1. It’s not frequent that someone hands out your address to a 3rd party and when it does, it’s usually exactly the site you would expect. I’ve had it happen 1 time in the last 3 years across 150 different aliases.
2. It doesn’t work well for apps with weird URLs (lots of subdomains, shared domains etc.). You forget how you the address and now can’t login. Yes, maybe you have a password manager, but password managers fail frequently in my experience (e.g. they record the wrong username etc)
3. You are still traceable since ultimately all your addresses are in the same domain. Sure, advertisers aren’t looking for that pattern, but it’s not like you are truly hidden.
4. Domain hijacking can happen. So now you have to be mindful of your domain since it’s a juicy target; Someone hijacker’s your domain, redirects your banking email for a password reset.
2. Again, not a problem. Everyone should be using a pass manager.
3. If you use the same domain/email for your banks (or any other financial/important service) as you do for social media/gaming/whatever, then that's on you.
It's basic security practice to separate the important things so basic hacks like the one you mention are useless.
4. The purpose of this is basic privacy and security, not to be truly hidden.
1. It’s not frequent that someone hands out your address to a 3rd party and when it does, it’s usually exactly the site you would expect. I’ve had it happen 1 time in the last 3 years across 150 different aliases.
2. It doesn’t work well for apps with weird URLs (lots of subdomains, shared domains etc.). You forget how you the address and now can’t login. Yes, maybe you have a password manager, but password managers fail frequently in my experience (e.g. they record the wrong username etc)
3. You are still traceable since ultimately all your addresses are in the same domain. Sure, advertisers aren’t looking for that pattern, but it’s not like you are truly hidden.
4. Domain hijacking can happen. So now you have to be mindful of your domain since it’s a juicy target; Someone hijacker’s your domain, redirects your banking email for a password reset.