Firefox users can now preserve their anonymity online directly from within the web browser to give themselves a new security boost.
Firefox Relay allows users to create an email mask which hides their true email address from services that they sign up for, but can still forward emails from the service in question to your real address without revealing it. You can block emails from masks if you end up getting spammed, too.
Mozilla will be rolling out the new integration over the next couple of weeks to Firefox Account users, after a period of testing earlier this year. In May 2023, the company also added Firefox Relay to the toolbar of Firefox for testers, allowing them to generate random masks and reuse existing ones without switching apps.
Mozilla believes that there are numerous advantages to using Firefox Relay. Email masks can be easily deactivated – unlike your real email account which you’ll likely be reluctant to delete outright – if it no longer serves you a purpose.
It can also help to preserve your anonymity if you want to share your contact information publicly on social media, for instance; by using an email mask, your true email will not be known to strangers.
By creating numerous masks, you can also control and monitor what emails come from what source. Masks can be renamed to whatever you like, and Firefox keeps track of which mask you’ve used where.
Mozilla also believes that it can help protect you from data leaks, as you real email address won’t be known to bad actors should they breach a service you have signed up for. If they had your real email address that was tied to your other valuable services, such as your bank, then they may be able to perpetrate fraud and ID theft.
Some services, however, do not allow users to signup using email masks, including those generated by Firefox Relay. Last year, GitHub upset many users when Firefox Relay domains were added to a blacklist of burner email providers, which is used by many companies to block such addresses from being used when signing up to their services, forcing users to use their real email address instead.