Simplelogin/Proton Pass question

General
1

Hi does anyone have some further information as to what exactly es E2E with Simplelogin/protonpass? My understanding is that everything but the alias addresses are because they need that for routing but I’m not clear about whether the name of the Alias is encrypted? I generally created aliases through Pass and not through Simplelogin if it matters.

My concern is that Proton has been giving up more data with court orders. I don’t know if there has been any case where proton gave up the mail account data based on a Simplelogin alias but I assume that will be the case. One thing I’m trying to be careful about but I’m not sure if proton would do, is if they would ever surrender a list of all aliases associated with an account. I have gotten out of the habit of making addresses that are like privacyguides.foo@simplelogin for this reason and instead put something like bar.foo@simplelogin so it’s decoupled from the site if Proton were to surrender a list of emails, unless an email was already leaked it would be unclear what sites these emails were associated with. However if the name of the Alias is not e2e this is a moot point.

That being said I understand the limitations of this and don’t use it for anything that is critical but it’s something I’m trying to keep in mind due to Proton’s somewhat misleading advertising.

2

I believe the Subject is not encrypted.

Also, the disassociation idea is good. Follow it but chances are that if such a thing is requested on you, the authorities already know what it is for so may not really end up doing anything. But no harm following the rule anyway.

3

Yes that’s a good point I’m aware of the subject as it hits my Proton account and stays there. I’m just unclear about the rest of the fields and especially because I think Pass is supposed to be fully e2e (minus the alias name of course)

On other products like Lumo and Contacts they have a small padlock icon to indicate what fields are fully e2e. You can see clearly on Lumo all the prompt fields are e2e and on contacts that the name of the contact and email are NOT e2e while everything else is. Pass and also by extension Simplelogin doesn’t have this UI. I would assume that Pass item names would be e2e but I don’t know if that extends to alias names sort of like contacts.