Compartmentalization P. 1 – Email

Compartmentalizing email addresses allows us to have more privacy.

by M.W.

Compartmentalization in the context of digital privacy means creating separate “compartments” for different parts of our lives to reduce the potential harm cause by an attack or leaked data. This writing is about email compartmentalization specifically but compartmentalization could also mean having different phone numbers, different phones entirely or even different computers for different purposes – it’s a method which can be applied in many different ways. The compartmentalization approach works on the pretense that we will all have our security or privacy compromised somehow, eventually. Essentially every time we create an online account, input our information in a checkout page, or otherwise give our personally identifying information to a company, we have to accept the inevitability that our data will be leaked or breached. Compartmentalization is a way to reduce possible harm because it allows us to contain those individual incidents and keep them from affecting all our accounts and devices. Compartmentalization is basically a direct application of the old idiom “don’t put all your eggs in one basket.”

Email compartmentalization means using different alias email addresses as a way to protect your personally identifiable information (PII). There are several reasons why I’m recommending compartmentalizing email addresses as a primary privacy practice.

  1. Credential Stuffing Attacks It seems like every couple weeks there’s another major data breach, with companies offering only canned apologies and little accountability. Since the start of 2019 there have been at least 42 major data breaches affecting companies including Facebook, DoorDash, Microsoft, Capital One, and even possibly the US Census Bureau. If you’re online at all, your data is most likely in publicly available breaches. Credential stuffing is when an adversary uses breached credentials to try to attack other accounts owned by the same person. If you use the same email and password combination and that login information is leaked by even one company, any person can use those credentials to log in to all your other accounts with zero hacking knowledge. If you’re wondering if your credentials have appeared in a breach, I’d suggest using the service haveibeenpwned.com to check. Have I Been Pwned is a service which collects and indexes breach data to help people stay informed about where their personal information has appeared online. Using separate credentials to login to each of our accounts allows us to compartmentalize parts of our life from one another, so when our credentials are leaked or accounts breached it has as little destructive effect as is possible. In addition to having different email addresses, every single account we have should have a completely unique password, and furthermore, it should be a password that cannot be remembered (we will get more into password management at a later date).

  2. Data Brokerage Companies Data brokerage companies create and sell profiles of every single person who uses the internet. They track us across nearly all websites, even if we use plugins to block tracker scripts, even if we are careful. They assemble profiles by tying together information we didn’t even know we were giving out with information like our email addresses which we did willingly give out. These profiles make for incredibly invasive ad targeting, and invaluable resources for adversaries. If we are careful and isolate our compartments from one another effectively, we can deny them the ability to piece together personally identifying information about us. When your email address is the same across all accounts you hold, those accounts are all tied together to create a widely accurate profile of you and your behavior. These companies don’t just sell this data to advertisers; the Secret Service buys location data, which would otherwise require a warrant to obtain, straight from data brokerage companies to circumvent constitutional rights. Compartmentalizing email addresses won’t solve this problem, but it does make it much more difficult for data scraping to automate a clear profile of your online activity. These companies know more than is imaginable about us, why give them any more?

  3. Isolating content If your work and personal emails are compartmentalized, there’s less chance of accidentally sending a confidential work document to a personal contact or a private email to a work contact. If you’re a person who works with particularly sensitive documents, an accidental breach of that data could mean a lawsuit. More generally, if you’re a person who wants/needs to keep an identity private from your family, employer or otherwise, email compartmentalization can reduce the risk of accidentally crossing your streams of communication.

  4. Control and comfort If we implement compartmentalization down to the level that every single service has a unique email address, we can feel totally comfortable giving them that address. I don’t particularly trust that any business is going to keep my data safe on their servers but I am also a working class person and sometimes companies offer further discounts for email subscribers. I would never feel comfortable giving a company my personal email but by using a service like AnonAddy which allows me to make a unique email for each account I create I can give Starbucks an email address I will never use for anything else, such as Starbucks@emailname.anonaddy.com and feel totally comfortable doing so. We have been made to feel we have no control over our data, but there are some concrete things we can do to regain data autonomy. This is one step in that direction.

Here’s an example to emphasize the importance of compartmentalization.

Alex uses the same credentials for everything they do. They log in to their online classes, their bank account, their shopping accounts on store websites and all the apps on their phone using the same email and password. Alex's password is leaked in a breach of a smaller service they use, and it appears in plaintext all over the internet in pastes of the breach data. Alex has a dedicated adversary who is trying to access and exploit their accounts. This person could be an investigator, stalker or other attacker—it doesn’t matter who they are or what their skill level is. Because Alex uses the same password with all their accounts, when this adversary finds their credentials in the breach data online, they can use the credentials to log in to any of their accounts. This is especially pernicious because it won't raise the same flags as brute force hacking or other exploits – it basically looks like Alex is logging in because the adversary knows the correct login credentials.

