I think the DuckDuckGo’s new Privacy Pro plan solves this issue, assuming that people subscribe to them due to DDG’s reputation.
1 Like
Does anyone know if Proton Pass supports using the DuckDuckGo API key for the aliases or not?
1 Like
No.
Impressed with the service so far.
UI is looking good and basic.
Got blocked for too many requests after trying to change many accounts’ emails to a @duck.com alias yet it resets after 24 hours.
The included tracking protection (removal) is great and works well, I have it forwarding to a Proton address and indeed Proton never even sees the trackers.
The lack of a panel showing the aliases is a bit dangerous, just make sure to note the email you’re associating to each account in your Bitwarden, besides this the integration directly into Bitwarden makes this amazing for being free and very smooth experience.
1 Like
Great overview of the service, the only reason I would recommend someone stick with Simplelogin or Addy.io is because it lacks PGP support
When I last looked on DDG’s website it was a bit light on information. Anyone able to answer the following:
- Does/Can DDG replace or hide email subjects?
- Can users view/download failed deliveries?
- The maximum email size?
- Any bandwidth limit (p/ day or mnth)?
- Is it correct that DDG is an American company?
- What information does DDG log/store?
I doubt it!
When testing, I do get failed delivery notifications but only on the way out. Also, it seems I saw once receiving the email in spam in a Gmail account, that’s pretty bad.
Yes!
About the other questions, I believe there isn’t any info around.
2 Likes
I’m not sure if it is worth reviving this discussion or not, but for what it’s worth I have been using this service for years and it has been great! I think recommending it in PG is a no-brainer; having an “email aliasing services” section without DDG seems like a major oversight.
I haven’t tried it out yet, but today I discovered the Qwacky browser extension somewhere else in the forum: Qwacky - An open-source client to generate & manage DuckDuckGo email aliases!. It looks pretty neat! It appears to address some of the grievances I have seen mentioned here, for example keeping track of your aliases for you or having support for multiple accounts.
7 Likes
Yeah, I’ve been using Qwacky too. The new update is great!
3 Likes
I use DDG’s alias service too, but not as my main provider, in part because of the complaints cited by OP. I really hope they improve the UX & UI to make it easier to manage.
I would love to see more info on DDG aliases.
Major cons regarding DDG on this thread are not even accurate:
It IS crossplatform since you can use Bitwarden. To actually initiate the DDG alias service, you need to use the official DDG browser or extension. for Linux users, the browser will work on mobile and the extension will work on a Linux browser. The rules about no browser extensions is silly when it’s just a one time setup and you can then immediately delete it afterwards. You could also just use another browser or browser profile for this one purpose.
PGP is only really relevant if you don’t trust your email provider your forwarding to. So, just use Proton or Tuta as PG recommends already. From my understanding, SimpleLogin PGP can’t encrypt replies either. I don’t see the difference.
Duck aliases are both simpler and rejected far less often than shared simplelogin and addy.io aliases.
SimpleLogin has a rule against creating multiple aliases for the same service, even on the premium tier. You might even have your simplelogin or entire proton account suspended/banned because of it. DuckDuckGo meanwhile supports unlimited aliases. This is very important for creating throwaway accounts for sensitive tasks nd for compartmentalizing data. For example, having multiple Reddit accounts so you can separate activities under different accounts. I’ve seen others forums where even simplelogin premium customers say they supplement with DDG aliases.
You can create many Duck aliases at once and write them down for later use such as when you’re in-person and don’t have internet.
You can manually keep track of your aliases in your password manager or utilize the third-party Qwacky extension. You still have the option to deactivate an alias when you receive an email. I’m not sure though what the use case is for deactivating an alias if you’re not being spammed with emails anyway.
The two biggest reasons I’m hesitant on it is due to it not being open source and my ignorance on DDG’s backend privacy and security, including how my data is used and managed since I am trusting them with a lot of data. If others know more on these subjects, that would be appreciated.
5 Likes
I’ve been trying to decide between addy and SimpleLogin myself and just saw this. It would definitely be my preferred solution so long as it stands up to the others in privacy and security (because the features I prioritize are free).
So, I did some quick looking into some of the privacy concerns mentioned earlier to try and understand any downsides. Please note that I am not an expert and am only going off of a small amount of surface-level research
DuckDuckGo data handling. On this page DuckDuckGo clearly states they do not save the contents or headers of emails. In the linked privacy policy they claim to collect only the forwarding email address given to them and the duck addresses users create. They claim not to use personal information for any purpose unrelated to this service and not to sell any. They would comply with legal orders to disclose the information they collect, though they say they would resist that through legal procedures as well. This seems fairly thorough to me (not a lawyer) and does not seem like an issue to me. Perhaps there is the possibility of them using information they read (not save) to profile the user. But, I don’t know what they would use that for given their privacy policy seems to state they would not sell or use it for other services. So, if you are willing to trust DuckDuckGo’s privacy policy then concerns over their handling of user data seem unnecessary.
The lack of PGP encryption. I am much less sure about this part but as I understand it OpenPGP allows for E2EE between different Email providers (which would always be the case when it goes from Provider 1 → Alias Provider → Provider 2). Without OpenPGP emails are encrypted in-transit but the receiving provider (and I guess sending too) can see the contents. So, when an alias service supports OpenPGP it would mean emails between providers that support it (only Proton and Mailbox?) would be E2EE the whole time (except the alias service would access the contents bc it has to to resend from the alias?). I am unsure about all of that but I would say that I don’t expect many if any of my emails to come from or go to an OpenPGP supporting provider so as long as the in-transit encryption is maintained I can live with that.
Like I said I am by no means educated on this so if anyone could confirm / tell me what I have wrong I would greatly appreciate it.
1 Like