Ricky: So today, I’m going to be interviewing Son Nguyen, the founder of the masked email service simplelogin.io. In a previous video on why you should use a different email address for every account, we showcased AnonAddy, and how you can use it to secure your online privacy and personal cybersecurity. SimpleLogin is an alternative service that you can use as well. And this time, we have the honor of speaking with the founder himself. Son, so glad to have you on the show. Son: Hey Ricky: So let’s just get right into it. In all transparency, I’ve never used SimpleLogin before for my personal use. I kind of got started off with a lot of these different forwarding services in the past.
So, maybe walk me through setting it up. Son: Yeah. Ricky: Okay, so Son, tell me, what do I need to do? Son: Yeah, so actually there’s different ways of using SimpleLogin. I think the most simple one is to use SimpleLogin browser extension. Can you go to SimpleLogin.io? Ricky: Okay, so I’m on simplelogin.io. Get SimpleLogin for Firefox using a plug-in? Son: Yeah. Ricky: So for convenience sake, I already created an account ready to go. But if I were to create a new account, we would just put our email and password there, correct? Son: Yeah. Ricky: Alright, so let’s get started. I already have an account that I created. What software stack did you use to develop the web app? Son: SimpleLogin is based on Python. Ricky: Gotcha. So what is this step all about? Son: SimpleLogin will display a small icon on every email field, so you can quickly create a new email alias. In order to do that, SimpleLogin needs to have a permission.
So this permission is not obligatory, you don’t have to allow SimpleLogin to have this permission in order to use SimpleLogin. If you don’t allow this permission, then you wouldn’t have the small icon display on the email fields. But you can still create new alias by right clicking on the website. Ricky: Awesome. So in this case, I’m going to just approve. So now all we have to do is click this icon? Son: Yeah. You can also create a new alias by opening this add-on. Ricky: Okay, so let me create this alias. Let’s go sign up for a Reddit account. From name should be maybe the name if I’m going to respond to an email, is that correct? Like the name to display? Son: Yeah, exactly. Ricky: Okay, I’ll call it Groucho Marx. Save and back and now we have a reddit.com email registered. So if I go to Reddit, and I click sign up. So as you can see, we have a SimpleLogin email here, the icon. So if I click on that, it will automatically populate? Son: Yeah. Ricky: How is it able to detect that email for this site?
Son: So actually, what happens behind the scenes is, SimpleLogin scans the website and finds the input element, and it will add the small icon in this element, so we can click on it. Ricky: So this generated a new email for me based off of the URL. If I wanted to use the one that I generated myself manually, I would have to open this click to copy. Son: Yeah. Ricky: And then put it in there. Son: Yeah. Ricky: I see. So let’s go ahead and just continue with the new one it generated. For the username… Son: Actually, we can click on the right. So Reddit, proposes some option for username. Ricky: Okay, click on the username there to populate that. Password, let me generate whatever that password is. Everybody can see that, super strong. I like how you use hCaptcha for SimpleLogin rather than reCAPTCHA because reCAPTCHA has gotten very annoying over the years. Son: Yeah, I hate the reCAPTCHA. It’s slow, it’s hard to get right.
And it’s unpredictable, like sometimes they ask for reCAPTCHA like for no reason at all. And that’s why I look for an alternative and hCaptcha seems to be better. It’s also more privacy friendly. Ricky: Okay. So now, I’m signed up. If I want to go to this SimpleLogin website. You also have a web portal for me to manage these emails, right? Son: So actually, we have different versions of SimpleLogin; on the web, via extension, on mobile application. And the web version, it actually is the most complete version. That’s why you can find advanced options like custom domains, adding new mailboxes, directories, enabling Yubikey. Ricky: Ah, so you can authenticate with a security key, like the U2F FIDO standard? Son: Yeah. Ricky: So, pretty straightforward. Any particular settings or tabs you wanted to go over or highlight? Son: Yeah, I will suggest going to settings, and at least enable multi-factor authentication. Because it’s always more secure. Ricky: So I’m not going to set that up right now. But you have the code or even better is using a security key. Son: Yes, this one is even better. Ricky: Okay, can you talk about the domains? Son: So by default when creating a new alias, we’ll use SimpleLogin domains. So you have a bunch of domains that SimpleLogin offers.
