Help with my email setup

I am currently in the process of completely revamping my email setup. At the moment, everything is stored in my Gmail address.

I have now come up with the following plan:

- a Proton email address (Proton Unlimited) with my existing username, which will mainly replace Gmail

- using this [nonprivate.username@proton.me], I will generate aliases in Proton Pass for services I sign up for → Proton Pass is my standard password manager.

- a Tuta email address that follows the same pattern

Now, neither of my two main email addresses are really private, as I use my well-known username and have subscribed to them via my bank details.

Therefore, I would like to take the following additional steps (as kissu recommended in an older thread):

- for services or other high-risk uses (due to political factors, for example), I would use Addy (subscribed via gift cards) with a free Proton account.

Since I can only replace my Gmail address gradually and still have custom domain addresses for my family, I would no longer receive all these emails via the Gmail client, but would set them up in Thunderbird. So in Thunderbird I’ll have Gmail and custom domain adressen. For Proton ans Tuta I use their clients.

What do you think about the setup? What are the risks and advantages? Can I simplify anything?

My threat model is, as standard, the prevention of mass surveillance and surveillance capitalism. However, high-risk activities (political, journalistic, activism) may potentially be added in the future (for this use case I’ll use the Addy-freeProton combination from kissu).

It is a good start.

I’m a bit confused about why you’re signing up for both Tuta and Proton especially since it sounds like they’re both for your non private username. Could you elaborate on that?

Why not just use email forwarding to send those emails to a Proton/Tuta address automatically?

Additionally, I would caution against using a non-custom domain email to give out to any personal/work contacts, and strongly consider using a custom domain for general signups as well. Neither Proton nor Tuta supports email forwarding with their free plans, which makes it significantly harder to move away from them should you choose to do so in the future.

Here’s what I did recently when I was in a very similar position.

I did not transfer anything from Gmail. I started treating Proton as my new provider and started using it instead and slowly replaced emails from all my accounts, newsletters, etc. to Proton using a combination of my real Proton email and aliases.

I always find it best to let Gmail emails die out and eventually you can nuke the account once you have taken out your data. Moving your old emails to your new and shiny inbox always felt odd to me.

I use a subscription product from both Tuta and Proton, so I have an email address with both of them. I am not compelled to use both. I plan to primarily use Proton, but if something should occur, I already have an address with Tuta (e. g. poor decisions by Proton or Proton Mail not being accepted by a provider).

I disagree, as this offers less privacy. I don’t have my own custom domain, but rather the ‘family domain’ which is literally my surname. For private use (family, friends, doctors, government), I plan to use [nonprivate.username@proton.me]. I will always use the standard domains. The custom domains only have one use for me.

How did you create your aliases? With Addy, SL or in Proton Pass?

What can I improve? For example for the high-risk use case? Or the “normal one”.

Proton Unlimited gets your Proton Pass and Simplelogin. I kept it simple and used Proton Pass itself. I intend to use all that I get with Proton Unlimited so for me it was good value.

You can also use Simplelogin for better alias management especially if you intend to use all of the aliasing features.

So why not just register a second custom domain that is not your name?

I also have Proton Unlimited. However, I plan to use a separate alias for each service as standard, so the integration of Proton Pass is sufficient for me. I also believe that I can use it to send emails.

However, using a custom domain can have privacy-related drawbacks: If you are the only person using your custom domain, your actions can be easily tracked across websites simply by looking at the domain name in the email address and ignoring everything before the @ symbol.

If you’re worried about this (I really wouldn’t be based on your threat model) then don’t use it for logins, but only for personal contacts

Both. I have provided various responses to other Privacy Guide Community members within these topics:

My suggestion for specific improvements is deferred to reduce feeling overwhelmed until you through with your plan and learn about issues through experience. At that point, you can choose to start another topic, mention those issues, then we can re-evaluate your situation from there, or you can handle it alone.

Sure, but I don’t see any advantage in this approach. Since I want to prevent surveillance and tracking, this is definitely a significant point of criticism.