Even if Alex were to find out their data had been leaked before an adversary did, it would be somewhat of a nightmare to change every single account password and manage that scale of crisis response. If Alex had compartmentalized their credentials, the problem would have ended at the breach of the first account. That's the only account they would need to change the password for because that's the only account which the adversary would be able to gain access to with the leaked credentials.

I pushed back compartmentalizing my email for a long time because it sounds tedious and daunting, but it’s not nearly as bad as it sounds. We will get to other kinds of compartmentalization in the future (hint- compartmentalizing devices, sandboxing apps, virtual machines and Qubes OS) but for email the following methods work well.

Base Level Email Compartmentalization

The first, most basic kind of compartmentalization I would recommend is what I consider the base level email compartmentalization. By base level, I mean this is something I think every single person should do, something I think we should teach our kids when they set up their first email accounts, and something which requires very little change in behavior. In fact, I think many people already do this even for reasons other than privacy.

Base level email compartmentalization means having separate email addresses (compartments) for personal, commercial and work emails. These are the compartments I've found to work best for me but if you feel like you'd rather organize your base level compartments a different way, do what works for you. Some other compartments I've heard people find helpful are financial, school, and dating specific email addresses. For people who need to be able to dictate their presentation different ways in different circles, compartmentalization could offer increased safety by isolating conversations, app accounts, purchases, subscriptions and other communications which could involuntarily out a person if they were made public. Compartmentalizing can offer us some degree of freedom and comfort in participating online in ways we don’t always feel safe presenting in meatspace. Generally, if you’re subscribed to, logged in to or otherwise using a service which would jeopardize your safety if your name publicly appeared associated with it (as in a date leak/breach), I would recommend creating a new email compartment just for that. Moreover, any person who has sensitive communications could make a more specific compartment for comms about that thing only, such as “protest organizing,” “labor union membership,” “anarchist forums,” or “torrenting sites” to name a few. This means you would have distinct email addresses for each of your compartments. For me, hypothetically, I could have the following compartments (these are not real email addresses, they’re made up as an example – please don’t email them).

If you need to use your name in your email for work or personal, that should be fine as long as you maintain good separation between your compartments, however I would not recommend using your actual name for sensitive compartments or commercial email, as that would be considered personally identifying information and the point is to have those accounts not be tied to your actual identity. For my sensitive compartments, I would recommend using randomly generated strings of letters and numbers to make the email addresses as untraceable as possible.

For added disinformation one could use different email providers for each compartment, but that won't be necessary for most users. The use of separate email providers mainly would be to deter an adversary from trying to connect the two accounts to find out they're owned by the same person. I would definitely suggest using a different email provider if you're making a compartment for highly sensitive activities, especially those which might put you at risk of legal action.

This base level compartmentalization means we can give our “commercial” email to a store for a receipt without worrying that now our work inbox will be bombarded by spam emails and phishing attempts. We don’t have to worry that our personal email (which will never be given to a company or posted publicly) will become a target for adversaries. Base level email compartmentalization

Individualized Compartmentalization

The second level of email compartmentalization is individualized compartmentalization. This means the use of individual emails for each individual service/communication, as in “starbucks@emailname.anonaddy.com” for your starbucks account. This is clearly a little more overhead and upkeep, but worth it for total control. I would absolutely not recommend creating hundreds of different email accounts to individualize your compartments, as it could be very easy to lose track of them. Instead, try a service like AnonAddy for individualization. I also want to specifically state that I do not recommend using a secondary forwarding service like AnonAddy for anything really sensitive like your primary social media accounts or banking accounts. Use base level compartment for those, so you know you have control over it. This tool is mainly for use with commercial accounts which don’t have such high stakes. Frankly, if I lost access to my Seven-11 account I wouldn’t panic.

The reason I recommend doing this through a service like AnonAddy is convenience. There are a number of other ways to do this, and similar services out there if you’re interested in looking around, but I’ve found AnonAddy to be the middle ground between convenience and privacy. Lots of hardcore privacy advocates seem to recommend doing everything with the most difficult and cryptic tools possible, but I think that if we are going to really have sustained long term privacy, we have to find a middle ground between convenience and security- if something is so inconvenient that I don’t want to use it or I am going to use it wrong, it doesn’t make a difference that I am using it at all. I also want to note that I am not an affiliate, employee, or otherwise paid by AnonAddy in any way, this is not an advertisement – I just like the service. AnonAddy allows you to create an infinite number of alias emails, all of which forward to a specific inbox. It also allows GPG encryption for forwarded emails, custom domains and self-hosting. AnonAddy is also open source.

