AliasVault: Open-Source E2EE Password & (Email) Alias Manager

This looks marvelous, keep up the great work! :slight_smile:

1 Like

Hey

Thank you for the new updates!

I did see the import feature a few days ago but Proton Pass is missing. Please add that as an option too.

1 Like

Also wanted to add the possibility of Have I Been Pwned integration as a premium feature. To help advise when an Alias has been in a breach.

1 Like

This looks really cool, thanks for your work! Encrypted alias mail gives this an edge compared to SimpleLogin imo.

I noticed that the FAQ in the website states:

  1. Email aliases are receive-only, meaning you cannot send or reply to emails from your aliases. This measure prevents potential abuse of the system for spam.

I think that having a reply feature like SimpleLogin’s reverse aliases would be really useful, but would potential abuse of the system still be a problem?

1 Like

@Banter8905 Good suggestion, that would indeed be a valuable addition. I’ve added it to the v1.0 roadmap just now!

@anonymous261 Thank you! Yes, the implementation of a reply feature for email aliases is a heavily requested feature and therefore I made it part of the roadmap for version 1.0. Thanks for mentioning the reverse alias idea, that looks interesting. I’ll add it to my notes for comparing/researching how the system could work for AliasVault :slightly_smiling_face:

2 Likes

Some thoughts after looking at this service:

Exporting with something encrypted would be nice. Maybe a scheduler to auto export too?

Using other email aliasing services (e.g. duckduckgo, addy, etc) as part of the same automated interface would be nice

My current setup is KeePassXC with Syncthing and the only thing I feel is lacking with this service is an automatic email alias generation option built into KeepPass. Selfhosting an aliasvault seems like it would be nice but probably a little harder to setup than syncthing.

A native linux app with no need for a server would be good, it seems the roadmap only includes Windows and Macos though :thinking:

Happy to let you know that Proton Pass has now been added to the import wizard in the latest version 0.16.1.

@germless-omission Thanks for your suggestion! Encrypted mannual exports is a good idea, I’ve added an issue for it on GitHub.

@rescuer-phoniness Thanks for your idea. The current AliasVault design however relies heavily on having a server for receiving email, and to be able to sync the encrypted vault between devices (web app, browser extension, upcoming mobile apps). There are no plans currently for releasing AliasVault as a standalone client that relies on pure local storage. However I am going to look into native client apps, where I hope to be able to make it cross platform so Linux support should be possible too.

1 Like

I just watched the video on your website, and this looks promising. I personally think there needs to be more competition in the alias market, because Proton Pass / Simple Login has some serious limitations I am not comfortable with.

I also think Password managers like 1Password need to step their game up and offer an alias feature at no extra cost, or else they will eventually lose market share to Proton Pass.

My questions for you are as follows:

1) Can I receive email to my aliases to an inbox address (e.g.: a Proton address)?
2) Can I send emails from aliases?
3) Can I create more than one alias for the same third party website (e.g.: 3 aliases for 3 Reddit accounts)?
4) Can I choose the words in my alias (eg: green.apple123@aliasvault.com) ?

It’s my understanding that Alias Vault is currently 100% free but that in the future, you plan to introduce a paid plan.

5) Will you remove features that are currently free when you introduce that paid plan?

This is one of my biggest issues with a lot of online service. IMHO, if a service needs to remove features that are currently free to compel users to move to a paid plan, it’s not worth paying for.

Thanks for watching the video and your interest in AliasVault :slight_smile:

I’m happy to answer your questions:

  1. No, forwarding received emails to another email address is not currently supported. By design, as soon as emails are received by AliasVault, they are immediately encrypted and only stored in encrypted form. Emails can only be decrypted by the user themselves using a key that is stored in their own encrypted vault.

  2. Replying to emails is not supported yet, primarily to prevent spam abuse in the cloud-hosted variant. This feature is however planned for the v1.0 roadmap, which I expect to have ready before the end of this year. But how exactly this feature is going to work requires some further research.

