For the past 6 months, we’ve been building anon.li - a fully open source email aliasing & E2EE file sharing platform based in Liechtenstein (Europe).
anon.li Alias allows you to create email aliases through our website, CLI, API, browser extension or with our MCP for AI agents. Free plan includes PGP encryption & reply support.
anon.li Drop allows you to share files up to 250GB in size with client side AES-256-GCM encryption. Set download limits, get notified when your file gets downloaded and set the expiry date up to 30 days.
anon.li Form allows you to create private forms with client side AES-256-GCM encryption. Set password protection, allow file uploads using anon.li Drop, get notified for every response, export all responses in a CSV/JSON file.
All your drop keys, alias notes, labels… are securely stored in an encrypted vault that only you can access. All of our source code is available on GitHub under the AGPLv3 licence.
I see no real name of anyone attached to this project. That’s feels sketchy. Even some of the most privacy conscious folks who make privacy forward tools disclose their names and their background.
A brand new project never heard of before until now with a website that’s following a trendy design in the age of vide coding and AI slop needs to be more clear and transparent than just showing the project is open source.
While I absolutely love what the products are and supposed to be and I see all the right things being said, establishing legitimacy with such kinds of privacy tools also requires disclosure of at least the founders names and background of the the team behind it.
Complete anonymity on the devs end will still scream honeypot even if the tools are legitimate and as advertised.
I also don’t see the work history of 6 months of development as you claim on GitHub or codeberg.
Your warrant canary page is also due for an update.
And copying Proton’s tagline of “Privacy by Default” is also not showing any originality. To me that’s a small red flag at the very least.
Anyways, those are my preliminary views. Hope you can answer for and clarify all these concerns and red flags as I see them.
Competition is good, but aside the points @DigitalAutonomy brought forward, i don’t see why i should really use it in the lights of other established services.
Firefox Relay and addy.io both are cheaper, well-known and established and the latter is open-source too.
Drop makes sense to me only in the paid tier, because the free tier is practically identical to Tresorit Send or Wormhole, both of which are also well-known, free and E2EE, while not requiring an account. For everything else it’s more convenient to just share a link to download a file from your cloud service.
Maybe after some time, when the groundwork is laid, it might be worth a try. But as it is right now, i don’t think so.
What do you you think about Tutanota - there is no anomity?
…according to Ortis, [another agent] briefed him about a “storefront” that was being created to attract criminal targets to an online encryption service. A storefront, said Ortis, is a fake business or entity, either online or bricks-and-mortar, set up by police or intelligence agencies. The plan, he said, was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them.
source: CBC
Yes. Tutanota denied it.
CryptoAG was protected by Swiss law system - Now we know the lied too.
Crypto AG rejected these accusations as “pure invention”, asserting in a press release that “in March 1994, the Swiss Federal Prosecutor’s Office initiated a wide-ranging preliminary investigation against Crypto AG, which was completed in 1997. The accusations regarding influence by third parties or manipulations, which had been repeatedly raised in the media, proved to be without foundation.”
Your website doesn’t cooperate with Tor Browser. If you cannot handle website how can people trust you with more complex services you offer?
Secure Connection Failed
An error occurred during a connection to anon.li. PR_END_OF_FILE_ERROR
Error code: PR_END_OF_FILE_ERROR
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
This looks like a very interesting and worthwhile project, and as others have said, competition is good. I am more interested in the drop service than the alias service.
Although I understand you are a small company at the beginning of your journey, Tresorit Send’s free tier is currently better than yours and doesn’t require an account.
With regard to your alias service, I am generally not a fan of services that have more than one paid tier unless it is for businesses. As someone who has 500+ aliases, your middle tier is not attractive to me. Although I know some people will see value in it, given that the average internet user has more than 100 online accounts, I don’t see the point of it.
Lastly, I am not a fan of deceptive marketing when it comes to pricing. I know every company does this, but emphasizing the monthly cost of something when people are paying yearly for it is deceptive to me. Plus, your website doesn’t even show the yearly price at all.
Yeah. Not showing total price for the year is shitty. It screams of the “enshittification” mindset to not be upfront and also makes critical thinkers among us feel insulted because clearly they are showing as they are to attract folks who don’t normally see beyond the sticker price because well, that’s what they want folks to know as it’s a “low” price.
Hello!
Thank you very much for the honest feedback and deep research of our website
For now, I have exactly 0 search results when you search for my full name, and didn’t want to ruin this until the project became successful. I do realize now that this can appear suspicious, so I am rethinking it now.
As for the website, we do have a web developer in our team, which helps himself with AI tools, but most code is programmed manually, all code is still reviewed by humans.
For the 6 months of development, we initially had the GitHub repository on my personal account, but then moved it to the brand account without the history. I hired the first employee on October 1st, 2025, started working on the idea in August.
We will push the updated warrant canary in 4 hours, since we’re adding a new service to our offering. Sorry for the delay!
Again, thank you very much for the comprehensive review!
Apart from addressing concerns already mentioned, it would also behoove you to have an Onion link so the website can be accessed and used via Tor. It’s only apropos.
The more I’m browsing through your website, the more trendy it’s feeling and looking like a template of a website you are using for your product than actually coming up with an original website design to showcase your tools. Monochromatic is also dull and boring. I hope you can “upgrade” it to something that looks and feels more “legitimate” and something real made by real people.
Also hope you heed to other suggestions made on this thread. The reason I may sound critical here is privacy conscious folks are sick and tired of being jerked around with the big tech mentality and abuse through their products so we have a high bar we set going in on anything new to begin with and even if something is only slightly off, it feels like a much bigger problem as it indicates a problem that will only get worse than better unless promptly addressed or explained.
Concerns here are inelastic. Either it’s “fixed” or addressed or the entire service is discounted as the bar is high for privacy and security related products.
Hi,
We tested the forwarding right now and checked our email server’s logs, both look healthy.
Can you please check the spam folder? Some users reported they were receiving emails into it. If it is in the spam folder, please click on “Report not spam”.
Not really based in Liechtenstein, it’s just a .li domain which anyone can register from anywhere, and the site itself is hosted on Vercel and uses Cloudflare R2 for storage
There’s nothing based in Liechtenstein anywhere? Unless you live there of have a company setup there your jurisdiction is wherever you live? All your infra is American, you use Vercel/AWS for the website, Cloudflare for DNS and MULTACOM AS35916 servers for MX with you chosing to have your server in California? The only part of this project not in the US is the domain TLD which is worthless.
