Plan to set up custom domain + Proton Family for more privacy

TL;DR: I’m considering getting a custom domain, using Proton Family services, and having compartmentalized email addresses - good idea or overkill?

Like many folks, I currently have multiple email accounts all over to separate things out. As I’ve learned more about privacy, I’m thinking about consolidating for simpler management using a provider like Proton.

Of course any service could go away, so I’d use my own domain, with accounts set to forward to Proton - that way I could switch providers by updating DNS settings.

If doing that whole setup, it’s worth planning out the structure. Interested in feedback on the idea or if others are doing something similar.

Current Privacy Priorities

I have my own threat tolerance but to summarize - I’m mostly worried about:

• Financial identity theft
• Home network infiltration from IOT devices
• Username/password database leaks
• Protecting personal/sensitive data

Open to tips but not looking for debate on my specific views.

Alternate Solutions Discarded

I’ve thought about:

• Avoiding online services - not practical
• Using cell data to avoid public WiFi - not always convenient
• Local password manager - harder to share in family
• Off-grid lifestyle - maybe someday!

I participate in today’s digital world but don’t want to sacrifice all privacy.

Proposed Setup

Core components:

• Isolate IOT devices on separate network
• Get generic private domain, e.g. family.com
• Use Proton privacy bundle - mail, calendar, VPN, password manager
• Each family member has a hardware security key
• family.com for household, financial, medical, career emails
• Google accounts for phone login
• Proton accounts for site logins

Not hack-proof but an improvement over my haphazard status quo.

Expected Benefits

• Limit IOT access
• Compartmentalize account types
• Reliable domain for key communication
• Shared password manager
• Access controls around personal data
• VPN protection on public WiFi
• Can make throwaway accounts if needed

Example Emails

• jane.finances@family.com - banking, taxes
• jane.career@family.com - job sites, LinkedIn
• johnsons@family.com - utilities, appliances
• xyz123@google.com - Jane’s mobile
• jane.inbox@family.com - receives all Jane’s emails
• abc123@google.com - John’s mobile
• netflix123@proton.me - streaming sub
• reddit456@proton.me - website login deleted later

And so on for family members…

Let me know any glaring issues or if you have a similar setup!

This is really something only you can answer. You should read up on threat modeling.

Why do you need a private domain? Proton Pass will allow you and your family to have alias emails for any service. So you would not need to ever give out the new proton email address anyway. This way instead of setting up a bunch of custom emails, you can just have johndoebanking@simplelogin and janedoelinkedin@simplelogin - which is something you would be paying for anyway.

You may want to reconsider this. Having every phone attached to a Google account is not a great privacy solution. A lot of apps can be downloaded without using a Google account and even the ones you need a Google account for, it may be better to make a throwaway one and not have your phone always signed into it.

Regarding “Why do you need a private domain?” that would be:

Of course any service could go away, so I’d use my own domain, with accounts set to forward to Proton - that way I could switch providers by updating DNS settings.

So if Bitwarden offers mail one day (and they’re cheaper and it’s worth the effort and…) I can switch while keeping the same address.

Maybe I am misunderstanding but, you would be able to do this anyway. You would just go to your simplelogin account (which you get with your premium proton account) and simply change the email address that the alias emails forward too.

Side note - I don’t see any sort of content blocking plan. Are you considering using any sort of DNS blocking service or self-hosted one?

Thanks for all the responses! These are my immediate thoughts, just to try and clarify what I understand so you can fill in the blanks

Overkill I guess my major concern is paying for security theatre. In the scenario above I’m going to a lot of trouble to use separate email addresses for each service, but is that neccessary? My nightmare is some chain of data dumps enabling identity theft, and the stress in fixing that. If a shared email address isn’t a major flaw, I can drop that.

Simplelogin Ok, I understand their service better now. I guess my instinct from having had multiple email addresses over the years is to finally have a vendor-independent domain.

Google I rely on Google Play for all sorts of practical apps. At least for now it seems like Google owns that part of my life.

DNS blocking I don’t understand this part. I use the DuckDuckGo browser on my phone and Firefox + DuckDuckGo on my desktop. What am I missing?

I would not recommend custom domain:

1. It will decrease your privacy and anonymity (this domain is not used by anyone else in internet (AKA not public domain), this means that every service will know that all addresses on this domain have one owner)
2. Custom domains can also be put in SPAM by very aggressive anti SPAM systems due to lack of reputation of newly registered domain (most commonly it is an issue only on new domains, and will disappear after some time)
3. Custom domains have many information about you in WHOIS (can be removed, sometimes for additional price)

What will be recommended:

1. Use public domains (to avoid being tied to one person if something will leak)
2. Avoid catch-all. I know it is convenient but if someone will know your domain this person will be able to SPAM on random addresses on your domain and they will come to inbox.
3. NEVER share main address. Ever. If you need something to be tied (ex bank) permanently, consider using separate address for it (for example additional mail address on Proton in the same account).
4. For all conversations or signups for regular using use alias (including sending from alias)
5. For everything like shops, cafes or other discount programs use temporary addresses. This also applies for everything you don’t trust.

