky to live with.

Most people often still have only two email addresses, one for work and a personal address, and they are often sitting targets for spammers, scammers and nuisance emailers in the digital equivalent of ‘we know where you live’.

At the weekend Mozilla announced that it is testing an experimental service called Firefox Private Relay that it thinks will offer an appealing solution to this issue.

Installing as an extension, Private Relay will let users generate a random, temporary email addresses at the click of a button, explains Mozilla:

When a form requires your email address, click the relay button to give an alias instead. We will forward emails from the alias to your real inbox.

From the point of view of both the user and the service being subscribed to, this email address will work like any other except that:

When you’re done with that service, you can disable or destroy the email address so you’ll never receive any more emails from it.

Better still, should that service suffer a data breach, the email address will reveal nothing – for example the user’s name or initials – about the user behind it. It might also make accounts more secure by turning the normally guessable email address into something genuinely random.

But don’t email services already offer email aliases?

In fact, they’ve been around for years but they tend to be very clunky to set up and use.

For example, in Gmail it’s possible to register multiple email addresses (assuming nobody else is using them), link each to a primary account, and then simply change the ‘from’ line when sending emails.

It’s also long been possible to create a temporary Gmail alias by adding a ‘+’ symbol (

It’s not clear that many people bothered. Apart from being a nuisance to set up, neither approach solved the fundamental problem that users still had to manage emails sent to these addresses using the dated concept of filtering. They couldn’t just be turned off.

The innovation behind Firefox Relay is that instead of the user managing email aliases, the service does it for them. Because creating one is as easy as generating a random password, all users need to worry about is whether they should turn them off.

This makes a lot of sense but there are some obvious pitfalls. For instance, if you sign up for a service using a Firefox Relay email alias, turning it off impulsively will make it difficult to reset your password if you get locked out. It’s not clear yet how easy or difficult it will be to make, or undo, that mistake.

Anyone interested in testing or using Private Relay can install the extension and add themselves to the testing wait list. They’ll also have to have to log into their Firefox account.

Microsoft Edge

Meanwhile, Microsoft continues to beef up its Chromed Edge browser, extending its SmartScreen security layer to cover file downloads in contexts such as ClickOnce or DirectInvoke apps in dev version 84.0.495.2.

SmartScreen’s been around for some time as a browser layer (and even a Chrome extension) that checks web addresses to make sure they’re not scam websites. That’s also been true for file downloads, but it seems that ClickOnce (a way for apps to install with minimal interaction) and DirectInvoke (an app that opens or installs from a URL) were not covered in the new Edge until now.

From version 83, users also get Automatic Profile Switching, a convenient way to keep home and work browsing data in separate silos. Introduced with the appearance of the new Edge last summer, this can now detect when users have navigated to a work website and switch automatically.

Latest Naked Security podcast


Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.