Illustration: Dana Davis

How a Burner Identity Protects Your Inbox, Phone, and Credit Cards

Published June 28, 2021

Between vaccine appointment notifications, store pickups, online food ordering, and a general increase in online ordering, I feel like I’ve created three times as many online accounts in the past 18 months than I did in all previous years combined.

Handing out any sort of personal information, whether it’s an email address or a phone number, can lead to spam, data breaches, or harassment. More abstractly, it can also enable tracking by data brokers—companies that take identifiable bits of data, including phone numbers, email addresses, and device-specific identifiers (such as a browser fingerprint or device ID that’s linked to a phone or computer) and then aggregate that data into a marketing profile. One way to protect your personal details from both individuals and corporations is to use alternate details, which you can generate through a number of tools. These “burner” identity tools create disposable email addresses, credit card numbers, and phone numbers, all of which can help protect your main accounts while you do just about anything online.

Private email forwarding: SimpleLogin

A screen shot of the Simple Login app dashboard where the user can create and organize multiple alias email addresses.

If you spend a lot of time online, you likely have dozens of accounts spread across the internet, with sites and services ranging from retail stores you’ve shopped at once to random apps that require your email address to use. You’ve probably handed that email address to plumbers, car salespeople, social networks, and countless others who may have gone on to spam your inbox.

Over the years, I’ve taken two approaches to managing the situation: creating a free email address explicitly for shopping (Gmail, Outlook, ProtonMail, and the like all work fine for this purpose) and using email forwarding to obfuscate that address so I can pull the plug if spam starts coming in.

Email-forwarding services—I like SimpleLogin, which generates a nonsense email address, such as gasman_sutlers@aleeas.com—forward any emails sent to that address to your real inbox. If an account gets too much spam, you can block it and start over with a new email address from your forwarding service. This approach is great for shopping, where you may need an email receipt for only a few weeks, or company newsletters, where you might worry that retailers will sell off your email address or other personal data to other services. I found this service especially useful when shopping for a car, a process that required me to throw my email address around to a dozen different places just to get a price tag.

SimpleLogin also has the basic security features we want to see for any service attached to email, including support for two-factor authentication and open-source development; the latter means anyone can poke at the code to ensure that SimpleLogin is respecting your privacy. The free plan gives you a mailbox that operates more like a traditional email service (perfect for emails such as food-pickup receipts, which you need to look at only once), as well as 15 different aliases, plenty for most people. For $30 a year, you can upgrade to a plan with unlimited aliases, unlimited mailboxes, and even your own domain name.

Alternatives: AnonAddy is similar to SimpleLogin, but I found SimpleLogin easier to use. If you use the Firefox web browser, Firefox Relay is another option, though it gives you only five aliases, in contrast to SimpleLogin’s 15. If you have an iPhone, iPad, or Mac, you can use the Hide My Email option in Sign in with Apple for a similar effect (not to be confused with the upcoming iCloud+ feature, also called Hide My Email, which will work in any app), but it’s not supported everywhere.

Throwaway email: Maildrop

A screenshot of the Maildrop dashboard, which resembles a very simplified email inbox.

Sometimes you just need an email inbox with no real security that self-destructs after a few minutes. This is useful for times when you need to sign up for a newsletter to get a discount code, for example, or to read an article. You can find a few of these types of services, but I like Maildrop. When you navigate to the Maildrop home page, you’ll see an automatically suggested email address with its own public inbox that might be reused for other people going to the site. Since anyone with the URL can view this inbox, you shouldn’t use it for anything personal, but it’s great when you just need to click a link and move on.

Alternatives: Compared with Maildrop, 10 Minute Mail and Email On Deck both have better privacy protections to prevent someone from stumbling into your throwaway email, but neither is as dead simple to use as Maildrop.

Virtual credit card: Privacy

A screen shot of the Privacy dashboard, featuring a virtual credit card, its details and a transaction log.

A virtual credit card is a service that allows you to substitute a unique replacement number generated by software in place of your real credit card number. Virtual credit cards are useful when you’re ordering from sketchy websites or signing up for any sort of subscription because deleting a virtual credit card is often easier than cancelling those orders or subscriptions. If a website leaks your virtual credit card information, the card number is useless to a scammer because it’s tied to a specific retailer or limited in the amount it can purchase.