I recommend Yopmail temporary addresses (they are most often permanent and supports forward and reply feature)

Thanks @pikacho this had crossed my mind (a personal domain is somewhat identifiable). However, I feel pretty certain that in the remaining decades of my life there will be an opportunity to pick a solution other than Proton? Is that the only trade off you see (single vendor vs identifiable)?

This is a silly generalization, there are circumstances where your identity is a “known” identity and then that is acceptable.

You don’t necessarily need anonyimity to have privacy, and that’s an important point to remember. The reason for this is because long term anonymous identities are quite difficult to maintain.

You can always use a known identity such as an official email in conjunction with aliases for less important things, that won’t necessarily be long term, eg unknown or even anonymous identities. See that above page for more details.

These will be banned and in a lot of cases you shouldn’t be using temporary mail services for anything which you care about. Remember the domain owner essentially owns access to your accounts so the security of those is entirely dependent on what they do with those domains in the future.

From what you’ve described @OrangeRye, I would go the route of Proton Mail (with a domain that you own) and the use Simple Login for various what you’ve defined there.

If it’s tied to a credit card (netflix for example) don’t worry about anonymity, as there won’t be any. That is a known identity, you may choose to use a SL alias on your custom domain.

Note that things like Amazon, will ban you if you use addy.io/simple login or any temporary aliases shared on domains with other users.

Yes. But why? For now Proton is the most trustworthy email provider.

We have also:

• Tuta (Tutanota) but it doesn’t support PGP (have proprietary encryption, so we have no 100% (let’s say we have 89%) guarantee that it doesn’t have backdoor) also it is located in Germany (part of 14 eyes) alliance
• Skiff (new, have various privacy issues)

Eyes is really unimportant these days as there are plenty of countries not on that list which will be happy to spy.

The main thing about Tutanota you have to remember is the lack of interoperability with anyone not on that service, and the fact you cannot use an email client (no bridge).

Skiff can recieve PGP emails, but unless everyone is on Skiff you’re not going to be really sending encrypted email once it lands it leaves the Skiff server.

You misunderstood. Please stop being rude.

I meant that you will tie all accounts to one identity. This will make hypothetical bad actor know that this accounts created by one person.

Most likely no (new domain every day), but if so this one will help (generates temporary working Gmail addresses, no registeration)

For something like this you should have alias on Proton domain

That would fall under known identity, so it’s entirely reasonable to use your real domain for that, all of those things will require other details to be disclosed at some point. (Even the mobile one, as a lot of countries have KYC (know your customer). If you’re speaking to anyone over the phone you’ll be using your voice, so that’s not anonymous either. I’m not talking about a VOIP carrier here because that would be secondary to your primary known number.

John I assume is a different person, and he should have his own known identity, @family.com, not a google account. Remember you can open a google account without a gmail address, this can be used for things like Google Play/Store if you need those. The same applies for Apple and Microsoft. These at some point will generally include a credit card number and it’s unlikely there will be a breach revealing your email.

Also tied to known identity, as you’re gonna have to supply a credit card number to Netflix at some point. You may choose to use a Simple Login alias, on your own domain, the reason for this is it’s likely that a generic alias will flag your account. Amazon does this (and i found that out the hard way).

Unknown identity, so you could use a generic alias for that as it’s no big deal if it gets deleted. Don’t use a @proton.me account though just use Simple Login which is owned by Proton Mail now.

That is going to apply to anything where you’ve supplied other details such as a credit card, the example they gave, finances, career, utilities etc are all going to be tied to a physical identity, likely requiring physical address, phone number and billing credit card.

They can always be banned at a later date, in general do not use these for anything which you paid for or care about.

You can use your known identity for that, because you’ll likely have to give them physical address (perhaps a parcel locker in the vicinity) and a phone number anyway. In general you’ll also need those things if there is any international purchases as required by customs when importing into your country. (They can hold goods until you provide them).

The other thing to remember is the more email accounts you open, the more accounts you have to monitor and practice good hygiene with, so i would advise against opening a heap of @gmail or @proton.me accounts Simple Login (which is now owned by Proton) is made for this purpose and will make your life a lot less painful, while not compromising on privacy with this approach.

As I mentioned above, it is appropriate only for something (or someone) you don’t trust (and not paid). For anything else only aliases.

