Seeking Guidance on Managing My Proton Account for Better Privacy

When I first created my account with Proton, I shared significantly more personal identifiable information (PII) than necessary. Now, they possess detailed information about me, including my billing details, a secondary email address, and my phone number.

Over time, I’ve adopted a more cautious approach regarding the sharing of identifying details. As a part of my strategy to minimize risk, I’m focusing on reducing the amount of personal information that various services hold about me. My priority is to address my Proton account, as it plays a key role in my online presence.

Initially, I considered setting up a new Proton account and opting for a paid plan by sending cash directly to the company. The plan would involve transitioning entirely to this new account, followed by a request for a refund and the deletion of my current account. This method should ideally leave me with a clean slate devoid of any PII linked to my identity.

However, I have reservations since I’m concerned that Proton may easily identify the owner of the new account through certain data points, such as my IP address, particularly since I also utilize Proton VPN. It seems vital for me to rely on Proton to genuinely erase all data related to my old account, without trying to make connections between my previous and new accounts.

What do you think? Would creating a new Proton account suffice, or should I consider completely severing ties and starting anew elsewhere? I’m not anticipating any legal issues prompting this decision; rather, I seek reassurance that, in the event of someone requesting my information due to data breaches or litigation, there would be minimal data available to disclose. This aligns with my harm reduction approach.

I appreciate any guidance or suggestions you might have.

Full disclosure: I wish to clarify that I initially composed a post containing this information in my own language. Subsequently, I utilized a tool to modify my writing style and generate a title to safeguard my anonymity. The ideas shared here reflect my original thoughts, but the text has been adapted through AI assistance.

Others will no doubt be able to give better answers, but just to get you started, I think you’ve identified one of your key challenges:

If you rely on Proton to hide your IP, how do you hide it from them?

If your goal is to reduce the data Proton has on you, I think you might benefit from compartmentalization. There’s multiple ways to go about it, but a simple approach could be this one suggested by dngray, where you use different providers for different groups/“islands”:

Many people also group calendar and email, since these are frequently implicitly tied to your real identity based on their contents, but your case may differ.

It would help if you stated how many services you currently use with your Proton account. I assume Mail and VPN are a given, but what about their other services? Do you have a lot of files stored in Proton Drive, or perhaps many email aliases set up via Proton Pass (or SimpleLogin) along with your passwords and other details? Compartmentalising is a obviously a good idea, but the costs can add up.

For email aliases, one alternative would be a paid addy.io subscription, although it works best with your own domain (which is also a separate purchase if you don’t have one yet). You configure your domain to work with addy and then just set a new free Proton account as the recipient all your emails get forwarded to. You can set up PGP encryption as well so that all your forwarded emails (and their headers, if you choose) can’t be scanned by Proton. The addy.io documentation is quite thorough in terms of explaining all its functionality in detail. You’ll have to decide between Lite and Pro plans depending on your needs. If you want to pay in cash you can purchases voucher codes for yearly plans via ProxyStore who are an official reseller.

Currently, I utilize Proton Mail, Proton VPN, and Simple Login, all linked through a Proton Unlimited subscription. I don’t keep many files there, as their Proton Drive doesn’t meet my needs well. However, I make extensive use of email aliases and currently have about 80 active aliases set up. This feature is essential for me since I prefer each account to have its own distinct alias. I’d rather avoid having a domain name due to the extra costs and the attention it draws; using the domains offered by Simple Login helps me blend in more effectively.

I’ve investigated Addy, and it appears to be a solid option with reasonable pricing. My main concern is their standard aliases, which reveal your Addy username. However, the shared aliases seem to align with what I’m really seeking, making this a viable choice.

I’ve been considering transitioning to Tuta Mail from Proton Mail. I appreciate their commitment to renewable energy and their focus on privacy, along with a superior mail and calendar user experience without overextending their services. Additionally, their revolutionary package is more affordable than Proton’s, and they appear less aggressive in upselling.

I’m also contemplating Mullvad VPN, but I’m hesitant because many reviews indicate slow speeds. My home has a fiber connection, and Proton allows me to fully utilize that bandwidth, so I’m somewhat conflicted. I might sign up for a month with cash to test its performance.

I believe these tools will suffice for my needs. While I’d like to have E2E cloud storage with solid Linux compatibility, I can manage without it. I’m leaning towards acquiring a NAS for local file storage. Synchronization outside my home isn’t a priority for me; I prefer devices to back up when they’re on the local network.

For managing my passwords and securing notes, I’ve always relied on KeePass and have no plans to change that. I feel more secure with sensitive information stored solely on my local machine or network. The price gap between Proton Unlimited and Tuta (Revolutionary) combined with Addy (Pro) and Mullvad isn’t significant, which is fine by me. Moreover, I wouldn’t have to worry about the personal information I’ve shared with Proton causing issues. If I switch to Addy Lite, I might even save some money by consolidating my aliases more efficiently. I can just send cash to the Proxy Store to acquire everything I need.

I do feel a bit anxious about transitioning away from Proton. It’s not that I doubt these other services; I just struggle to trust the security and longevity of new providers. Initially, I had similar concerns about Proton, but my experience has been positive. I believe these new services will treat me well, especially since each specializes in a specific offering, suggesting that I could receive better overall results.

I truly appreciate you and @pine taking the time to respond . Please let me know if either of you have any further insights. While I think I have my answer, it’s always valuable to hear about others’ personal experiences with these services before making a final decision.

Obviously, it’s going to depend on whether Mullvad has servers near your location, but I’ve never had problems with throughput on Mullvad. Quite the opposite, Mullvad’s one of the quicker VPN providers I’ve used (past providers include PIA and ExpressVPN).

Again, this may be due to my location, but I’d highly recommend giving them a try. If it is too slow, IVPN may be a better choice. I don’t have experience personally, but they’re well regarded.

I agree with your reflections. Three things to possibly consider:

• For Proton Mail and Simple Login, you’re trusting a single provider; with Addy and Tuta, you’re trusting two parties and potentially adding an extra attack surface. However, all services mentioned here are recommended by Privacy Guides at the time of writing, and based on your threat model, I don’t believe this is an issue.
• Tuta doesn’t support PGP, so if you want to make use of it (such as between your alias service and your email), be advised. If you do, one option could be to use Addy Lite and Proton Mail, as @gapless mentioned.
• Some people are less happy with Tuta’s UX/UI than Proton’s. Your mileage might vary, but consider testing out Tuta’s free offering before buying a plan.

For Mullvad, I think it’s a good call to test out a single month, since your concern can be easily addressed that way. Be sure to check it out on a few different servers, too (including different combinations if you make use of multi-hopping).

I think you do, too, but you’re always welcome to write! Change is daunting for most of us, especially when we don’t feel we have all the tools or knowledge we need to understand the process. Hopefully, that’s what we can help provide each other here.

I feel like I’m in a similar situation as the OP. My understanding of privacy is much better than even a year ago. Now that Orotin has my personal information, such as my credit card, I’m not really sure how compromised I really am. In the back of my mind, I still remember Proton cooperating with French authorities in their investigation. So I still haven’t used Proton for sensitive and confidential information. That’s what Signal is for.