My name is Lanedirt and I’m a software developer with over 15 years of experience and a privacy enthusiast. Since 2013, I've been running a public temporary email service (https://spamok.com), but I wanted to build something more privacy-centric and fully self-hostable. That's why I've spent the last year developing AliasVault from scratch. The idea behind AliasVault is simple: create unique, random identities for every website, protecting your privacy and reducing online tracking and profiling.
Key Features:
- Unique identities & passwords: Generate individual aliases and strong passwords for every site.
- Built-in email server: Create email aliases with your own domains, receive and read emails directly in AliasVault—no external dependencies.
- Zero-knowledge encryption: All data encrypted locally (using Argon2Id and AES-256-GCM); your master password never leaves your device.
- Flexible installation: Docker-based self-hosting, supports Linux VMs and ARM devices (like Raspberry Pi).
- Fully Open-source: Free to use, audit, modify, under the MIT license.
I've just released v0.14.0, which adds:
- Built-in support for Google Authenticator-compatible TOTP code generation.
- Official browser extensions now approved and live in Chrome, Firefox, Edge, Safari (macOS), and Brave app stores for easy access to your credentials, email aliases and allows for one-click alias creation.
Try the official supported cloud version: https://aliasvault.net
Github and quick self install guide: https://github.com/lanedirt/AliasVault
Full documentation including architecture: https://docs.aliasvault.net
I'd love to hear your feedback and suggestions, happy to answer any questions! Thanks for checking out AliasVault, I appreciate it a lot! :-)
Apart from that - the idea of the project is just pure fire, I would love very much to have thousands of different personas for the nasty tracking huge corporations that entangled the internet.
its probably more likely they collect the info on you and associate you with the different domains with those emails (and likely without those emails, too)
email is too easy for the user to filter out spam; why bother with that vs websites that require javascript, proactively treat users like they are bots, and also serve ice cold ads? [ex cloudflare and amazon where you have to verify you are a bot _before_ trying to login; remember when websites allowed like 3 attempts before offering the bot detections / backoff protections? - now we cannot even try to login perfectly once without getting "am you a bot?" prompts - even with TOTP]
but after all is said and done - i still really do enjoy a single email per website - it is a great way to filter items (and takes 1 attack vector out of the public email part; they dont ever get my username unless they hack the server)