Yes, but separating them will be better for hypothetical services hack. If something will leak it will isolate main mail from phishing/SPAM attacks.

Use Card masking if there is no other way to pay. But avoid bank transfers or payments if it is possible

You could use a simple login address for that at your domain. Be mindful not to include the company’s name inside the alias, seen people complain about being rejected by dumb fraud teams for doing that.

You might consider something like:

• jane.water01@family.com

(for your water company say). Or something like that, or a second custom domain, though there is not any real point I can see in doing that.

What I would not do is call it jane.name_of_water_company@family.com.

The majority of utilities that simply won’t be possible, and details about physical address will still be on file, eg for electricity, internet, fixed line internet etc. At that point, might as well use a credit card.

TLDR is don’t aim for anonymity unless you know the identity won’t be tied to you in any other way, address, phone, email, etc. You don’t need to be anonymous to have increased privacy.

The main reason for having your own domain is utility, you can move from one email provider to another in the future if enshitification begins or you end up disliking the service in the future.

In my country there is street terminals (something like ATM but only for paying bills) where you can pay for everything with cash.

In this case yes, but why do you need personal domain in this situation? You are purely theoretically widening attack vector (adding one more extremely important account such as domain name registration provider account), share with additional third party payment information (what can be easily leaked if service hacked) and paying useless (for most cases) fee. It is better (and cheaper) to subscribe to SL premium and create personal directory/subdomain which will eliminate additional risks

Yes, and that’s inconvenient for most people, so don’t assume people want to do that. The fact they did not mention anonymity in their original post may mean they’re not requiring that as a part of their threat model. (Most people do not).

Personal domain gives you power (utility to change providers), and also means you’re not bundled in with “other users” when using aliasing services. If you’re using these services with anything tied to a credit card, or physical address than there is no anonymity anyway.

Nonsense words. Sorry gonna call it what it is.

Personally I’m not too worried about cloudflare getting hacked (it’s where I have my domains). There are good domain registrars and a lot of them have decent security features, 2FA, FIDO2, etc.

If your intention is to prevent phishing as you said in your above post then using your own domain on simple login is fine.

The main issue to remember is if those accounts are something you care about (paying a subscription), or are concerned about being locked out, then I would be very careful using shared alias domains ie addy.io / simplelogin.io shared aliased domains.

These do often flag on accounts, and then you have to go through a tedious process of trying to regain access.

When I had this happen with Amazon I was unable to, as they wanted full bank statements (which I was not prepared to give them). If it is a “big service”, like Amazon, Google, etc then you may very well have the same issue.

Also had it happen with Google when providing a VOIP number, fortunately I didn’t care about the account.

whether or not you use a custom domain or just use alias emails, separating services by email address is helpful because in any data breach, only that email is affected and it makes it much simpler to simply delete that email address and use a new one. It also provides a lot of granular control for spammy services as you can disable receiving emails from that specific service.

There are people much more knowledgable about the benefits of having your own domain on here, so ill let them chime in.

have you considered looking into using pixel phones and installing grapheneos?

check out the knowledge base on dns

This, but just be mindful some aliasing services where you’re using a domain that is shared with all other users may cause you to be locked out of those accounts.

Typically these are “bigger” services, not some random forum you signed up to though. There is also generally less risk here as these companies have security teams. Examples, being Apple, Google, Microsoft, Netflix, Amazon etc.

whether or not you use a custom domain or just use alias emails, separating services by email address is helpful because in any data breach, only that email is affected and it makes it much simpler to simply delete that email address and use a new one

It may be an option then to just use a google account (but when you sign up say you already have an account:

2604×619 25.7 KB

I think you meant to link to the main page, DNS Resolvers - Privacy Guides.

In short there are some domains that are “filtered” on services like Adguard etc, which means when you have those set as your DNS server those domains won’t load in your browser. It can be used as a primitive form of adblocking.

For example there is an option in Chrome to set this:

1864×1872 104 KB

I didn’t know that cloudflare allows to register domains. By the way, even serious companies can be hacked (like google or Microsoft). If no E2EE = more technical possibility to hack and leak.

Make sure to contact alias provider support (for SL antiabuse@proton.me, they will help you to solve this issue with webmaster)

@Parish2555 @pikacho @dngray Wow, thank you so much for all this discussion. It helps me identify which things I personally want to protect or not. It can be really difficult to articulate these things and make the connections and see my own assumptions.

Partly, I just have an instinct to stick it to the man which is dangerous because I could be fooled into paying for the feeling of sticking it to the man.

On the other hand, given that I regularly read about data dumps, I want to take reasonable precautions, in the same way that I lock my doors at night.

I will probably follow up with some more specific threads, but if anyone has other perspectives please feel free to share.