I’ve been building https://accountproxy.com — a zero-knowledge, privacy-by-design service for creating pseudonymous identities with persistent email aliases. The goal is to let you sign up for services (VPNs, adult sites, IPTV, etc.) without ever putting your real-world details on the table.
The catch is… I may have pushed the privacy model to the point where only a tiny sliver of people could actually use it.
Here’s the gist:
- You get a random AccountID when you start. No name, no email, no phone. That ID is the only thing the system knows you by.
- You can enable MFA — but only with an authenticator app. No SMS, no email codes.
- You can create multiple pseudonymous identities, each with its own fake profile details (name, address, etc.).
- Each identity can have multiple unique email aliases, typically one alias per service, so nothing can be linked across accounts or platforms.
- Designed for long-term, ongoing accounts, not throwaway or disposable email — so you can keep the same alias for years without exposing your real identity.
- We keep zero personal info, so if you lose your AccountID… it’s gone. No recovery.
Why not just use Proton or Tuta?
They’re excellent mail providers, but what I’m building isn’t a mailbox — it’s an identity layer. You can point your aliases to Proton/Tuta if you like, but AccountProxy sits in front as the privacy shim.
- Per-service isolation: Multiple identities, each with multiple aliases, usually one per service to prevent linkability.
- Vendor-agnostic: Works with any inbox you choose.
- Beyond email: The long-term goal is a pseudonymous identity platform with not just email aliases but also phone/SMS numbers, Telegram bot relays, and eventually OAuth2 “Sign in with AccountProxy” for truly compartmentalized logins.
Access works via prepaid tokens you buy from third-party vendors. You redeem one, time gets added to your account, the token is discarded. Buyer and redeemer can be two totally different people. We don’t see who bought it.
No Google Analytics, no third-party cookies, no third-party XHRs, no logs — and authentication uses stateless JWTs, so there’s no session database, no IP retention, and nothing to tie activity back to a user. From a data-collection standpoint, it’s about as close to best in class privacy as I know how to build.
Where I’m stuck — and what I’d like your take on:
- Is “no recovery without ID” too extreme, even with warnings and backup instructions?
- Should MFA be optional, or mandatory?
- Is the token-based subscription model worth the friction for the privacy gain?
- Will a Mullvad-style account number make sense to people outside the VPN world?
It’s invite-only right now, so I’m not trying to get people to sign up — just wondering if I’ve built something actually usable?
perfectlyzero•5mo ago
The catch is… I may have pushed the privacy model to the point where only a tiny sliver of people could actually use it.
Here’s the gist:
- You get a random AccountID when you start. No name, no email, no phone. That ID is the only thing the system knows you by.
- You can enable MFA — but only with an authenticator app. No SMS, no email codes.
- You can create multiple pseudonymous identities, each with its own fake profile details (name, address, etc.).
- Each identity can have multiple unique email aliases, typically one alias per service, so nothing can be linked across accounts or platforms.
- Designed for long-term, ongoing accounts, not throwaway or disposable email — so you can keep the same alias for years without exposing your real identity.
- We keep zero personal info, so if you lose your AccountID… it’s gone. No recovery.
Why not just use Proton or Tuta?
They’re excellent mail providers, but what I’m building isn’t a mailbox — it’s an identity layer. You can point your aliases to Proton/Tuta if you like, but AccountProxy sits in front as the privacy shim.
- Per-service isolation: Multiple identities, each with multiple aliases, usually one per service to prevent linkability.
- Vendor-agnostic: Works with any inbox you choose.
- Beyond email: The long-term goal is a pseudonymous identity platform with not just email aliases but also phone/SMS numbers, Telegram bot relays, and eventually OAuth2 “Sign in with AccountProxy” for truly compartmentalized logins.
Access works via prepaid tokens you buy from third-party vendors. You redeem one, time gets added to your account, the token is discarded. Buyer and redeemer can be two totally different people. We don’t see who bought it.
No Google Analytics, no third-party cookies, no third-party XHRs, no logs — and authentication uses stateless JWTs, so there’s no session database, no IP retention, and nothing to tie activity back to a user. From a data-collection standpoint, it’s about as close to best in class privacy as I know how to build.
Where I’m stuck — and what I’d like your take on:
- Is “no recovery without ID” too extreme, even with warnings and backup instructions?
- Should MFA be optional, or mandatory?
- Is the token-based subscription model worth the friction for the privacy gain?
- Will a Mullvad-style account number make sense to people outside the VPN world?
It’s invite-only right now, so I’m not trying to get people to sign up — just wondering if I’ve built something actually usable?