An email alias is a routing layer, not a cloak of invisibility. Apple's Hide My Email and Mozilla's Relay both show the basic idea: you can hand a merchant a masked address that forwards to your real inbox, so the store never needs your primary email just to send receipts or order updates. That is useful because email addresses have become durable identity hooks. They are easy to reuse, easy to match, and hard to forget once they are tied to accounts.

The main benefit is separation. A good alias can keep a one-off retailer from polluting your personal inbox, make it easier to spot which merchant leaked or sold your address, and reduce the blast radius if a shopping account gets breached. It can also make it easier to delete an account later because the alias is a disposable handle instead of the email you use for banking, family, or work. That kind of compartmentalization is a real privacy improvement, even before you touch any other setting.

But the alias only hides the mailbox, not the rest of the shopping flow. Once you click through to a store, the merchant can still see your browser, device, IP address, session IDs, order history, shipping address, login state, and any marketing consent you accept. If the checkout page drops tracking scripts or if the receipt link contains campaign parameters, the store can still reconnect a lot of behavior to the same alias. In other words, the alias narrows one identifier; it does not stop the page from collecting the rest of the profile.

That is why the FTC's dark-pattern work matters here. A merchant can make the email field feel like a harmless receipt step when it is actually the first durable identifier in a longer funnel. The moment a shopper types an alias, they may be pushed toward account creation, newsletter consent, app install prompts, or a loyalty signup that makes the alias less disposable than it first looked. The page can frame the exchange as convenience while quietly asking for a reusable contact line.

Pew's privacy research helps explain why this feels off to so many people. Many Americans say they have little control over company data collection, and aliasing is one small way to reclaim control over where messages land. It does not solve the larger sense of being watched, but it does keep the most obvious inbox-level spillover out of your primary identity. That can matter a lot for shopping categories you would rather not merge with your everyday life, from gifts to health-adjacent purchases.

A practical rule is to use aliases deliberately rather than everywhere by reflex. For a retailer you expect to use once, an alias can be a good default. For stores where you need order history, support, or warranty records, a dedicated alias is still better than a primary email, but you should treat it as a semi-permanent shopping identity. Avoid reusing one alias across dozens of merchants if you can help it, and do not let a helpful receipt address become the seed of a new marketing profile.

The safest workflow is simple: use the alias, prefer guest checkout when possible, uncheck marketing boxes, and watch for pages that turn the alias into a full account before you are ready. cloak should make that moment visible. If a checkout starts asking for more than a way to send a receipt, or if the alias begins pulling the user into broader tracking, the browser should surface that tradeoff before the shopper treats the field as harmless by default.

If you reuse one alias everywhere, the alias itself becomes a durable shopping identifier. A better habit is to use one alias for a retailer you trust, another for one-off purchases, and a separate one for the categories you consider sensitive. That way the alias keeps doing the job it was meant to do: absorb the blast radius of a single store, make leaks easier to spot, and keep your real inbox out of the merchant's routine marketing machine.