I’m just curious how many people use their password manager with an email address that is not linked to anything else.
Yes, all of my accounts have different emails
Well no. Banks and other critically important accounts stay either on my mail email provider address or my domain that I own. Sadly not all banks support my weird domain choice…
I use KeePass so it doesn’t require an email account. I suppose I would use a unique email if I were using something like Bitwarden however.
No. I’m using Proton Pass.
I plan on leaving Proton eventually. When that happens I’ll be using KeepassXC and DX.
1 Like
Nitrokey, AliasVault, and CarryPass don’t require an email either
1 Like
No. Main email in PM. Only online account with real email.
Just to be clear, I wasn’t asking if you use a email alias with your password manager (Proton Pass/Simple Login/Addy). I think that would be unwise.
I was asking if your password manager’s email address, which, IMO, should be a standard email (eg: @tuta.com), is used only for that purpose and nothing else.
@LukewarmNinja Proton Pass requires a standard email to use. Do you use that email only for Proton Pass? That’s the question.
If not, I’m curious as to why? Assuming that, for example, your password manager’s email is something like jordan.smith@proton.me, why would you also use it for anything else, even if it’s critical stuff like your bank accounts and insurance.
Why not use unique email addresses for each critical account?
My password manager’s email is unique to that account, but one thing I worry about, is if anything happen’s to me, will my next of kin be able to navigate the complexity of my online accounts?
I’m single and don’t have any children. So right now, my next of kin would likely be a sibling or a parent. If they’re not tech savvy enough, which can also be the case of a partner, it could be hard if not impossible for them to access critical accounts.
Why are you planning to leave Proton?
I am currently playing with Alias Vault. I understand the security benefits of not requiring an email address as far as a password manager is concerned.
However, as far as an email alias provider is concerned, IMO, an email address to receive your forwarded email is a MUST. That email doesn’t have to be linked to the account login.
The email I use to log into my Proton Pass account, is not the email address I use to receive all the emails that are sent to my aliases. They are completely separate addresses, and are not even from the same email provider.
If I tried to log into my Proton Pass account with my alias inbox email, it wouldn’t work.
-
The main reason is the lack of features for Linux users which could be it’s own thread. I just think it would be nicer to have services from companies that mostly do one thing and do it well. Addy, Mullvad, Tuta. My account is paid until June 2026 so Proton has time to get their stuff together.
-
My account is in my name and my government (Canada) is trying to pass warrant-less access legislation that will force all service providers to disclose all information on a customer. Even doctors and lawyers will be subjected to this.
If it was just #2, I could make another account not in my name and pay with Bitcoin swapped from Monero.
I can appreciate that. Many times I’ve asked app developers if they would take it as good news if there were more than 2 mobile platforms (Android & iOS). They all said yes, because it’s more opportunities, and potentially more money.
However, even if they may believe that, I find it hard to believe them, based on how they serve their current customers. I think having only 2 mobile operating systems makes the job easier. If there were 4 or 5 competing OSes for mobile & desktop, it would make their jobs much harder, probably more expensive.
I have often said that we need mainstream hardware and software privacy alternatives to the Android & iOS, macOS & Windows, and all the current giants of phone manufacturing. But as far as I’m concerned, we are so far from that reality. Most of the current options are not mainstream, and very DIY, which is challenging for the average user.
Even though I don’t use Linux (too challenging!), I think that companies like Proton and Tuta that aggressively position themselves as privacy advocates should serve Linux users as well as non-Linux users.
Because to not serve them well or not serve them at all is to reveal that they care more about making money from people on non-private platforms, than those who are already on them. At the very least, they should care equally about all of them. It’s like being Christian and being more invested in converting atheists rather that serving your Christian community.
I don’t understand this part. How does your Proton account being in your name relate to Canada passing warrantless access registration.
Can you please share a news link so I can learn more?
You can create a free Proton account that is not in your name. And you an can pay for a Proton account wish cash. Though it is not as anonymous as using the Proxy Store, it is a pretty private payment option.
I may be mistaken about this, but as far as I can remember, paying Proton with cash wasn’t always an option. That means that many paying Proton users, such as you and me, started paying for Proton with a credit card or PayPal.
If we wanted to change our payment method to cash or any other anonymous option, we should know what Proton’s data retention and data deletion practices are when it comes to data that we remove.
If I delete my credit card, change my display name from Jordan Smith to Bugs Bunny, remove my recovery address, etc…does Proton keep a record of it?
