It seems that you’re currently missing the point. It is not about privacy, or whether the email service provider is trustworthy. It’s about technically valid anonymity.
Your comment on bypassing the sign up restriction only works for Proton. As I’ve said, Tuta does not allow ANY registrations on Tor, VPN, and even some residential IPs for reasons I do not fully understand (they claim it for the prevention of abuse, but then why block normal residential IPs?). It doesn’t matter whether you have any secondary privacy-friendly email providers. They just don’t allow you to register.
Changing the exit IP address of the VPN might temporarily solve the issue if the IP block is based on a blacklist. But as you know, VPNs are far from being anonymous. And obfuscation has nothing to do with either privacy and/or anonymity. It’s just a way to bypass to VPN restriction on heavily censored locations to connect to the VPN.
Could you find somewhere with free public Wi-Fi to sign up?
This site is also quite useful for avoiding spam filters when signing up. It gives temporary gmail addresses by using plus and dot addressing. I find that not many sites are wise to dot and plus addressing.
You can always delete an alias for a specific website and replace it with another. The problem that Proton doesn’t seem to appreciate is that a lot of times, when you update your email address for a certain website, your current address needs to be working until the new one is added and verified.
For many websites, if you update your email address, they will send you a confirmation code via email to your current address, not your new one. Some will send to both.
That means that for many websites, if you try to update your email, but you don’t have access to your current address, you will never be able to update your email, even if you still have access to your online account.
Real life example: Filen
This is exactly what could have happened to me with Filen. Filen is an E2EE cloud service for which I have an account. With my Filen account, I used an email address from Skiff. Skiff was an E2EE email provider that was supposed to compete with Tuta and Proton Mail, but they shut down after they got bought by Notion. When Skiff announced their shut-down, they told their users that they had 6 months to get their affairs in order before losing all their data.
As I explained, my Filen account was linked to a Skiff email address. If had tried to update my Filen email after Skiff shut down, I would have never been able to do so, because Filen doesn’t send the verification to the new email address but to the current one. I would still have been able to log into my Filen account, but updating my email would have been impossible.
We need to make noise so Proton understands
The fact that Proton doesn’t appreciate situations like this is why it’s so disappointing. I’ve been saying for a while now that I will write a proper post about the problems with this rule, but I’ve been so distracted with other stuff. I will try to get to it before then end of September, because there are many issues that Proton doesn’t appreciate, and we need to make noise.
Complaining via customer support is not going to achieve anything. I know because I tried multiple times.
I have no idea, and it’s not something I want to test. But that’s definitely an option Proton has. Imagine you’re subscribed to Proton Unlimited, with Proton Mail as your default email provider you’ve been using for years. You create 3 aliases, and Proton decides to completely shut down your account.
That’s very scary to me and also completely unreasonable.
This is surprising because I use a VPN 24/7, and it was enabled when I created my Tuta account on Mullvad less than 6 months ago. I also paid for my Tuta account anonymously with a gift card that I bought with cash from the Proxy Store.
Have you tried changing VPN locations? And are you sure you don’t already have a free Tuta address. Because if you do, and you try to create a new account after being connected with an older account, that might be why. Tuta is stricter about reprimanding people with multiple free accounts than Proton.
It’s also possible that someone logged into their Tuta account with the VPN IP location that you used. But I would try different ones. Wait a couple of hours/days between each failed attempt.
Hey, so which will be best in this situation (1 time registration - anonymous and they dont know muc):
Registering in Dmail (mail.dmail.ai)
Registering by onion site in protonmail but confirming with Dmail as recoverymail (needed to use to third party apps), needed to turn off ublock to register then.
same as nr 2. but with alias mail from simplelogin coming to protonmail
Not a Proton user, but that policy sounds pretty shortsighted: If you use mail aliases exactly for their intended purpose, eventually one of your registered sites will experience a breach. I last had it with Internet Archive (archive.org). To prevent future spam, what you’d want to do is create a new alias, and change over from the old one.
Personally I just use iCloud Hide My Email. I have up to 10 accounts on one service, and 2 or 3 on multiple other ones. Never received any restriction whatsoever for that.
About AliasVault, is there a catch? It’s free and open source, they don’t seem to have any business plan at the moment (they do mention a premium plan on their GitHub/roadmap), you can create an account and host your data on their servers at not cost, there seem to be only one dev behind it, it hasn’t been audited, etc.
I don’t know. I have the feeling that it is too good to be true. I get that it is a very young piece of software, so there’s no point in having like business expectations from it. At the same time, why paying for any other cloud based password manager if you could go with AliasVault?
I first heard about it in this thread, nowhere else so far. Thus why I am a bit suspicious.
I’ve never had that happened with ProtonPass so far. I create an alias everytime I have to register somewhere. I keep it active and if it ever leaks, I disable + delete.
Never had the issue either. I still haven’t updated to Proton Ultimate though. So I’m limited to the few aliases available with the Mail Plus plans.
I get that Proton is trying to limit the potential abuses of these aliases. As much as I think that the ToS of SimpleLogin need to be refreshed.
If you are on Proton with a custom domain and do end up being flagged for misusing your aliases, nothing is stopping you from using addy.io. As mentioned in their FAQ, you can keep using Proton Mail (or any other mail service) by creating a subdomain that will be dedicated for addy.io. Or you can just use the aliases generated by addy.io with their own domains. Both cases are great for generating burner aliases. And I’m pretty sure that anyone with a light usage can manage to stay on the free plan. If not, 1€ / month is nothing.
