Separating email addresses, phone numbers, and recovery methods

Accounts and operation

Separating email addresses, phone numbers, and recovery methods

When creating an anonymous account, if you look only at the display name or profile, you miss important parts.

Email address, phone number, recovery account, two-factor authentication, contact syncing. These may not be visible from the outside. However, inside the service, they become strong identifiers.

If you use an email address or phone number tied to your real-name identity for an anonymous account, account separation becomes weaker. Even if the account looks anonymous from the outside, registration information and recovery methods connect it with the real-name side.

This article lays out how to separate email, phone numbers, and recovery methods before creating an anonymous account.

Registration information becomes a strong identifier

For anonymity, looking only at the post body or IP address is not enough.

Information used when registering an account is also important. Email addresses, phone numbers, recovery email addresses, devices used for two-factor authentication, and contact syncing are used by services to manage users.

Information	What it connects to	What to watch
Email address	Real-name accounts, past registrations, contacts	Reuse creates correlation
Phone number	Identity verification, SMS authentication, contacts	Becomes strong identifying information
Recovery email	Real-name environment, everyday email	Connects internally even if not visible from outside
Two-factor authentication	Device, authenticator app, phone number	May mix with a real-name device
Contact syncing	Acquaintances, family, workplace	May be used for recommendations or relationship inference

Registration information may not be displayed in the profile. However, invisible does not mean safe.

Separate email addresses

For anonymous accounts, the basic rule is not to use a real-name email address.

Your everyday email address is connected to your real name, workplace, school, past accounts, payments, cloud services, and contacts. If you use that email for an anonymous account, a strong correlation is created inside the service.

Pay attention to the email address string too. If it contains a real name, birthday, old handle, game ID, workplace name, or region name, it can also become a clue if it becomes visible from the outside.

Check item	Reason
Whether you are using a real-name email	Directly connects with the real-name side
Whether it contains an old handle	Connects with past accounts through search
Whether it is a workplace or school email	Clearly reveals affiliation
Whether the recovery destination is a real-name email	Correlates through the recovery route
Whether multiple anonymous accounts use the same email	Connects accounts to each other

Even when creating an email address for anonymous use, avoid mixing that email itself with your everyday real-name environment.

Separate phone numbers

A phone number may become an even stronger identifier than an email address.

Many services use phone numbers for SMS authentication, identity verification, abuse prevention, and account recovery. If you use the same phone number for a real-name account and an anonymous account, it gives the service a reason to treat them as the same user internally.

Phone numbers also relate to contact syncing. If a phone number saved in an acquaintance's smartphone becomes connected to an account on a service, it may affect recommendation displays or suggested acquaintances.

Use	Risk
Same number as a real-name account	Strong correlation between accounts
Workplace number	Affiliation is connected
Number shared with family	People involved are affected
Contact syncing enabled	Acquaintance relationships become visible
Used for SMS recovery	Remains as a recovery route

When using a service that requires a phone number for anonymous purposes, review the threat model at that point. A service that requires a number may be unsuitable for anonymous operation.

Separate recovery methods too

For anonymous accounts, pay attention not only to the email address or phone number used at registration, but also to recovery methods.

Recovery email addresses, backup codes, authenticator apps, backup phone numbers, and linked accounts are often not visible from the outside. However, for account management, they become very strong connections.

For example, if you set a real-name email as the recovery destination for an anonymous account, it may look anonymous during ordinary use, but the recovery route connects it with the real-name environment.

Recovery method	What to watch
Recovery email	Do not use a real-name email
Backup phone number	Using an everyday number creates correlation
Authenticator app	May mix with a real-name device
Backup codes	Do not store them in a real-name cloud
Linked login	May connect with the real-name side, such as Google or Apple

Recovery methods become a problem after you have forgotten about them. If they are not separated at the beginning, they become difficult to fix later.

Avoid contact syncing

Smartphone apps sometimes request access to contacts.

If you allow contact syncing with an anonymous account, it may connect you with family, friends, workplace contacts, or school contacts. It may also cause the account to be shown to those people as an "account you may know."

In anonymous operation, avoid contact syncing as a general rule. Particular care is needed when using an anonymous account on a real-name smartphone.

What is synced	What happens
Phonebook	Acquaintance relationships are handed to the service
Email contacts	Real-name-side relationships become visible
Social media linking	Accounts connect to each other
Recommendation displays	An anonymous account may become visible to acquaintances

For anonymity, it is also important not to involve people connected to you, not just yourself.

Checks before creating an account

Before creating an anonymous account, check the registration information.

Check item	Why it matters
Whether you prepared a dedicated email	Avoid correlation with real-name email
Whether you checked if a phone number is required	Decide before using a strong identifier
Whether you separated recovery destinations	Avoid connecting with the real-name side through the recovery route
Whether you refused contact syncing	Avoid handing over acquaintance relationships
Whether you separated storage locations	Do not place backup codes or authentication information in a real-name cloud

If any item remains that you cannot judge here, it is better not to register immediately. Registration information may not be fully removable later.

Cautions when changing information

If you have already created an anonymous account, you may later want to change the email address or phone number.

Changing it may be effective. However, the information before the change may remain as history inside the service. The change process itself may also create new traces, such as a notification sent to a real-name email, logging in from an everyday device, or being asked for identity verification.

What to change	What to watch
Email address	A notification may remain in the previous email
Phone number	SMS authentication or identity verification occurs
Recovery destination	Do not temporarily use a real-name email
Two-factor authentication	Watch for mixing authenticator apps or devices
Linked login	Past linking history may remain even after unlinking

When changing information, it is important not to operate in a hurry. Check which environment you will log in from, where notifications will arrive, and what will remain after the change before you act.

Summary

For anonymous accounts, you need to separate not only the display name and profile, but also registration information.

Email addresses, phone numbers, recovery email addresses, two-factor authentication, and contact syncing become strong identifiers inside the service even when they are not visible from the outside.

If you use a real-name email or everyday phone number for an anonymous account, account separation becomes weaker. The same applies to recovery methods and linked logins.

In anonymous operation, separate registration information from the start. Use a dedicated email, choose services that require a phone number carefully, and avoid mixing recovery destinations and storage locations with the real-name environment.

Anonymity is greatly affected from the registration stage before posting begins.

Related tools

Breach check

Have I Been Pwned

An external resource related to this article. Open it only when it fits your situation and threat model.

Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.

URL : https://haveibeenpwned.com/

Open external site

Learn