We like the skepticism. 😀 Hope the following clarifies things a bit:

1. The repo contains the privacy-kit library code under the /src directory.
2. The website files in the repo are test files used by contributors to test the library.
3. The code from the repo is packaged into an npm library as mention in the README.md.
4. The privacy-kit-*.js are the built library assets that you can build by running npm run build.

Feel free to ask any questions for more clarification. Also the library is tiny it’s designed to have zero dependencies and no impact on website performance.

We usually don’t trust new services either but here are a few points that might address your concerns:

• The privacy-kit library was just announced yesterday. There are no external contributors yet but it’s open source and anyone is welcome to help make it better.

• “for the masses” means that it doesn’t require high technical skills and anyone can include it to their website. This is one of our goals: democratizing online privacy.

• Our website is simple on purpose. We aim to keep it this way. We build everything from scratch to reduce external dependencies to the strict minimum.

• We’re also contributors to Lemmy and other select FOSS projects: https://github.com/LemmyNet/lemmy/pull/4881

When a visitor requests to generate an Email Alias using Hide-My-Email or Subscribe-Anonymously, a popup will appear with an OAuth Authentication page using the Privacy Portal OAuth provider. Once authenticated, the email alias will be filled in the email input in the case of Hide-My-Email or the user would get automatically subscribed to the newsletter using an alias in the case of Subscribe-Anonymously.

If the user already has a Privacy Portal account, they just need to sign in otherwise they would need to register a free account.

This information is available in the links included in the post (you can click on the “Privacy-Kit” link in the post for the Github Page.)

For easy access here are all the links included in the post:

• Privacy-Kit Github repo: https://github.com/privacyportal/privacy-kit
• Announcement Blog Post: https://privacyportal.org/blog/enhance-user-privacy-on-your-website-with-ease
• Privacy Portal’s OAuth Products: https://privacyportal.org/for-business/products
• Privacy Policy: https://privacyportal.org/privacy

Edit:

• We do not collect data from sites and users as claimed by A_norny_mousse@feddit.org.
• We do not have a free business model (a la Google) either. We have a transparent and fair business model. We offer our OAuth services free under a threshold in order to allow small creators and businesses to benefit from our privacy features.
• We’re a small team with a lot software experience aiming to make something good.

Given that an E2EE solution requires all online stores switching technologies, it’s unlikely to happen. The next best option is using a VPN-like solution for email. I use Privacy Portal email aliases with email encryption for this. There are multiple other alternatives but I like Privacy Portal because it has one of the strictest privacy policies and because I’m a little biased (I’m an engineer on the team).

Emails sent to you from online stores get sent to Privacy Portal’s relay servers. These servers act like VPN servers meaning no logs, no writing to disk, zero storage, … The emails get encrypted in memory with your public PGP key (or certificate) and get sent encrypted to your email provider. Only you will be able to decrypt them on device.

If you use Proton mail as your email provider, it supports PGP encryption by default. You can simply copy your public PGP key from proton and submit it to Privacy Portal and you’re done. Proton won’t have access to your emails. Alternatively you can use any email provider with an email client that supports PGP (e.g. Thunderbird, K9). And if all else fails you can even use S/MIME with Apple Mail on iOS but that has some drawbacks.

With this solution you would be separating providers into 2 categories:

• The first provider receives the unencrypted data but has no authorization to log or store anything.
• The second provider is responsible for storing your encrypted emails but does not access the unencrypted version.

On top of that, you can also reply to emails without exposing your the unencrypted versions to your email provider because encrypted emails sent by Privacy Portal contain public keys used for decrypting outbound mail before relaying it to its destination.

The cherry on top is that the online store won’t have access to your personal email. So if they start spamming you, you can stop the email alias.