I believe Proton is required by law to keep records of payments for at least 10 years. That suggests that if I changed my payment method from credit card to cash, my legal name, the one linked to my credit card, will only be deleted after 10 years. My Proton account would only become anonymous after 10 years. That’s a long wait!
From Proton Support ticket which I created some months ago.
We have received an update from our legal team, and they confirmed that we do not save the name, but we do save the last 4 digits. Moreover, we have a transaction ID that would likely be able to reveal your identity if subpoenaed to the payment service provider (for example, Stripe). If you do not want your account to be associated with your identity, you should not pay with a credit card. We recommend BTC or cash as a payment in that case.
~ Is it possible to link my identity if I buy gift cards from Proton shop and add them to my account? Also, is there a possibility to delete my payment information from Stripe and Proton account, so that there would be nothing pointing out to me?
If you use your credit card to buy Gift cards from Proton Shop, then the answer is yes, as mentioned in our previous reply. We can’t delete any details from Stripe since Stripe is a processor that is not managed by us, however, we can delete payment details saved on your Proton account.
2 Likes
It’s all down to how the proposed bill, Bill C-2 The Strong Borders Act, is worded. Basically, LEOs can go to any company offering a service to the public and demand all information on any person. If I have an account in a fake name, the LEOs can ask for the information about me but they would have to know what fake name I’m using.
Today, I became aware of new information. According to David Fraser, if an Electronic Service Provider is currently offering a service in Canada, and they have E2EE, they would not have to create a back-door for law enforcement.
I don’t have a news article about this but David Fraser and Michael Geist (both Canadian lawyers who focus on privacy) have been speaking about this.
Here is the link to David’s channel https://www.youtube.com/channel/UCK1JnZpphwTJZfsjW4Ng3mA
And his Invidious Making sure you're not a bot!
Michael Geist has a podcast called Law Bytes which I watch on Youtube https://www.youtube.com/channel/UCRnHfSdeNgPXKNaQroHl5Rw
And the Invidious link Making sure you're not a bot!
Runkle of the Bailey - a Canadian firearms lawyer recently spoke about this as well. https://youtu.be/D6gwBe4rn4E
Thanks for this. Funny enough, I asked Proton pretty much the same question not that long ago, and their answers were similar.
PROTON DATA RETENTION POLICY FOR PAYMENTS:
Other related questions that I asked is if Proton keeps a record of the country of my credit card. And I believe they do. If they don’t, Stripe does.
Now when you use a PayPal account, neither Proton nor Stripe should be able to know your credit card details, However, unless you have a business account, your PayPal account reveals your name.
Another question I had asked is if Proton could tell which country my PayPal account was from. Because if you live in Australia, and have an Australian credit card, you can only create an Australian PayPal account. You cannot create an American PayPal account.
I don’t remember their answer, but I think it wasn’t clear. I would rather Proton not know the country of my PayPal account, but I doubt that can be hidden.
VIRTUAL CREDIT CARDS (VCCs) & PRIVACY:
This is why, IMO, virtual credit cards (VCCs) should work like VPNs. If Privacy.com was available internationally, which they are not, I would want it to be possible that the address of the card remains American. Meaning that if Privacy.com launches in Sweden, I don’t want to be forced to use the company’s Swedish address as my default.
I’m currently paying for Proton with PayPal, and I always have, which means, they don’t have my credit card details, and neither should Stripe. But they do have my name.
I live in a country where banks offer VCCs and I can use a fake name on the card, as well as fake address. I always use hotels. I created a card under the name Bugs Bunny, and tested it with a merchant who also uses Stripe as their payment processor.
After making my payment, I asked the merchant to provide the details of the card owner, and it was the name Bugs Bunny.
So, it would seem that my privacy would be better protected if I used Proton with a VCC. That said, my VCC is provided by my bank, who knows my real name and address. Also, I can’t hide the country my VCC is from. So if it’s an Australian VCC, merchants will know I’m from Australia.
One thing I do wonder is if I delete a VCC after making a payment, can it still be traced back to me? I would have to ask my bank.
On a loosely related note, I used to pay for Notesnook with a VCC, but the last time my subscription was supposed to be renewed, it didn’t work. I tried creating new VCCs. Same thing. I had heard that Notesnook had stopped working with Privacy.com, but they are not my provider. I contacted support, and they put me in touch with Stripe, but their customer service sucks. They never responded.
At the end, I had to compromise my privacy and use PayPal to renew my Notenook subscription. What is weird is that I’ve been using my PayPal account with a VCC for years. So basically, if I use VCC directly with Notesnook, it no longer works, but if I use one via PayPal, it works. Go figure.
1 Like
Thanks! I’ll look into those links.
1 Like