As I mentioned in OP, I will have high-risk usage in the future, so this is also relevant. Therefore I need to cover all possible threat models and protect myself against everything. For my current ‘normal life’, I naturally allow certain things to pass, such as bank information, etc.

The advantage is if you move away from Proton/Tuta, you don’t have to alert all your contacts that your address is changing. This could be a privacy benefit potentially if another more private provider comes along. It’s not ideal to have that friction with moving to something new.

Fair but any truly high risk activity should be fully compartmentalized from everything else - new accounts, new emails, different machine, etc

I don’t have any personal connection via email. For matters such as the bank, landlord, etc., it takes 1-2 hours, which would not be a problem for me.

That’s the plan. New isolated device, connected to the internet via generic networks (or prepaid mobile) and using email addresses through the plan in my OP. Addy purchased via gift cards, with a free Proton account. Accordingly, no connection to my true identity. That’s actually not so difficult, I would say.

Basically a second identitiy which should exist beside my current “normal life one” but is as far as possible “untraceble”.

Two of the three posts do not offer any suggestions for improvement.

Basically, the question is to what extent my normal plan (Proton address with Proton Pass alias) is private and secure. Could my real (non-private) email address be leaked? The risk would be that this could happen and my identity could be revealed through KYC. However, this is not a serious concern for the services I use and would require specific personal attacks, which I do not expect here. The problem discussed in the somewhat helpful thread was how to deal with private contacts. For this, I either use my real address or create a new Proton address that is used exclusively for identity purposes (family, friends, bank, apartments, etc.).

In general, I use an alias generated by Proton Pass for each service.

What are the risks that could arise with this setup?

For complete anonymity, the following plan is in place:

For anonymous services, as mentioned in OP, I use a free Proton account with a generated name and a generated alias from Addy (subscription via gift cards purchased with cash) for each service. This is accompanied by high risk due to activism, political issues and journalism. Targeted attacks cannot be ruled out.

Edit: Since Gmail and custom domain addresses are rarely used in parallel, I use the Thunderbird client. This is because the Gmail client tracks my behaviour. Does that make sense?

Generally speaking, I am interested in the potential weaknesses of this complete setup (normal use, high-risk use setup and switch to Thunderbird). If you notice anything, please let me know and I can then assess whether it is relevant.

@predict9320 I second @parkerchandler1979’s approach. Once you have done the migration and your Gmail is no longer getting emails, do a takeout to download all of your data and close your account when you are sure there’s nothing important you missed.

Your complete setup seems good. I think the biggest weakness is the domain with your name. I’m not sure why family, friends, doctors, or government need your name. That seems more a superficial preference than requirement (superficial sounds harsher than I intend and maybe it is a requirement where you are). Unless I’m missing something, you can let your family and friends know what email you’ll be using, a bank does not use your email to identify you so you should be able to use whatever you want, and your apartment can add any email. Again, this is true for where I am maybe your government has stricter restrictions for banks and apartments. Outside of that, I’m not sure I see “weaknesses”.

Thunderbird client is better than Gmail client but at the end of the day Google still has access to your data. I’d give myself a tentative deadline to completely offboarding my emails that use Google and bear in mind that Thunderbird isn’t a one-stop shop to making Gmail private (from your posts it seems like you may already know this).

One of the multiple problems I clearly see is that depending on the high-risk political activity you are involved with, Addy may be compelled to legally disclose customer information regarding your transactions and email configuration to state actors, which can be an attack vector to deanonymize your identity associated with your username within those email addresses. When using prepaid gift cards, checkout processes usually request identity information in order to successfully process the transaction, otherwise the transaction will automatically be denied by the payment processor.

Perhaps I did not express myself clearly: even though this domain exists, I do not use it and have no plans to do so. Family, friends, bank, government tend to get username1@proton.me instead of an alias like xzy1234@passmail.ch. I mean I can indeed use the second option aswell for banking and government. It’s probably better, yes.

Yes, I know that this isn’t privat. It is only for the transition phase.