  3. Yes, you can create multiple aliases for the same website. You can do this by simply creating multiple credentials for it. The autofill in the browser extensions will automatically detect this. So for example, if you want to log in to Reddit, it will show you all Reddit accounts/aliases that you created and stored in your vault.

  4. Yes, you can choose your own email alias, as long as it hasn’t already been used by someone else. By default, when generating a random alias, it creates a matching email address (e.g., for the alias “Riley Meyers,” AliasVault may assign something like “rileymyers61@aliasvault.net”). The exact email structure is randomized, but you’re also free to enter your own desired email address when creating the alias.

  5. No, free features will not be removed. All current free features (and more are coming) will remain free. Future paid features that will be part of the AliasVault premium offering will be entirely new convenience features. Features such as connecting your own email domains to the AliasVault cloud offering, increased storage, automatic cloud backups, and possibly even a temporary mobile phone number service.

I agree with you that a premium offering should be distinctive and valuable in itself, adding real benefits for users rather than gatekeeping previously free features.

Also, as AliasVault is open-source, users are always free to self-host it, which comes without any storage limits and allows them to manage their own backups as they please. So in that sense, the future premium features will mostly focus on convenience, not necessarily essentials for security purposes.

If you have any further follow-up questions or ideas, feel free to share!

4 Likes

I think your product/app/service is going to be come the new gold standard for what such a tool is and can do that provides a solid alternative to Proton’s offering. And the privacy tech space always needs more alternatives and options.

I do look forward to the continued development and any premium offerings to properly compete with others on the features and price fronts.

4 Likes

Thank you so much for taking the time to respond. :grinning_face_with_smiling_eyes: I’m satisfied with your answers, and it makes me want to test Alias Vault.

MULTIPLE ALIASES FOR THE SAME WEBSITE IS A MUST FEATURE:

The ability to create multiple aliases for the same website is an indispensable feature for me. Most Proton users don’t know this, but Proton Pass / Simple Login only allows one alias per third party website, which to me is ridiculous.

Many of us have multiple accounts with some websites, and we can’t use them with Proton Pass. Even if Proton Pass somehow allows you to create more than one alias for the same website, it is explicitly against their rules. I got a warning after creating a third alias for the same website. That’s how I found out about this limit.

I spoke to Proton Support, and they told me as much. I’ve had numerous conversations about this issue with them over time, and some customer support agents did not even know about this rule and learned it from me. I hope Proton changes this rule because it has security and privacy implications that I plan to write about in a future post.

I just have one last question:

Why did you create Alias Vault? What compelled you to do so?

I wouldn’t say that the email alias market is crowded, but there are already quite a few providers (Simple Login/Proton Pass, Addy, IronVest, Duck Duck Go, etc…).

Why did you feel there was a need for a new one?

About the planned phone number feature, is it limited to two or three countries like US or available everywhere?

I see it is free to use (for) now, but are you thinking about pricing the service in the future and if so, do you already have some price points in mind?

@PurpleDime, On why I created AliasVault, that’s a good question :slight_smile:

I’ve been a privacy enthusiast for a long time. My journey began in 2013 with creating asdasd.nl, a Dutch temporary email service that later evolved into SpamOK.com. Over time, I received more and more questions from users interested in more advanced features. Also two years ago when I added a name generator and saw how widely it was used, it got me thinking: why not build an integrated tool that combines alias identities, (temporary) email addresses, and login credentials, all in one system?

While there are other tools out there, they often rely on external services and lack a unified, self-hostable ecosystem. Also from a design and usability perspective, I like to keep things simple and have it “just work”. For those who like to self-host and keep things simple, having everything integrated just makes sense.

AliasVault has been a passion project from the very beginning, not just for myself, but for the wider community that values privacy and digital independence. After working as a freelance software developer for over 15 years and wrapping up a long-term client project last year, I felt it was the right moment to follow my intuition and invest my time into building AliasVault. My dream has always been to build and grow a product that’s not only sustainable, but genuinely useful to others. And seeing people using AliasVault, sharing it online and offering their feedback makes me very happy :slight_smile: .

