Can you mention all these to me please. If you have time.
That’s right, but the only information Addy should have is that someone is using that alias. Perhaps also which main address it belongs to, such as xyz1234@proton.me, but that doesn’t reveal any identity. Right?
The email addresses and all services in the high-risk area will not contain any PII, only generated aliases and user names.
I can buy Addy gift cards via Proxy Store, which can be purchased with cash without proof of identity.
Of course, I could be identified there via intercepted mail, traceable banknotes or fingerprints, but this can be prevented with high OPSEC if you don’t forget about it ofc. However, it must also be known that a person in this region is sending mail with this content. This only seems to work to me if the identity is known; you cannot open and check the mail of thousands of people, at least not without becoming known to the public.
Unfortunately I do not, so I have to focus on high-impact suggestions I can reasonably follow up on with my available resources.
No, their Privacy Policy states that they (may) collect more information than that:
Sure, but the issue comes from going through the Stripe checkout process on Addy, not purchasing prepaid gift cards using cash or other financial instruments:
You will likely be required to provide personal information to Stripe as part of KYC/AML. NOWPayments has its own issues that does not affect your payment method, but worth noting for other consumers considering third-party cryptocurrency payment processor gateways:
So I have to provide PII when subscribing via a with cash purchased gift card. Really? That doesn’t make any sense. Why would you offer the possibility of purchasing with cash when you have to offer some PII?
Maybe gift cards are excluded from that?
This is clear and no thread.
Same goes for this.
See the first part of my comment.
No thread, when other privacy measures are used.
Maybe I am lost or unexperienced but I don’t see any problem with that for high-risk political usage with potentially targeted attacks. I mean, if the payment isn’t anonymous, then it’s a risk that shouldn’t be taken. In this case, Addy is out of the high-risk plan.
Instead of Addy, I would proceed as follows. In the high-risk usage scenario, you don’t sign up for many services anyway, so I could create a handful of free Proton or Tuta accounts (xyz1238392@proton.me) and then use them. This way, I don’t need aliases, as I can create unlimited accounts for free anyway. These are then completely anonymous and I only have to trust Proton/Tuta. They do not have access to the contents of my mailbox. If all other privacy and security measures are observed, this should guarantee completely anonymous use of email. And this is not used for communication, because e-mail is not secure enough for this.
Is that correct?
What other weaknesses are there in my normal plan and the two high-risk plans?
I see, I misunderstood. Upon further reflection, ultimately a bank or government entity already has all of your PII. Even if you did use a personal domain and entire name it really would not matter. In the case of a breach, you’d have much bigger problems. Though, it might be fruitful to use different aliases for various banks or financial services so if one email is breached your other services are safe (I have found some banks and government sites will reject aliases).
In any case, your setup seems fine. The point on Addy by @FranklyFlawless is interesting. Every service you use creates new risk of being identified. You did say you would use a free Proton account with a generated name. Will all of the emails you get be addressed to that generated name? I think as long as there isn’t any content funneling through Addy or the free Proton to identify you, I don’t see the issue. I could be missing something.
As I’ve discussed before, Proton doesn’t accept anonymous payments.
Hence, the best way to be anonymous with a Proton Mail account is with a free Proton Mail account, especially if you’re going to do politically risky stuff.
You should also keep in mind that since Proton knows all the usernames/addresses you have under the same account, they could be asked by authorities to provide them.
What I mean is, if you do activist work with your anonymous username bugs.bunny@pm.me, authorities could ask Proton to provide all the usernames / Proton addresses linked to the same account. And if one of them has your real name, jordan.smith@pm.me, you will be identified.
As far as I know, this has never happened. Authorities have never made such a request, but when I spoke to Proton’s legal team, they told me that if compelled to, they have to share your info. This means that they could.
I personally think that you shouldn’t have to pay or have multiple Proton accounts to protect your privacy.
Using Addy is smart because they accept anonymous payments. However, I don’t think it’s best to use Addy with a free Proton or Tuta account because they are very limited. If you have a lot of aliases, or even just a few where you receive a lot of emails, managing them with a free Proton or Tuta account is not practical. So maybe use Addy with a paid Tuta account, since both can be paid for anonymously.
I stopped using my Gmail three years ago, but I still haven’t made a full transition, because using aliases for email can be confusing for my family. Hence, it’s often easier for them to email me at my Gmail because they can’t remember which of my aliases is for what (lawyer, plumber, gardener, etc..) when I copy them in emails. I do not reply on Gmail, however.
It is my understanding that Addy does its best to collect the least data they can about you, hence why they have the option to pay anonymously via the Proxy Store. That being said, it is unclear to me if Addy can read your emails, even if it’s only within a brief nanosecond time window when it is received.
If you want to protect yourself, do not state your name or any personal info in the emails you send via your Addy aliases. Write to Addy’s support team anonymously. They will be very happy to answer your questions.
I have personally paid for Addy and Tuta anonymously, and my experience has been pretty good so far.
That and your detailed reply in the other thread now make sense. Thank you for your detailed explanations.
Even if these are scenarios that may not happen, it is unacceptable in my future usage scenario.
A possible anonymous way to use email would therefore be:
- Create accounts via Tails
- Pay for Tuta and Addy anonymously/or use free accounts
- Logically, do not share any PII
With this setup I can use email anonymously, as far as possible. Obviously no communication will be done over mail as its worse than other methods.
What do you think about my general setup?
I have subscribed to both Tuta and Proton and can therefore create aliases internally for everything. I would prefer to use Proton Pass and internal alias generation, but as you noted in the other thread, it is absurd and incomprehensible that I can only have one alias for Instagram, for example, even though I have multiple accounts. I am also unsure what the implications are if you do do it.
