[Vinnl]

(Relay engineer here.)

This is definitely just the first step; we've got lots of ideas for additional protections we could add, and are monitoring usage and feedback [1] to inform our roadmap.

What this first version gives you is a way to add a tier of trust to your phone number: your Relay number for untrustworthy partners, and your true phone number for important things. That means that data leaks of untrustworthy services can no longer be linked to the important ones through your phone number. Additionally, if you receive a phishing call to your Relay number, that's an extra red flag that it might not be who they say it is.

But again, there is more to come, so stay tuned.

[1] See also https://connect.mozilla.org/t5/discussions/firefox-relay-pho...

[jaclaz]

>This is definitely just the first step; we've got lots of ideas for additional protections we could add, and are monitoring usage and feedback [1] to inform our roadmap.

Yes, and I don't doubt in the least that it may become the third best thing in life after icecream and sliced bread, but right now its usage cases and advantages seem not clear.

Maybe it could be useful to people that lose/get stolen their phone/number, since this mask is "centralized" you change the connected "real" number to a new one only in one place instead of updating several places where the old real number is stored.

>Additionally, if you receive a phishing call to your Relay number, that's an extra red flag that it might not be who they say it is.

I still don't understand.

If I use this relay, giving this mask number to three different organizations for - say - 2FA or emergency recovery or similar, any call or SMS to that number must come from one of the three (untill it is leaked).

Once it is leaked it may still come from any of the three or from someone who is attempting a phishing call, what is the difference against a "main" number or a spare "burner" one?

[Vinnl]

Like email masks, we recommend using the phone mask for untrusted organisations. In other words, if you need to provide a phone number to get a shopping coupon, use your Relay number. If your bank wants to do 2FA via SMS (please no, but you know how banks are...), provide your true number.

Now, if you get a phishing attempt that looks like it's from your bank, but it's sent to your Relay number, that should be an additional sign that it's unlikely to actually be from your bank.

[jaclaz]

Still, I see no differences with a second number/burner phone.

For e-mails, a strategy I used and that worked (at a time I had a domain with its own mail server) is to give a "non-existing" e-mail, like specificsite@mydomain.com, the mail server was set to have a "catch-all" account, so specificsite@mydomain.com would arrive (together with messages to anything@mydomain.com, etc.) to this catch-all inbox, while identifying by the address used the "source".

With telephone numbers, a possibility would be to fake a PBX with internal numbers (no idea if it is feasible) i.e. if the relay main number is 123456789, have it working with added "internal" numbers, such as 123456789101, 123456789102, etc.

[Vinnl]

> Still, I see no differences with a second number/burner phone.

That's because that's essentially what this is :)

And yes, that's how Relay for email works (although instead of using mydomain.com, you use mozmail.com, so your different email masks can't be linked together).

We'd definitely like to support a similar pattern for phones, but we still have to figure out a way to do that. Using extensions is one thing we'll be looking at (was also suggested at [1]), but a challenge there is that many services have rather strict validation rules on phone numbers that will disallow that. But it might still be worth it, so stay tuned!

[1] https://connect.mozilla.org/t5/discussions/firefox-relay-pho...

[stuckonempty]

What are the benefits of Firefox phone relay then versus a free google voice number I use just for spam (“untrustworthy partners”)?

[Vinnl]

I'm not terribly familiar with Google Voice (it also isn't available in my country...), but they look similar in terms of functionality at this point in time. For me personally, the primary reasons to go with Relay would be that I'm already trying to move away from Google as much as possible for privacy reasons, that I'm already using Relay for email masking, and that Relay is explicitly focused on the privacy use case and will keep evolving in that direction.

[stuckonempty]

I can relate to the privacy-focused goal of getting away from google however Google Voice is free. Sadly I think having a competing free Google product that accomplishes most of the same things is going to hurt adoption of the Firefox relay product (which is paid)