But you can also create alias with your own domain. So let’s say if you own a domain called ricky.com, you can create alias like firstname.lastname@example.org or email@example.com, so you don’t have any limit when creating new aliases. Ricky: So in terms of mailboxes, you had mentioned earlier, we can create multiple mailboxes to set for forwarding these emails to. So you can have multiple people receive a copy of the messages. Son: Yeah, and actually, that’s how we manage emails in our company as well. So for each team member, they have their own mailbox. And when creating a new alias, we can choose the team member who will receive emails for this alias. So we can create, for example, iOS@simplelogin.io, which is forwarded to the iOS guy. Another one, firstname.lastname@example.org, and all emails sent to this address will be forwarded to the support person. Ricky: So we have some how-to-use instructions there.
For the aliases, can I create a custom alias rather than our randomly generated one? Son: Yeah, you have two ways of creating new alias. You can create a custom alias where you can customize the alias depending on whether you have your own domain or not. If you don’t have your own domain, there’s always a random string added to the alias to avoid people taking all the nice aliases. But if you have your own domain, then there’s no random bit, and you can name the aliases the way you want. Ricky: Got it. And so if you use a custom domain, you also avoid maybe these domains being blocked by the sign-up provider. Son: Yeah. Ricky: But at the expense of being more unique because if everyone’s using these ones, you get some extra privacy benefit. Son: Exactly. Ricky: Yeah. So Son, that was really cool. Thank you for the walkthrough. Because I’m looking into using SimpleLogin for some of my accounts as well. When did you start SimpleLogin and why did you build it? Son: Yeah, so back in 2019, I watched the Snowden movie, and I became more conscious about protecting my online privacy.
And I see that we usually use the same email address everywhere. So email address is like our online identity. So if we use a single online identity on all websites, we can be tracked easily on the Internet. And that’s why I created SimpleLogin, with the goal of helping users to create a different identity for every service, for every website. Let’s get into some of your personal recommendations for cybersecurity in general. What are some things you do personally to stay secure? Son: Yes, actually for protecting my security, the first thing I recommend is to use a password manager, so that you can create a different password for every website because it helps you to create a different password very easily. And it also helps you to remember the username and password you use for each website, so you don’t have to remember yourself. SimpleLogin is rather for protecting your privacy, and not directly security.
But actuallly, when you have your privacy protected, your security will be improved as well. An example is, when you have different identities for each website, then it’s hard to know about your online behavior. And it’s really hard to create a phishing attack, for example. And actually, phishing attack is the most dangerous, I would say, hacking technique for companies, for corporations. Ricky: Got it. So, back in the day, privacy and security, they may have been two separate things that were kind of related. But as we’re becoming more digitally intertwined, those two things are slowly coming together. So in order to maintain a strong security, you also have to maintain a very strong privacy as well. And to be able to compartmentalize all those email addresses is a really good way to help you do that. Because as we all know, companies suffer data breaches all the time, and your email is going to get out there eventually.
Son: Yeah, exactly. And if you want to check whether your email has been lost, you can use a service called, “Have I Been Pwned.” And most of the time, you will see that your emails is already lost to a spammer. and the second thing, I think the most important thing about security is to be careful, like do not click on any links that you receive. When you receive something that you don’t expect, do not open any file, or run any script that you copy from the Internet. For my parents, what I recommend is to talk to them about security risks, so that they know that there are a lot of risks on the Internet. And we have to be cautious when we talk with someone over the Internet because we don’t see that person. And that person can be anyone, can be a bad guy who tries to steal our information, or our credit card. And I also ask them to basically to be cautious, like, whenever they receive an email that seems a bit strange, don’t click on it. Right click on the link, copy the link somewhere.