Do you use simplelogin for important things like banks and loan institutions?

You can still block their email with 1-click, regardless of the email provider.

Yes, but I wouldn’t care regardless. Remember, the banks hold most of our most sensitive info, which they would gladly sell the info to anyone. I would rather give my info to Google than random companies or personals. Like I said, if you really care for privacy, don’t contact with banks.

But they can sell email address to data brokers and then they will send SPAM

As I do. It is not convenient, but secure. Cryptocurrency and cash will fix that

Uhhhhh… What? Using banks is part of being able to function in society… For most of us, not using a bank isn’t an option.

1 Like

Yes, but it doesn’t change the fact that banks are privacy invasive. That’s why many people try to liberate with alternative financial systems, with cryptocurrency, for example.

Unfortunately, due to the lack of understanding, it’s often disregard even in the privacy focus community (some would even call this liberation BS :joy:). If that’s not worse, governments around the world hate it and would do everything to make the financial aspect of our society be less anonymous/private.

I don’t use SimpleLogin for bank. I don’t see the point, like @dngray mentioned they already have a lot of information about you. Selling your email in this situation isn’t the biggest problem probably. Although I recommend having a dedicated email for financial institutions if you don’t already have. Also, we should consider the worst case scenario, what would happen if SimpleLogin just vanish suddenly? Much harder to happen now since they are under Proton umbrella, though.

1 Like

There are several good reasons to use aliases for banks and govt:

  • They can still get hacked, in which case even though you likely have way more sensitive data at them, it will not be that easily linkable to online personalities. Note that this mostly works with shared domains, not custom domains.
  • My personal experience is that banks spam a lot.

There are also some reasons to not use one:

  • If using a custom domain, the unlinkability benefit is null and void
  • You rely on the mail aliasing service’s existence on long term. Note that doesn’t apply if the aliasing is first party to what mail you would’ve used anyways, such as SimpleLogin for Proton or iCloud Hide My Email for iCloud.

I personally do use aliases with them using iCloud Hide My Email because it only has upsides in that configuration.

You enter the bank’s app and change the email address. Dont see the big deal

They are Proton now. Not just part of Proton, they are Proton (check official website of SimpleLogin)

You will just change email via bank management. They have plenty other methods to identify you.

Totally agree. They are. If I wanna leva service I don’t wanna them be able to share my email to anyone such as advertisers.

There is one particular scenario that comes in my mind that I’m not a big fan for the alias adoption in banks. If someone has access to your alias manager (you somehow didn’t take enough care or they leaked it), someone can point communication to their email. Request to your bank a password reset and have access to your account. This seems an extra layer of risk to me that maybe was already unravel in this discussion. In general I just don’t feel comfortable adding something in the middle of a sensitive communication that involves personal and financial matters. I think OP asked opinions and this may be one of those cases that there is no wrong since security and privacy wise could have a balance reasons for both sides. My opinion still that for financial institutions I just give a straight bank email account that I have access and no extra points of failure.

1 Like

Yes, it may be a downside of adding another party to the mix (and, still, you really should use maximum security on both alias and email service). However, this is completely invalid if aliasing is first party, such as for Proton or iCloud.

That’s the reason to move to one (preferably encrypted) ecosystem :smile:

Not clear if OP is referring to use aliases for login credentials, contact info or 2FA.
I don’t use email addresses as user-ids anywhere a true known id is required but for my bank I do use a @pm.me (not SL) on my contact page and for their 2FA OTP because SMS&SMTP are the only options most American banks even offer.

Banks sell personal information to data brokers and those slimy outfits get breached all the time.

Interesting conversation, I am precisely at this point right now.

My initial approach has been to use two domains together with SimpleLogin, one for public topics and the other for more private topics, but I have come back to doubt when I read this comment in the guide:

Our email aliasing recommendations are providers that allow you to create aliases on domains they control, as well as your own custom domain(s) for a modest yearly fee. They can also be self-hosted if you want maximum control. However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the at (@) sign.

https://www.privacyguides.org/en/email-aliasing/

This is absolutely true, using custom domains for personal use makes your trace very easy to follow.

The problem is that using either ProtonPass or SimpleLogin Aliases poses a problem. What happens if you have to change provider? You would have to change all accounts, at least the core one.

What do you think about this? Is it worth the hassle?

Thanks!

My only reason to use a custom domain is portability, not privacy.

1 Like

Yeah, this is always a problem when you are not using your own domain.

The way I see it is that most people are far more likely to want to change their mailbox provider in the future, compared to their alias provider. Your mailbox provider has a lot of variables (available storage, encryption type, features, etc.), and new providers might pop up at any time with groundbreaking new features you might want to use. On the other hand, your alias provider is a comparatively “dumb” service: All it does is forward your emails. It’s unlikely there will be too much innovation in the space beyond that which will make you want to switch.

Using an aliasing service makes it easier to switch your mailbox in the future, because you can simply update the pointer in the SimpleLogin control panel. If you weren’t using SimpleLogin, you’d have to change your address on all your accounts every time you do so. Thus, I think it is pretty much always strictly better to use something like SimpleLogin compared to not using an aliasing service at all.

2 Likes

I just use an email address with my custom domain for everything that involves my real identity and KYC.

For things where I want anonymity or pseudonymity, I use my Proton Pass alliases.

1 Like

I wouldn’t use SL/Anonaddy domains for banks or things with KYC. If you want to use a cloaking service with a bank then you should have your own domain or not bother.

1 Like

AnonAddy rebranded to addy.io.

1 Like

haha yeah i have to remember. that.

I see little reasons against utilizing email aliasing services like SimpleLogin or Addy for KYC processes, regardless of wether custom domain aliases or public domain aliases are used. The decision rests on personal trust preferences between an aliasing service and an email provider or domain registrar. A notable disadvantage could be the introduction of an additional party.

Generally, financial institutions have not been immune to data breaches, and using an alias could be advantageous in such scenarios. The critical consideration is whether the KYC service accepts aliases and/or relies on email verification. In my region, email verification is seldom used by banks due to security concerns (regardless of whether these concerns are justified).