I don’t think it makes sense to separate Email, Calendar and Aliasing. Ideally you want one service providing all these to avoid having to trust multiple parties with the same data. As for the others you can go wild but you’re likely going to end up paying a lot more for what you get.
All of the services would be quite frequently used.
Proton offers more convenience and better interoperability amongst the services but nothing major, stuff that would take a few seconds longer to do on the diverse alternative ones.
But my main concern is actually having such crucial services under the same account/credentials.
I think it has positives and negatives. For example, using proton mail + VPN means you only trust proton to be good, thus you trust less people than proton VPN + tuta mail. However, it also means that if proton is malicious, it can access your network logs + read all your mail in the first case, but only access your network logs in the second case.
But proton mail + simplelogin is definitely better than alternatives because means you only trust proton with your mail, which tuta + addy means you trust both of these providers (unless you use PGP encryption on addy, but I think it’s paid).
The only thing I would be concerned about is if getting out of the Proton ecosystem will be difficult should you wish to go with diverse options in the future.
In terms of account security, if someone has access to your Proton account, they could potentially access more data because all of it is under one login, your cloud storage, passwords / keypasses, e-mails / contacts, etc. That’s the only downside I can think of for using one log-in for multiple services, but that’s what you have to accept for convenience. It’s not a bad thing, just make sure you enable 2FA. Proton is compatible with hardware keys as well.
That depends on your threat model. All in one, everything in a single basket ala proton service give you the advantage of convenience and ease of management while also opens up the cons of 1 key to the whole kingdom getting breach, or you getting banned making you lose everything in 1 go.
Segregation via multiple separate services give you the advantage of shielding from the problem of 1 key to the whole kingdom while also give the cons of harder management with different setup for each individual service.
Personally I’ve been doing segregation via separate service. Not that hard with an emergency sheet having some instruction to bootstrap everything.
I think this comes down to security model. What happens if Proton turns out to be nefariously profiting off your info? What happens to you the user? Will you have hacktivist secrets? Evidence of civil disobedience that can get traced back to you and cause you legal issues? Or run of the mill avoidance of surveillance capitalism (which is nothing to scough at)? Are you willing to accept the consequences if Proton goes rogue?
I would personally believe most are willing to take the gamble with all in on Proton for the convenience and cost savings, but if not then try to go somewhere in the middle to make the tradeoff of splitting between maybe one or two more providers in good standings with the privacy community.
It is not a bad thing to trust Proton, but keep in mind to have backups just in case something goes wrong.
Also your threat model plays an important role here.
I can give examples from myself. All of my emails reside in Proton, but I take weekly backups with Outlook app and Proton Bridge. My primary password manager is 1Password and Proton Pass is acting as primary backup, Bitwarden as secondary backup. Proton VPN is my primary VPN but I also have Windscribe. For Simplelogin, every alias that I have stays in my custom domains and I am taking a csv backup weekly, just in case SL messes me up again. My important files are on Proton Drive and I am taking backups with Macrium, encrypting them and then copying it to my Google Drive.
Not really using Proton Calendar, all of my appointments and reminders are on Apple iCloud. Sadly all of my media files are in Google, Proton Photos is just a file sync on photo topic. I tried Ente but deleted my account like 30 mins later because it was useless.
Just out of curiosity, do you pay for the multiple services that you use? Or do you pay to use the primary services and use the free tier for the backups?
For Google I have regional pricing, with AI Premium package I am paying like 16 Euro per month and I can downgrade it to regular Google One 2TB package just for 46,5 Euro. For Windscribe I am only paying 19 USD per year. 1Password Family I am paying full price. Macrium Home %50 discount. Bitwarden (personal) is also paid but I will not renew it this year. I will only keep it as a free backup, maybe I will switch to Keepass.
I personally think the risk of having all your “eggs in one basket” is overblown and really only matters if your threat model is significantly higher then a typical user.
I do think that if you plan to use Proton there is some benefit in creating multiple accounts and having each account be associated with just one service instead using one account and getting Proton Unlimited.
This allows a lot more flexibility in what services you pay for (instead of being forced into unnecessary bundles), its still typically cheaper to buy each service individually, and allows you to have separate passwords for each service. It also means you can cancel a service, create a new account, and continue receiving the new user discounts when the initial promotion ends.
Technically having multiple accounts is against ToS but its not usually enforced with such a low number of accounts.
