mozilla/fx-private-relay

Badwords: improve management or remove them

RizzoV opened this issue · 4 comments

RizzoV commented

Reporting this issue as it has been the single service-breaking flaw that made me, an ex paying user, switch to another service. The problem started when multiple services for which I registered an account using a Firefox Relay-aliased address were not able to ever contact me.
The aliases I created when registering were composed like so: <service_related_string>@<custom_domain>.mozmail.com.

I did not explicitly create the aliases from Relay's dashboard, instead I directly typed the new aliases during the registration process for these services, as this convenience is explicitly offered for paying users. As I said, some of the services for which I followed this procedure were never able to contact me, making me lose any control on these accounts management, online purchases traceability, customer support, etc.

After many emails with Relay's customer service I figured out the problem was that the <service_related_string> field contained some substring considered as "badwords".

Now, despite considering its actual usefulness quite limited if not close to null, I understand the good principle behind the "not allowing addresses containing offensive words" idea. However, I honestly think this represents a breaking flaw in Relay's functionality per how it is implemented, given the following points:

  • The badwords list contains many 2-3-4 chars words, which represent extremely common substrings in good words, both in English and in other languages. Checking only if the email address contains one of those (sub)strings without any additional management as it is done now is not sufficient and results in false positives.

  • One of the main features of Relay Premium is having a custom domain for which there's no need to create an alias before using it, as you can just register to websites entering a new alias with your custom domain. This results in the impossibility to warn a user if the inserted alias contains a substring which is considered a badword by Mozilla, hence that alias not working and the user getting his emails lost forever.

  • Relay does not warn the email sender on the impossibility to deliver a message to a badword-containing alias. The emails appear to be successfully sent to the aliased address, even if they are not. Again, this results in no warnings being triggered and the emails' content being lost forever, with both the sender and the (supposed) receiver being unaware of that.

  • I also noticed that the badwords list mostly contains English badwords, which is a naive approach to say the least. I am Italian, and can assure that even "long" badwords on that list are contained in (longer) Italian goodwords. This surely happens with many other languages. At the same time, I could write many non-English real badwords and get a working alias.

Given these points, I believe that Relay should either:

  • Avoid offering the possibility to create new aliases without explicitly creating and validating them through the dashboard or the browser extension - but this would be a convenient functionality paying used would be deprived of.

  • Improve notifications and aliases validation, warning users that they are receiving emails on invalid aliases and email senders that their emails were not successfully delivered.

  • Remove badwords checks completely: they are limited to a single language, rarely updated, incomplete, incorrect (e.g: 'africa' is a bad word?!), contain many short strings which can clearly cause lots of false positives, aliases validation is not managed properly and they cause service-breaking flaws that result in massive inconveniences for users, affecting other services too.

As I honestly liked the idea of using a paid Mozilla service, I truly hope this can be rethought.

lloan commented

@RizzoV thank you for your detailed feedback. I will forward this to the team. Very much appreciated!

  • 🚀1
groovecoder commented

Thank you @RizzoV . These kinds of detailed reports help us a lot!

RizzoV commented

@lloan @groovecoder glad the feedback is found valuable, I hope it can help improve the service and fix this flaw!

marcel263 commented

The word "abonnement" means subscription and is French, but present as a loanword in other languges. First one on the list is "abbo" and "abo".

It is thoughtless to apply this list without informing the user, and very Anglo-centric.

Either inform the user or even better don't use this list.

  • 👍2