Difference between Tuta/Proton aliases and SimpleLogin

I am currently switching to private email providers and have already set up Tuta and Proton Mail. Are the internal alias solutions offered by both providers on par with SimpleLogin, or does the specialised service offer better functionality?

What should I use?

You are conflating the two. They are not the same.

Proton and Tuta provide additional email addresses. These are not aliases that you create and delete on a whim.

SL aliases are for quickly making and managing emails for things you need an email for online or in apps and can easily be deleted and turned off easily should you need to.

Depending on the use case for which you’re thinking about using aliases/emails, one option is better than the other. So, please clarify what you’re trying to do or how you think you’re going to be using them. Which one to choose would depend on that answer.

SimpleLogin is pretty much owned by Proton, so you can create an alias form SimpleLogin’s Web UI/mobile app or from within ProtonPass, it will end up being the same.

Feel free to read the recommendation page to understand a bit better the details.

PS: and be careful of not confusing Email accounts’ aliases vs Email aliases as explained here.
The first one is just an alternative name to access your account while the second is a proxy that adds anonymity/convenience. Hella confusing I do agree.

Btw, feel free to check some of those previous questions here:

• Email Aliasing Strategy Planning
• Overwhelmed newbie - rushed email strategy guidance
• Checking email from addresses

Plenty of answers already available there.

Given a read to all the links above then feel free to narrow down your question a bit if you want some further help.

I don’t know about Tuta but with Proton mail you can definitely create aliases.

So currently, I use my Gmail address for everything. For obvious reasons, I want to move away from that.

I already use three Proton products and therefore have Proton Unlimited with an email address that uses my username (which is known through social media) as the name. The same goes for Tuta.

Now I’m looking for the best solution to switch all services to a privacy-protecting (possibly anonymous for high-risk areas) variant.

As a proton unlimited subscriber you get unlimited aliases in proton pass which is more or less the same as simplelogin aliases, so there is no real point in subscribing to both imo.

I mentioned quite a few times not enjoying being tethered to a specific company just because it’s cheaper, that’s a bad reason IMO^[1].

TDLR:

• anonymous gift-card for Addy (or SimpleLogin, if you really like their UX) + create anonymous aliases with the public domain like fancy12.rhino@addy.to (you’ll blend into the crowd )
• use a free Tuta or Proton (no bank details, does the job just fine with no KYC^[2])

I think that technically it’s exactly the same yes (as in they are the same server/service)

1. if you can allow to pay for something else ofc, even tho in some case you will pay actually less by picking only a few specific products from different companies ↩︎

2. especially if like me, you literally have an inbox of 0 emails → deleting each after reading them ↩︎

I never said I am restricted to Proton because of money. I use Proton Pass, so to my understanding the SimpleLogin alias integration there is very good. The only downside is that it’s not anonymous because they got my banking information. But who communicates high-risk topics via email.

Still I can use SL or Addy with a new free Proton account with a username like ‘user12345’, like you recommended. But what would be the upside of this beside no banking information is given away?

And what would be the downside of the first option. Could my username of my Proton mail address be leaked in a way that my identity is revealed?

Never said you are but quite some people do like to pay only for 1 thing aka a Proton bundle, wasn’t specifically targeted at you.

I do not use that Password manager but I’ve heard that the UX is quite better while going through that path yes.

I agree, email is overall quite unsafe.
The main issue is that in case of Proton being breached, you also have your passwords in the same bucket (on top of the bank details that are very KYC, hence defeating the purpose of anonymity).

That sounds like the main benefit, which is quite a huge one I’d say.
Depends on your use-case of course.

Exactly.

If you with the approach of anonymous paid Addy + free anonymous Proton, you’ll protect yourself from some issues. People could maybe still access the contents of the emails I guess? But if it is still better than nothing IMO.

This sounds all plausible. I try to mitigate the surveillance capitalism in the first place. In the future I’ll probably need anonymous accounts for political reasons but if the time comes I’ll create a new “anonymous identity” and probably go that way you mentioned. Currently I’ll stay with the Proton Pass-solution, I guess.

But one follow-up question: How can the username of my Proton account be leaked if I use the aliases of Proton Pass everywhere?

Fair question.
I think that the major difference comes down in the case of a data breach.
When it will happen, even if you created aliases like:

• fast.horse55@passmail.net
• crazy.boar44@passmail.net
• etc…

They will still be linked to your account that will probably have the following:

• predict@proton.me (or your more <real name attached to it>@proton.me)
• your bank details, with your real name attached to it
• IP logs of where you connected (or even your personal house address)
• etc etc

Hence enough to cross-reference all of your aliases to you.

On the opposite side, if you buy anonymously, you’ll pretty much have the following:

• some random username or long string of numbers that will probably be very non-personal
• some aliases blending into the mass to provide decent anonymity

So, at worst when Addy will have a data breach, people will know that somebody somewhere used some aliases some day. Which is…quite vague and useless in itself^[1].

Now, if the following are breached at the same time:

1. Addy, to find out the aliases somebody created
2. several companies you bought from, to narrow it down to let’s say Mr kissu’s persona thanks to purchasing habits^[2]
3. your main mailbox, where we’ll see that kissu’s real name is actually Bob based on some emails that might have some mandatory personal info^[3]

Then, people will indeed have the full picture of it indeed.

I might be wrong and missed a few blind spots but if you actually do have most of those events happening at the same time (which is very unlikely), then you would indeed be screwed over.
I mean, it’s still miles better than just putting your personal/work-related Gmail address in there with your real name on it.

UPDATE: while writing this, I also double-checked some stuff on the side.
Addy does not allow a forgotten alias to be re-used, hence you cannot have several people using an alias you previously used.

Are you sure you want to forget xxx.yyy@addy.to? Forgetting an alias will disassociate it from your account.

Note: This alias uses a shared domain so it can never be restored or used again so make sure you are certain. Once forgotten, xxx.yyy@addy.to will reject any emails sent to it.

I guess it’s a good thing because in the end, if your main emailbox or a public-facing website is breached, you can always act upon in time and roll your email address with a new address.
Hence you’ll need both Addy + (company or main mailbox) to be breached at the same time, which is not perfect but definitely better than nothing.

PS: I think I got it right, feel free to say if I’m wrong or challenge all of it for me to find a flaw in my statement.
Overall, it all comes down to: it’s hard to still be anonymous if all databases are breached all the time at the same time.

1. assuming you DO NOT have any custom domain or PII alias like hello.kissu@addy.to ↩︎

2. or just other popular public-facing accounts like a Github page ↩︎

3. this should be avoided as much as possible but will realistically just happen if getting into banking/government stuff ↩︎