About AliasVault, is there a catch? It’s free and open source, they don’t seem to have any business plan at the moment
If I remember correctly, it’s in beta currently and will eventually introduce premium plan. According to the dev, it’s also possible to self-host everything. So if you don’t trust their cloud, you could use your own server.
I agree it’s pretty new and not well-known, so it’s natural to be skeptical about it. I tested it and enjoy using it so far. I’m currently using it for all my new throwaway/test accounts. I really hope this project grows and stays for a long time (or I hope one day I will be good enough at self-hosting to host it myself if necessary).
I first heard about it in this thread, nowhere else so far
That’s why it’s better to go with Addy.io who allow you to create multiple aliases for the same website.
Unfortunately, addy.io also doesn’t allow that. It is stated in their FAQ:
”Can I use aliases to create multiple accounts on other websites and services?
No, you must not use addy.io to create large numbers of accounts on other websites/services as this is against the terms and conditions.”
(link: Frequently Asked Questions - FAQ - addy.io )
It is against their ToS to create more than one alias for the same website.
Technically, they don’t spell that out explicitly. Here are the exact wordings:
“11. Abusive registrations of email addresses (including aliases) for third-party services;” (Proton’s Terms of Service)
“Abusive usage of aliases for third-party services is prohibited. For example, you shouldn’t use email aliases for bulk signups on a third party website.” (SimpleLogin’s Terms and Conditions)
In my opinion, they use vague terms like “abusive registrations” and “bulk signups” so that they have the excuse to ban/issue warning to whoever feels suspicious to them, while also continuing serve other customers that do the same thing but somehow don’t trigger their anti-abuse algorithm. So as long as you don’t trigger the anti-abuse system, you will be fine. Many people said they had multiple aliases for the same website and didn’t receive any warning.
I understand your frustration, I’m also upset about this issue and the lack of transparency from Proton. After a lot of digging, I found out something that could be helpful if you decide to use Proton/SimpleLogin alias. One of the mods of Proton on reddit commented:
”This isn’t about “using several accounts” but about registering them in a very short time to trigger. I do know what the limit is, as the limit isn’t public knowledge due to security reasons (otherwise would facilitate the life of abusers).”
“Space it out and don’t do it all at the same time”
“Just spread them over time time and you’ll be fine. I have had 5 tidal aliases (for a family account), created over some time and didn’t have any issues (on a paid plan).”
So I think if you wait a few days or a week before using the new alias for the same website, it will be safe. How much time was there between the two account registrations when you received the warning last time?
Exactly my thinking. On another note of proton questionable policy, they did spelled it out in their tos that multiple proton free accounts are prohibited, ie 2 is literal multiple so technically only 1 are permitted. But their staff, wearing “proton staff” reddit tag said that its fine to have multiple free accounts as long as they’re not use abusively.
Their policy on proton free account are strict, only 1 account are permitted per user but they also have their staff going around basically saying go ahead break our tos, have multiple free accounts, its fine as long as you don’t use them for abuse. “For abuse” is still very much vague so they can act on the actual abusive users while keeping a closed eye to the ones that don’t. But anyone that have multiple free proton accounts that don’t abuse them are really living dangerously since proton can ban them anytime, at any moment for literal tos breaking.
I like to use AdGuard’s temporary email services because AdGuard inspires me some trust and because the service is fast and transparent. I used to use Guerillamail too. It seems that emailnator and reusable.email are quite appreciated here too.
However, be really careful with these emails as they have no security at all and you are probably better off using an email alias. Even if it triggers your mentality “omg it’s linked to my email and alias account, my privacy is ruined”
There might be some truth to this, but it’s still a problem. ToS should be clear. Even if you are correct, Proton and Addy do NOT interpret the word “bulk” the same way.
Exactly. For Proton, it’s anything more than one, which is completely contrary to what “bulk” actually means.
Also, in a past comment about this, I pointed ou that Proton makes that rule very clear when they give you a warning.
You have tried to register multiple times to ******** and this is against the terms of service of SimpleLogin. Please don’t do that anymore.
If you continue registering multiple accounts to a single service we will have to disable your account.
Multiple means anything more than one.
In their FAQ Addy says:
No, you must not use addy.io to create large numbers of accounts on other websites/services as this is against the terms and conditions
They use the term “large”, which like “bulk” emphasizes a great order of magnitude. It suggests that having 2 or 3 aliases for the same website would be ok. And to get confirmation, I asked the owner of Addy, and he said it would be perfectly fine for me to have 3 to 4 aliases for any website. It’s only after I got his confirmation, that I signed up for a premium subscription.
That is very different from Proton who say in their warnings, and in my interactions with their support team, that only one alias per third party website is allowed.
Always ask for confirmation
I strongly recommend anyone who wants to ask Proton a question for which the answer is not clear to demand that they triple check their information. Do not be satisfied with a simple answer, especially if it’s the answer that you want. And when they make a statement, repeat it to them in your own words, and ask them to confirm your understanding is correct.
If they say you are only allowed one alias per third party website, ask them to confirm that statement like this:
So what you’re saying is, if I have 2 Instagram accounts, I can use a Proton Pass alias for only one of them?
I argued back and forth with Proton to get a clear answer on aliases. And many times since, I’ve had interactions with Proton on social media where I had to correct them because they gave the wrong information. All this is to say, there are many Proton support agents who do not know that the alias limit is one per third party website, and will tell you otherwise, unless you ask them to double check and get confirmation from colleagues or superiors.