AnonAddy works by allowing you to create unlimited aliases with the domain @your.anonaddy.com, where “your” is replaced by whatever you choose as your subdomain name when you register on AnonAddy. The service will forward all If you have a base level compartment for commercial emails, you can have your individualized AnonAddy emails forward to that inbox. The coolest thing about AnonAddy, in my opinion, is that these emails can be created on-the-fly, meaning that if you’re asked by someone for your email on the spot you can tell them any compination of words @your.anonaddy.com and if they email that address it will forward to you. If I am checking out at a bodega, and they tell me they’ll give me 50% off my purchase if I sign up for emails I can makeup an email on the spot, like “bodegacouponspam@mydomain.anonaddy.com” and when they email at that email it will forward to my base level spam compartment in my actual email inbox. As long as everything after the @ is correct, it doesn’t matter what comes before it.

Individualized compartmentalization is really useful for commercial/spam email signups and for untrusted contacts. If you’re a journalist who doesn’t want to give out your actual email, but you need to give people a means of contact, AnonAddy (or similar services) can protect your actual email address. I would not recommend using a forwarding service for banking/financial accounts, important social media, work accounts or school accounts. This is because it adds an extra intermediate layer, which increases your potential loss of control and attack surfaces.

In summary, I recommend creating base level compartments by registering individual email addresses for each compartment. Once you’ve created your base compartments, I recommend using AnonAddy, or a similar service, to create individual email addresses for every single account you have, list-serve you’re signed up for, and for even individual contacts in some cases.

TL;DR + Simple guide.

Compartmentalization means having separate “compartments” or identities for each part of your life. This segments your digital presence in a way that makes it harder for companies, adversaries and attackers to pwn you.

Your email address and passwords appear in breaches, so you should have a different email and password for each account you have. If you recycle passwords and emails, you are putting yourself at risk. I use two methods for compartmentalization.

Base level compartmentalization – this means having separate email addresses for each compartment. This could look something like the following (these are not real email addresses, they’re made up as an example – please don’t email them).

Work compartment: mwwork@protonmail.com – this is the email I would use for emailing an employer, clients or registering work accounts with software/services.

Personal compartment: mwpersonal@tutanota.com – this is the email I would use for emailing my family, partner and my friends about non-work topics. This is also the email I would use if I was signing up for social media accounts

Commercial compartment: mwshopping@pm.me – this is the email I would use for signing up for accounts with online stores, email receipts from purchases at shops and other uses of email which are likely to generate spam. This compartment could also be used for throwaway social media accounts.

Sensitive compartment 1 (for filesharing): 2b97nbhk@protonmail.com – this is the email I would use for filesharing trackers, so those accounts are not tied to my other accounts. For sensitive compartments, I would recommend using randomly generated strings of letters and numbers to make the email addresses as untraceable as possible.

Sensitive compartment 2 (for organizing): wnhx5AYg@tutanota.com – this is the email I would hypothetically use for any communications about political organizing. For sensitive compartments, I would recommend using randomly generated strings of letters and numbers to make the email addresses as untraceable as possible.

Individualized compartmentalization – this means having separate email addresses for each service/account, even within the same base level compartment. To do this, I use a service called AnonAddy, which allows you to register unlimited alias email addresses which forward to your actual base level email account. This protects your actual, base level, email address so it’s not leaked into the public sphere. This could look like the following.

Commercial base level compartment: mwshopping@pm.me

Boba shop individual compartment: bobashop@mwshopping.anonaddy.com

QuickTrip individual compartment: qt@mwshopping.anonaddy.com Starbucks individual compartment: starb@mwshopping.anonaddy.com

Work base level compartment: mwwork@protonmail.com

Client 1 compartment: johndoe@mwwork.anonaddy.com

Client 2 individual compartment: janedoe@mwwork.anonaddy.com

Client 3 individual compartment: samsmith@mwwork.anonaddy.com

This post was originally written by MW and published on the clearnet (warning) at mappingwatchtowers.substack.com
This post is found on tor at writeas7pm7rcdqg.onion/m-w/compartmentalization-1
This blog is found on tor at writeas7pm7rcdqg.onion/m-w/
This post is mirrored on the clearnet (warning) at https://write.as/m-w/compartmentalization-1
This blog is mirrored on the clearnet (warning) at https://write.as/m-w/
If you’d like to support further writing, subscribe via MW's paid substack, or make donations via BTC to 3PnjHL8kwGaTFbgYoBtKLUasKqv2khJq4R
With love and in solidarity,
MW