I like the service Privacy for creating virtual cards. With the free version of Privacy, you can create up to 12 virtual credit cards per month, and you can lock each of those to a single merchant (such as one for Netflix and one for REI). You can also set spending limits or set a card for one-time use. Privacy’s free account is plenty for most people (the company makes money from transaction fees and through enterprise offerings), but for $10 a month you get up to 36 cards a month, cash back on purchases, and the ability to hide a merchant’s name from your bank statement. Privacy also integrates with 1Password, our favorite password manager, which makes it easier to automatically generate card numbers using the browser extension you already have installed. Adding yet another service to the mix of online payments isn’t always a good idea, but we like that Privacy supports two-factor authentication, outlines its basic security policies, and keeps its privacy policy straightforward.

Alternatives: Some banks, including Capital One and Citibank, offer virtual credit cards. If your bank offers the feature, there’s no reason not to use it instead of Privacy. Google Pay and Apple Pay both create a random, temporary card for each transaction, which is useful for security, but they’re not always an option at online retailers.

Second phone number: Google Voice

A screen shot of the Google Voice app, on a page where you can select from available phone numbers by city or area code.

Google Voice is the simplest way to get a second phone number, which is useful for all sorts of reasons. Most people have one phone number, and in many cases, they’ve had that same phone number for decades. You may not want to share that one number with everyone, including a blind date, a random person from Craigslist, or a delivery service. A second number is useful for these types of situations. (It’s also useful for signing up for privacy-related services that require a phone number, like Signal.)

Every Google account gets one free number. You can download the Google Voice app (for Android or iPhone) and get calls and texts there, or you can have calls automatically forwarded to your regular number. If you need to burn your number and start over at any point, you can do so for a fee of $10.

Alternatives: Skype is the next-best free alternative, though to use it you need to do everything through the Skype app unless you want to pay for call forwarding. Some phone providers, including T-Mobile and Verizon, offer proxy numbers for a fee, though you can’t burn them if someone you don’t want gets ahold of your number, and the cost adds up quickly. Some paid third-party services, including Burner and Hushed, offer disposable numbers, allowing you to assign yourself a random, temporary phone number. They can get pricey quickly, as well, starting at $4 or $5 a month. According to their privacy policies, both services also collect a lot of data about you, which might defeat the purpose of using one of these apps for certain scenarios. If you need only one additional phone number, the more affordable MySudo app, which we get to below, includes a phone number.

All-in-one burner identity: MySudo

A screen shot of the MySudo app dashboard, featuring options like: "create new sudo" and "add phone number".

If you want all of the above tools in one package, I like MySudo, a smartphone app that includes email addresses, a phone number, and three disposable credit cards for a subscription price of $10 a year (the service also offers more expensive plans that include more cards, email addresses, and phone numbers). The disposable credit cards are iOS-only and charge you a fee, in contrast to Privacy’s virtual card service, but the email address (you get three with the paid plan) and phone number (you get one) alone are worth the $10 a year. MySudo is not particularly great at anything—you wouldn’t want to use it as your main email account or messaging app—but it’s plenty for handling the basics.

With MySudo, you set up individual profiles, called “sudos,” each with their own email inboxes, text messages, credit cards, and phone-call lists. For example, earlier this year I set up a profile specifically for vaccination notifications and nothing else; once I got my shots, I deleted that profile. To make things easier on yourself, I recommend adding at least one of your MySudo email addresses and phone numbers to your personal contact profile on Android or iPhone so that it can autofill when you need to complete forms online.

MySudo holds on to received text messages and emails for as long as you want, which makes it a good dumping ground for online food orders, as well as certain types of appointments and online purchases. We appreciate that MySudo’s privacy policy is short and understandable, and that it has straightforward guidelines for handling government data requests.

By creating these compartments for personal data, you exercise more control over who can access what, as well as when they can access it. If you’re affected by a data breach, compartmentalizing accounts makes it easier to pull the plug on an account without messing up your more personal accounts, and it can help protect your privacy out in the real world when you’re navigating home repair, dating, car shopping, or any other activity where you need to share a phone number or email address with a stranger.

If all this sounds like a lot of work, it certainly can be. It’s unfortunate how much effort it takes to retain a semblance of privacy online. Giving your information over to yet another service online comes with some risks, but as long as you use good passwords and enable two-factor authentication on each of these accounts, the control you gain from using burner identities online often outweighs the risks.