[Vinnl]

Like email masks, we recommend using the phone mask for untrusted organisations. In other words, if you need to provide a phone number to get a shopping coupon, use your Relay number. If your bank wants to do 2FA via SMS (please no, but you know how banks are...), provide your true number.

Now, if you get a phishing attempt that looks like it's from your bank, but it's sent to your Relay number, that should be an additional sign that it's unlikely to actually be from your bank.

[jaclaz]

Still, I see no differences with a second number/burner phone.

For e-mails, a strategy I used and that worked (at a time I had a domain with its own mail server) is to give a "non-existing" e-mail, like specificsite@mydomain.com, the mail server was set to have a "catch-all" account, so specificsite@mydomain.com would arrive (together with messages to anything@mydomain.com, etc.) to this catch-all inbox, while identifying by the address used the "source".

With telephone numbers, a possibility would be to fake a PBX with internal numbers (no idea if it is feasible) i.e. if the relay main number is 123456789, have it working with added "internal" numbers, such as 123456789101, 123456789102, etc.

[Vinnl]

> Still, I see no differences with a second number/burner phone.

That's because that's essentially what this is :)

And yes, that's how Relay for email works (although instead of using mydomain.com, you use mozmail.com, so your different email masks can't be linked together).

We'd definitely like to support a similar pattern for phones, but we still have to figure out a way to do that. Using extensions is one thing we'll be looking at (was also suggested at [1]), but a challenge there is that many services have rather strict validation rules on phone numbers that will disallow that. But it might still be worth it, so stay tuned!

[1] https://connect.mozilla.org/t5/discussions/firefox-relay-pho...