Automatic generation of e-mail aliases

[iam0day]

Hi, as per the title, I was wondering if you had a feature planned for Padloc to automatically generate email aliases from services like simplelogin.io or anonaddy.com during credential creation. Is such a thing planned?

[MaKleSoft]

That's a very interesting idea! Using automatically generated burner email address in combination with randomly generated passwords would actually make a lot of sense. However the main downside of email forwarding services like this is that they require a lot of trust, since you're basically giving them the power to reset passwords for any aliases forwarded through them. And I don't see us providing such a service ourselves since it would arguably weaken our zero-trust claim.

It would be opt-in, obviously, and I guess we could let people "bring their own" email forwarding service. But then for it to be useful we'd have to implement integrations for a lot of different services, since I doubt there is a standard api for this kind of thing.

All in all a very intriguing idea, but realistically not very feasible at this point.

[iam0day]

However the main downside of email forwarding services like this is that they require a lot of trust, since you're basically giving them the power to reset passwords for any aliases forwarded through them.

True, you are right, just as one must trust Padloc, one must also trust an e-mail alias service. The fact remains that in the case of SimpleLogin (recently acquired by Proton.me) it fully satisfies the same trust I place in the service you offer, in that it has a transparency about security that reassures me greatly.

And I don't see us providing such a service ourselves since it would arguably weaken our zero-trust claim.

It wouldn't make sense to me either, and I remain of the view that projects, especially open source projects, that have been in continuous development for a long time should be supported as they mature, and I always advise against reinventing the wheel unless it is really necessary.

It would be opt-in, obviously, and I guess we could let people "bring their own" email forwarding service. But then for it to be useful we'd have to implement integrations for a lot of different services, since I doubt there is a standard api for this kind of thing.

In my opinion this would be a great feature, because BitWarden also plans to integrate these services... And to avoid confusion and ensure the same integrity of the service, an integration could be created only for projects that are totally open source, excluding closed and commercial ones.

[iam0day]

Is there any news?

[MaKleSoft]

No news as of yet, and to manage your expectations, there probably won't be for a while since we are a small team and have other priorities currently.

[ghost]

Something like this would be very interesting on Padloc! It might be cool to have an integration with DuckDuckGo Email Protection as well, but I don't think this is possible yet.