For now I’m funding everything out of pocket myself, which is mostly my time. But when the basic feature set will be mostly done at the end of this year, I hope to make it more sustainable by adding the earlier mentioned premium options. I’m also considering future investment or crowdfunding opportunities, which could help with things like larger marketing efforts and expedited feature releases.

@beaver The planned phone number feature is intended to be available in as many countries as possible, while having to take into account the different jurisdictions and local legal requirements. My intention is certainly not to restrict it to just a few countries, but to make it as flexible and location-independent as possible. I’ll be sharing more details on this in the coming months.

@Youri I have not decided yet about the exact pricing points, but the goal is to offer something that’s competitive with existing services while remaining accessible and fair for users. It’s also worth reiterating in this case that the current features of AliasVault that are free will remain free, so any future premium options should be considered as additional extras, not paywalled essentials.

7 Likes

I don’t think that’s quite accurate? SL And Proton’s TOS both disallow “Abusive” use of aliases for third-party services, which SL clarifies to include “bulk signups,” but I don’t see any prohibition of “multiple” aliases for a single service.

Sources:

SimpleLogin | Terms and Conditions (Section 1, paragraph 9)
Terms of Service | Proton (2.11)

Yes, and abuse and bulk sign-ups is any more than one alias per third party website. I exchanged directly with Proton support, and they’ve told me as much. Also, I got an automated warning after creating 3 aliases for the same website. And the third alias didn’t work. Proton has internal rules that may not be explicit in the TOS, but you can ask them yourself.

It sucks, but many online companies have weasel words in their TOS that they get to interpret however they want. Most of us would agree that if I bought 2 apples or 3 apples, I did not buy them in bulk. But to Proton, bulk is any more than one. I argued with them about this. That’s what they decided. Even if you were able to create 2 aliases for the same website, and they work, it’s not allowed. Hence, it’s a risk if you get caught.

Only one alias per third party website is allowed. Ask Proton. And when you ask them, ask them to confirm with their superiors, because as I said, some agents don’t know about this internal rule and assume that you can create as many as you want.

For context, in my situation, I was not signing up to any service. There is a website for which I have 3 accounts, and I have had those accounts for many years. All I wanted to do was replace the email for each account with a Proton alias. Even though signing up to a service is not the same as updating your email for said service, for Proton, that is irrelevant. I updated my emails within 2 hours and got a warning after the third alias.

2 Likes

Thank you for sharing your story! I wish you success in your endeavor. Competition is healthy and necessary. I don’t know if it’s you or Proton that came up with the idea of combining password manager with aliases, but I think it’s fair that Proton popularized it. Either way, it’s a brilliant idea! IMHO, every paid password manager should copy this concept at no extra cost, or they will lose to competitors.

3 Likes

If true (I haven’t inquired myself), then I do agree that that’s too strict. I understand not wanting users to spam third party services leading to them blanket banning all Proton/SL addresses, but there are legitimate cases for a single person needing alt accounts, like having personal vs business profiles on a social site.

Absolutely. Unfortunately, Proton doesn’t seem to appreciate this. Pretty much all other alias providers allow you to have multiple aliases for the same website, except Proton / SL, which is INSANE. Carey Parker from Firewalls Don’t Stop Dragons shared on his podcast that he has 2 LinkedIn accounts. Although I don’t really use my LinkedIn account, I want to create a 2nd account so I can look at jobs and profiles anonymously. With Proton, that’s not possible.

Millions of people use websites for which they have multiple accounts for whatever reason, and Proton refuses to make room for this extremely common reality. I argued back and forth with them for weeks! One of the counterarguments they gave me is: “we’re not Google” i.e., we are not as widely accepted, so we don’t want to take the risk of allowing multiple aliases for the same website, even though every other alias provider does.

They say that, but at the same time encourage people to brag on social media about how many aliases they have.