simplelogin (mail alias)
Ive noticed a thing or two.
When using simplelogin mail alias.
you send over public key unless you disable it.
Would it be possible for Simplelogin to auto disable public key so you truly send mail with alias without handing out pgp keys with actual mail in it?
Or rename the public keys or generate a "simplelogin" pgp key?
OR simple remove pgp public keys when sending via alias?
Anon303
shared this idea
-
rr
commented
+100
PGP encrypted Proton Mail addresses dox themselves when using SimpleLogin's reverse aliases by including the underlying email in the attached publickey's filename. For example: "publickey - doxxed-email@proton.me - 0xDEADBEEF.asc"
It would be great to get any of, or a combination of, the following:
1. Remove the identifiable substring from the publickey attachment's filename to avoid disclosing the underlying Proton Mail address: "publickey - 0XDEADBEEF.asc".
2. Refrain attaching public keys to any reverse aliases since the shared public key can link aliases together. Proton Mail is aware of aliases with mailboxes pointing back at the underlying Proton mailbox. I'm sure it's feasible to check if the outgoing message is to a SimpleLogin alias.
3. Each alias has its own PGP key to permit unique encryption for each alias. However, this would require a more intimate integration between SimpleLogin and Proton Mail than the other two options but it would definitely provide the most value. -
FireFish5000
commented
I'd prefer integration with simplelogin to be at the same level as mail alias is. Where instead of this unnecessary reverse-alias redirect to/from simplelogin which is also running on proton, we just plain receive it into our inbox if the alias is enabled and can plain send an email as the alias using the alias's own pgp key.