Why I Stopped Using My Primary Email for Everything: A Privacy Manifesto

In 2019, I did something I had been putting off for years. I went to HaveIBeenPwned.com and typed in my main email address—the one I had used since high school. The one connected to my bank, my tax returns, my family photo cloud storage, and every social media account I had ever created.

The result was a red screen. 47 Data Breaches.

My email wasn't just mine anymore. It was in the databases of Adobe, LinkedIn, MyFitnessPal, Canva, Zynga, and dozens of obscure marketing forums and e-commerce sites I didn't even remember signing up for. Each breach represented a different company that had promised to keep my data safe and had failed. Some of these breaches exposed not just my email, but associated passwords, phone numbers, physical addresses, and even the last four digits of credit cards.

It was a wake-up call. I realized I had been treating my email address like a casual public handshake, when I should have been treating it like a social security number—something you only share when absolutely necessary, with entities you explicitly trust.

The "Single Identity" Fallacy

Silicon Valley wants you to have one identity. "Log in with Google." "Log in with Facebook." "Sign in with Apple." It's convenient. It's seamless. It saves you 30 seconds of filling out a registration form. And it is a trap that centralizes your entire digital existence into a single point of failure.

When you centralize your identity, you create a master key to your digital life. If your main email account is compromised—through phishing, a data breach at Google, or even a sophisticated social engineering attack on your phone carrier—an attacker gains access to everything connected to that email. Every password reset, every two-factor authentication backup, every account recovery flow leads back to that one email address.

Think about what an attacker can do with just your email address and a compromised account: they can reset your banking password, access your cloud storage, read your private messages, impersonate you on social media, and potentially steal your identity entirely. All because you used the same email for your bank and for that random recipe website that asked you to create an account.

The Psychology of Convenience

Why do smart people make this mistake? Because convenience is an incredibly powerful psychological force. Every time a website offers "Log in with Google," your brain performs a quick cost-benefit analysis: 2 seconds of clicking one button versus 30 seconds of typing out an email and creating a new password. The immediate benefit (saved time) is tangible and obvious. The future risk (data breach, identity theft) is abstract and probabilistic.

This is the same cognitive bias that makes people skip wearing seatbelts on short drives or neglect sunscreen on cloudy days. The risk is real, but because the negative consequence is not immediate, our brains discount it heavily. Browser autofill makes it even worse, because Chrome and Safari actively encourage you to reuse the same email by pre-populating forms. You have to actively fight against the design of your own tools to protect yourself.

The Data Broker Economy

What I didn't understand in 2019 was the scale of the Data Broker industry. Companies like Acxiom, Epsilon, Oracle Data Cloud, and Experian don't just collect data passively—they actively build comprehensive "shadow profiles" of you. They scrape public records, buy leaked databases, purchase user lists from apps and websites, cross-reference social media activity, and merge it all into a detailed behavioral graph that is sold to advertisers, insurance companies, employers, and sometimes even law enforcement agencies.

They know that john.doe@gmail.com:

• Likes hiking (bought boots on REI and subscribed to trail newsletters)
• Has a credit score of approximately 720 (applied for a specific credit card)
• Is interested in mental health resources (signed up for an anonymous support forum)
• Recently searched for apartment rentals in Austin, TX (registered on Zillow)
• Has a child starting kindergarten (purchased school supplies from Amazon)

All of this data was connected because one email address was used across multiple services. By using the same email for everything, I was doing their work for them. I was connecting the dots across my entire digital life, creating a comprehensive profile that I never consented to and could never delete. Every new signup added another data point to that graph.

The Real-World Consequences

This isn't just an abstract privacy concern. Data broker profiles are used to make real decisions that affect your life. Insurance companies use them to adjust premiums—if your email is associated with purchasing unhealthy food or visiting certain health forums, your health insurance rates can increase. Employers use background-check services that pull from these databases. Landlords use them to screen tenants. Political campaigns use them to target you with manipulative messaging designed specifically for your psychological profile.

In 2024, a major data broker breach exposed over 2.7 billion records, including Social Security numbers, physical addresses, and email addresses. The data was sold on the dark web for pennies per record. If your email was in that breach—and with 47 breaches already to my name, mine almost certainly was—criminals had a comprehensive dossier on my entire life.

My New System: The Airlock

I didn't delete the internet. I didn't move to a cabin in the woods. I just fundamentally changed how I interact with online services. I now operate on a "Zero Trust" model for my email interactions, inspired by the same security architecture that protects corporate networks.

1. The Inner Circle (5 Trusted Entities)

I have one email address that only 5 entities know: my bank, my doctor, the government tax authority, my wife, and my parents. This address is hosted on ProtonMail with hardware key two-factor authentication enabled. If I ever receive an email at this address from anyone other than these 5 entities, I know instantly and with absolute certainty that it is a phishing attempt or a scam—because no one else has this address.

2. The Firewall (Forwarding Aliases)

For reputable services I use daily and want ongoing communication from—Github, Netflix, Amazon, Spotify—I use email forwarding aliases through a service like SimpleLogin. Each service gets a unique alias: netflix.myname@simplelogin.com, github.myname@simplelogin.com. If one alias starts receiving spam (because the service was breached or sold my data), I simply disable that one alias. The rest of my digital life is completely unaffected. I can also see exactly which company leaked my data, because each alias is unique.

3. The Airlock (Temp Mail for Everything Else)

For everything else—which constitutes roughly 95% of my internet interactions—I use fake.legal. Reading a news article that requires registration? Temp mail. Need a discount coupon code? Temp mail. Trying out a new SaaS tool to evaluate it before committing? Temp mail. Downloading a PDF whitepaper? Temp mail. Connecting to airport or hotel Wi-Fi? Absolutely temp mail.

The temporary email acts as an airlock on a spaceship. I enter the dangerous environment (the open internet), I get what I need (the verification code, the download link, the Wi-Fi access), and then I "decontaminate" by letting the temporary identity dissolve completely. The email address expires. The inbox is wiped from RAM. Nothing follows me home to my real identity. No data broker can connect this disposable interaction to my permanent profile.

The Mental Shift

It takes conscious effort to break the habit of autofill. Chrome really wants you to fill in your real email address on every form. Safari offers your iCloud address. Your muscle memory types the first few letters of your Gmail before you even think about it. Breaking this pattern requires deliberate practice for about two weeks before it becomes second nature.

But the peace of mind is unmatched. My main inbox used to receive 40 to 60 emails per day—most of them promotional spam, marketing newsletters I never subscribed to, and "special offers" from companies that had somehow acquired my address. It was a constant source of noise and low-grade anxiety.

Now? My main inbox receives maybe 3 to 5 emails per day. Every single one of them is actually important and from someone I know. When I get an email, it's from my bank, my family, or my doctor. There is no noise. There is no spam. There is no mental overhead of sorting through junk to find the one email that actually matters.

This isn't paranoia. In 2026, with AI-driven phishing emails that are indistinguishable from real ones, with deepfake voice calls that clone your family members' voices, and with automated social engineering attacks that can compromise accounts in minutes, compartmentalizing your digital identity is not excessive caution—it's basic hygiene. It is the digital equivalent of washing your hands. It costs almost nothing, takes almost no time, and dramatically reduces your risk.

---