I’d like to start using email aliases from SimpleLogin, but I’m concerned about whether they could see the emails that come through.
Some system, somewhere, has to be capable of routing the messages towards their correct destination. The people that run that system have the technical ability to inspect those messages, or the mappings between aliases and destinations. Whether they will exercise this or not, we have no way of knowing.
Whenever I see “Based in Switzerland” on a service promising privacy or anonymity, I remember CryptoAG being a CIA front.
6 Likes
That’s only a reason to be cautious but no reason to not consider using tools based in Swiss promising privacy and security especially if its open source.
By your logic, if we were all to base it on this one thing, anything is possible and the world could also literally blow up tomorrow. And nothing can ever be known with 100% certainty at all times.
To answer OP’s question, yes - they are a highly reputable service and are indeed private and secure and safe to use for people with high threat models too.
But if you have even higher threat model, then stick with things you can only do anonymously through Tor and OnionShare.
1 Like
When a service prominently states they’re “Based in Switzerland” as a reason to trust it, they’re making a specific argument that I’m skeptical of.
I’m not expressing, like, bigotry towards the Swiss or something stupid like that.
Every time I’ve looked closer at something that advertised “where your data is stored” prominently, I’ve been disappointed by “how they protect said data”.
2 Likes
Not unreasonable but is still a lot better than the vast majority of tools and services you find online. And given their privacy lwas, it is indeed a reason. Perhaps not enough or good enough of a reason for you but still a reason.
I know. I was being a little facetious there. You’re good.
Agreed. But Swiss is different, even you have to admit that.
Privacy laws don’t protect you if the people enforcing those laws are your adversary.
Tell me more.
What’s to tell? Do you not know Swiss privacy laws are some of the strongest in the world?
I’m confused as to the specific concern you may have even with a country like Switzerland.
If you host data in Switzerland, and I hack your server then exfiltrate all the data, how does Swiss privacy law help the people whose data you were hosting?
1 Like
This question is valid. But does deviate from the original question/“debate” at hand which is whether or not Swiss based tools that are made with privacy and security in mind as a privacy tool are indeed better if they are based in Switzerland than in almost aybother country.
What you’re asking is moving the goalpost to a different goalpost in a different game - questioning if the tool itself is not well made and not secure enough, what then.
So, I’m going to keep the discussion on topic.
That wasn’t the original question, though.
Their marketing copy prominently states “Based in Switzerland.” I expressed skepticism towards the actual security (see also, the threat title) of the implementation of their products based on my experience evaluating products that emphasized where the data is hosted over how the data is protected.
Whatever debate you think you’re having, I’m not a party to.
1 Like
Simplelogin user here. Yes, if they wanted to, simplelogin can see the content of your emails. They can easily see the headers, because they have to in order to route your messages correctly. Therefore, they can build a map of who emails who and when, and how often (aka metadata). If you use pgp/age encrypted emails, then obviously they cannot see the content of the message, just the headers (and metadata).
However, given it’s email, I figure using aliases is better than giving out my actual email to anyone. It’s really nice to be able to disable an alias, stop spam, and then re-enable it when you want a consistent alias for a vendor. I use aliases with friends, contacts, shopping, etc. No one need to know my actual email address.
Relying on aliases lets me change email providers at will, because the aliases via simplelogin do not change.
Just a side note, communication between Simplelogin and your mailbox in Proton are already encrypted.
If you are using ProtonMail
You don’t need to set up PGP, if your mailbox is a ProtonMail email address.
ProtonMail already encrypts all emails with the public PGP key of your ProtonMail account and store your emails with zero-access encryption.
Yes, they can.
Yes, they are.
Understand that email aliases are meant to protect you by making the email addresses you use on various websites different from one another. This makes it harder for those websites to correlate your activity. It also prevents your accounts being tied together between multiple data breaches, etc.
These are both privacy and security advantages. They have nothing to do with the privacy and security of your email setup itself. This is a separate issue unaddressed by these services.
We cover this information here:
Please feel free to read the guides on our website before asking about them, thank you 
4 Likes
Depends. Example: Simplelogin is good enough if you wanna survive data breaches, osint, etc. Simplelogin still knows who you are though. Better off self hosting something like aliasvault in a country outside of yours, xmr payments n all.
I disagree without more context. I would not give such advice to someone who has never setup, secured, and maintained a server, or who is unable or unwilling to, or is irrelevant to what they are trying securing against (as you said).
Simplelogin aka Proton could easily deanonymize you upon LE request. I would bet money the majority of people are forwarding email to their personal email. With AliasVault, yes you probably will need some knowledge about privacy webhosts, domain registrars, securing server etc. The problem with Proton is that they can be compelled to disable or change how they would normally operate when requested by law enforcement rendering their entire business model useless.
Them being in Switzerland doesn’t really mean anything. Your chances of protecting your data are much better with a privacy respecting webhost that currently hosts high-risk (not illegal) websites. Op is concerned about
whether they could see the emails that come through.
so their best option is a self hosting option that is noob friendly (AliasVault)
Honorable mention: German secure email provider Tutanota forced to monitor an account, after regional court ruling | TechCrunch
While LE may not be in this persons threat model I don’t like the false sense of privacy advertised by such services.
1 Like