Do you consider it acceptable to use the same, let’s say Protonmail, account for custom domain email addresses tied to your real-you identity (banking, shopping) AND anonymous things (like forums, reddit, newsletters) using their own domain’s aliases, or even SimpleLogin? Should I trust a single provider for these two worlds not to be linked together somehow? Or should I use 2 different providers, or at least accounts instead?
I came to the conclusion that:
Any aliasing on a paid mailbox has limits - exploits could connect an alias to the mailbox. So paid mailboxes don’t suit threat models around political speech or avoiding doxxing. (I include forum accounts here.)
Although @dngray pointed out:
That isn’t really possible, because the email is physically forwarded through the alias servers and on to the destination, likewise, the email leaving there same thing in the opposite direction. TLDR not a concern. The only real way around that is lawful interception by the provider, and if that is part of your threat model no email account will be suitable.
I’m still a little unsure. What if Proton itself is breached? All the mail is encrypted but I’d guess there are unencrypted records linking the alias to the mailbox to your identity (paying for the mailbox). Add a breach of the forum, linking your forum posts to the alias, and all is revealed.
Of course the likelihood of that chain of events seems low, so if it’s casual discussion (like this forum) I’m sure use the same underlying mailbox is fine. People find out you care about privacy, so what? But if I had strong and unpopular political views (not illegal but with severe social consequences) I wouldn’t feel comfortable. That’s not my situation though, so I haven’t thought about it deeply.
I wrote my opinion about this in another thread on this forum.
If shortly, use public domains for long term life aliases to reduce all accounts being linked to one identity and use temp mail solutions for anything you don’t trust or need only once. Yopmail has reply and forward feature, new domain every day. If yopmail domains blocked use this solution to generate onetime working gmail address
Pretty unlikely, but the only thing you can really do is download/delete your mail server side. I wouldn’t concern yourself too much with that.
Please quit spruiking yopmail, its like any of the other temporary “email” solutions out there, you don’t own the domain and the owners don’t keep them registered long term.
There is no account security whatsoever. They are often banned anyway even in places where addy.io or simple login are not, so that’s not really feasible.
As this setup seems to be for someone else, @anon15629731 will have to support it. If I were in their shoes I would just make it simple, go with PM and teach whoever he is setting this up for about Simple Login aliases for things like forums.
TLDR having the idea your email provider is going to get “breached” and then doing other weird complex strategies to mitigate that is likely going to make things worse (trusting more untrustworthy parties for example) than just using an aliasing service and deleting email.
It is actually possible to run production systems that don’t get breached. In the time that we’ve seen gmail run, has there ever been a breach that has allowed for inboxes to be read/stolen that hasn’t involved compromised username/password? No. Nobody has ever “gotten into google’s servers”.
What a refreshing thought
@saturion5 Does this discussion address your question?
I don’t think it has to be breached for that info to reach someone. What if your account is caught up in a government request for data - surely what aliases belong to an account is part of an info that they have to know and probably can give to authorities if demanded. Then some government knows your anonymous accounts belong to your real person.
The disadvantages of having a separate account for anonymous things are:
- inconvenience of having to setup different accounts/use 2 different apps
- having to trust 2 different providers with your data
- you can’t really have a premium aliasing service because paying reveals to the provider who you are (unless they accept crypto but last I’ve seen not even Proton/Tuta do).
The advantage is if you never login from your real IP, those identities can be very hard to be linked by someone, even if you use a non-privacy provider for your anon things. I guess there’s no good answer to this issue, you have to choose what matters to you more.
If your data is requested in a democracy, you likely have little to worry about unless communicating with criminals or security threats. (To curb government overreach, citizens must advocate for stronger privacy laws, though progress is frustratingly slow.)
Doxxing by your fellow citizens could have more severe consequences.
Where civil liberties are weaker (expressing the wrong opinions or revealing certain lifestyles could lead to jail or death) you need a different threat model. And that definitely includes no money trail, like you said.
The other thing also being countries which have good civil liberties, generally won’t comply with countries that don’t, ie without due process.