How would anyone even find out? If I have two Instagram entries in Proton Pass and generate an alias for each one, I’m violating their ToS. But how would Proton know? It’s E2EE, so it shouldn’t be possible to see which alias is used for which entry name, in this case ‘Instagram’.
It’s good to have a lot of options if you can afford it.
Please note that when you have multiple Proton addresses (@pm.me) under the same account, you can only delete one per year. So if you have 5 Proton addresses under your Proton Unlimited plan and you want to delete 2 of them, you can only delete one of them every year.
In addition, last I checked, secondary Tuta addresses (@tuta.com) cannot be completely deleted. They can be disabled, but not deleted. Please double check and ask Tuta support. You’re likely to get a faster response on social media, even as a paid user. I would reach out to them on both social media and via email.
Yes, Proton Pass’ alias management is more elegant than Addy’s. Their UI & UX is better. I also like that they let you create your own prefixes.
Yes, it’s very frustrating. I appreciate that Addy is more generous in that regard.
They will allow at least 3 to 4 aliases with the same website. That is what I was explicitly told when I asked them.
Most likely because a certain amount of time passed between the registration of their multiple aliases for the same website. And most people who have successfully registered multiple aliases with the same website do not know that they are breaking Proton’s ToS. First, because they didn’t get a warning. And secondly, because Proton doesn’t make their ToS clear or communicate their rules in their marketing.
I personally would not try to game Proton’s system. Once I learned the rules and got a warning for it, I did not want to tempt the devil. Even if you have successfully registered multiple aliases with the same website and haven’t had any issues for years, you have to understand that you can be reprimanded at any point. Even if it’s years later.
The best we can do is demand that at the very least, Proton make their ToS clear, but also plead for increasing the limit to 2 to 4 aliases per third-party website, as not allowing more than one can present security issues.
I’m not an expert. Just a regular person like you. As I said previously, I think you’re off to great start. There are only two things I would add. The first is using a VPN when you create and use your accounts as a layer of protection.
The second is, if you have a pretty good idea of the risky political actions you are considering taking, do your homework about what those actions will involve and plan accordingly.
For example, suppose you intend to be a whistle-blower. Identify the organization / people you wish to contact. Do they already have Signal/Proton/Tuta? If not, how do you plan to make first contact? Will be it be on social media or via email? If it’s social media, are your social media accounts anonymous?
Make sure that the first question you ask them is if they are on Signal/Proton/Tuta? And if they’re not, kindly ask them to join because you have something to share. Use Signal usernames. Don’t share your number. If there is no urgency, don’t rush it. Do some research on the precautions a whistleblower should take before contacting the media. If you intend to blow the whistle on an organization you are a part of, find out how to protect your anonymity from that organization if you intend to share classified documents.
Thanks for your reply. I am already using Proton VPN since a few years now.
Thank you for your thoughtful comments. I’ll make a note of them and come back to them when the time is right. I don’t want to rush into this either, as that could lead to mistakes. So I’m taking the time now, years in advance, to prepare myself.
Prepaid gift cards can be purchased with cash, but using prepaid gift cards for transactions will typically require providing personal information due to KYC/AML. Basically, transactions are monitored by third-party payment processors to prevent funding terrorism, money laundering, and other financial crime. Since prepaid gift cards are issued by regulated financial institutions, they are subject to increased scrutiny compared to cash in circulation.
Anonymity is a complex subject that cannot be technically guaranteed:
Instead, to efficiently move forward with the discussion, it is more effective for me to state that there is always a risk of deanonymization that will continue to grow as time goes on, because anonymity as a digital concept is under constant and significant threat of erosion by various actors/agents. Even if you stay informed and/or adopt complete behavioural changes, what may be considered safe for you now may be considered unsafe for you later.
Although the answer to that question can be yes, that is not what I meant.
Here is what I meant. If you have a Proton Mail Plus or Proton Unlimited account, you are allowed to have multiple Proton addresses (@pm.me) under the same account. With Proton Mail Plus you’re allowed 10 addresses, and with Proton Unlimited you are allowed 15.
Suppose you have a Proton Unlimited account, and you create 3 addresses out of the 15 that you are allowed. You create one personal address, jordan.smith@pm.me, for friends and family. One for work, j.biz@pm.me. And one for anonymous stuff: bugs.bunny@pm.me.
When you log in to your Proton Unlimited account, you see all 3 of these addresses listed. It doesn’t matter which username you use to log in, because they all have the same password since they are all under the same account.
The point I was making is that even if you only use bugs.bunny@pm.me to do anonymous activist work, authorities could ask Proton, via court order, if you have any other addresses under the same Proton account, at which point they could be compelled to expose your personal and work addresses, which have your real name.
I want to reiterate that, as far as I know, that has never happened. But my point is that it could.
WHAT IF YOU HAVE 2 SEPARATE PROTON ACCOUNTS?
In response to your other question, if you have 2 completely separate Proton accounts, and you are logged into them at the same time, Proton is likely to know they have the same owner under the following circumstances:
If they are both logged in via the same real IP address
If they are both logged in via the same Proton VPN account, since Proton VPN knows your real IP
If they are logged in via different Proton VPN accounts that hide the same IP address (2 devices in the same house)
If you manage both accounts in the same browser or in the same Proton mobile app,
If you have at least one paid Proton account, Proton allows you to manage multiple accounts in the same app or browser, which allows you to easily switch between the two. Kind of like how Instagram and Reddit allow you to manage multiple accounts in the same app or browser. Since both accounts have the same notification tokens, it’s safe to assume the owner is the same person or that they live together if they are different.
