Protect Your Email with SimpleLogin: An Open-Source Alias Solution Hosted in the EU

TL; DR: SimpleLogin, created and hosted in the EU, is an open-source email alias solution designed to secure your primary email accounts. By leveraging email aliases, users can create a different identity for each website they log into, thereby protecting their primary email addresses from spam, phishing, and data breaches. Keep an eye out for SimpleLogin’s forthcoming solutions for phone and credit card aliases, which will revolutionize the way we approach online privacy.

Many, if not most, of the websites and applications available today offer a single sign-on (SSO) option through Facebook, Google, or Apple. The goal of the SSO is a good one: it allows users to log in to a variety of related but separate software systems using a single ID and password.

But the same system that makes logging in easier amplifies the consequences of data breaches.

Take the 2018 Facebook attack, for example. Hackers exposed the sensitive data of roughly 50 million users. If just half of those users had just one account tied to their Facebook account, cybercriminals may have been able to access the data from an additional 25 million accounts.

But using the same email login for every site isn’t a great solution, either — the practice tends to dirty up inboxes with excessive spam and leave users vulnerable to phishing. According to Son Nguyen Kim, Founder of SimpleLogin, the best solution is to have a different identity for every website. That’s why he started his company.

“I created SimpleLogin to make email aliases accessible to the public,” Son said. “The goal was to provide something easy to use and available everywhere: on the web, on smartphones, and via browser extensions.”

Email aliases work similarly to email forwarding, where all emails sent to an alias are forwarded to the user’s primary inbox. With SimpleLogin’s technology, users can also send emails from an alias. But that’s only the beginning: Son told us his team is working on reimagining privacy from a broader perspective with phone and credit card aliases.

SimpleLogin, created and hosted in the EU, got its start back in 2019 when Son was at his wit’s end with email phishing and spam. After entering his email address into an automated data breach checker, Son realized that his information had been breached — not just once, but multiple times. Unfortunately, the same is true for most long-standing email addresses (check if someone compromised yours here).

Son knew that creating a unique email address for every website he logged into would solve the problem.

“There are two main benefits to creating a different identity for every website,” he said. “The first one is that it’s really hard to link activities together — if I have an account on Tinder and another account on Amazon, with two different email addresses, it is impossible to know that the same person is behind them both.”

The second advantage: It’s easier to pinpoint problematic situations. “If I start seeing emails from Groupon, but they’re being sent to my Tinder address, that means Tinder has sold my data to Groupon, or maybe they experienced a data breach,” Son said. “So I can just disable that email address.”

But the technology used for batch email creation wasn’t exactly user-friendly at the time — Son said it was only suited for technophiles and developers. So he took a leap. He quit his full-time job overseeing a software development team in Paris, and SimpleLogin was born. Today, the company has grown into a four-person team that helps users protect their online identities regardless of tech skills.

And it’s catching on with users.

“It’s not often enough in life I find a service I’m really a fan of. It’s so barebones simple,” said one Reddit user. “I can create an alias in 5 seconds and then use it immediately. Having different emails for all sites is just fantastic.”

SimpleLogin has expanded its feature set over the years to include everything from easy alias creation and management across multiple websites to generous pricing.

Son said that the open-source community has responded quite positively to the product, often recommending it on privacy-focused blogs and social media. Thanks in part to word-of-mouth marketing, SimpleLogin has enjoyed a steadily growing adoption rate.

“We have about a 10% increase every month, which is not explosive like Facebook,” Son said. “But it’s stable revenue we can use to run the business.”

SimpleLogin’s pricing packages include plans for businesses and enterprises as well as individual users. Son told us businesses use SimpleLogic for two primary purposes.

“The first is to protect against phishing — one of the most dangerous threats that companies have to face today,” he said. “If employees use a different email address outside the company, and they only use their corporate email address inside the company, then there’s no way for external actors to send them a phishing email to try to steal his credentials.”

The second, still-emerging application involves citizen protection.

“We are talking with a company in Australia, and they want to use our software to protect the identities of their citizens,” Son said. “Essentially, they want to use a software product provided by a company located in Europe, but they don’t want this company to have access to the email addresses of their citizens. So they use SimpleLogin to create layers of protection between citizens and the third-party software company.”

No matter what the use case, SimpleLogin stays true to its name with easy-to-use browser extensions for Chrome, Firefox, and Safari and apps for Android and iOS.

“The best way to begin is to use a browser extension,” Son said. “You can visit a website, and if it asks you for your email address, you can just click a button and an email alias is created.”

More tech-savvy individuals will appreciate SimpleLogin’s advanced features, such as custom domains, PGP encryption, and catch-all aliases.

Son has big plans in store for the future of SimpleLogin.

“Email aliases are just the beginning,” he said. “After working on an email alias solution, I realized it would be interesting to do the same for phone numbers.”

The team is currently working on a solution to protect phone numbers by masking them with virtual numbers. The tool will be beneficial as spam calls become an all-too-familiar nuisance for mobile users.

“Instead of using your personal phone number everywhere, you can have multiple, for business use cases or delivery services, for example,” Son said. “So we just started working on that.”

The goal is to release an alpha version at the beginning of next year. Son said the team will begin tackling a bank card masking service after the phone number project. The solution will empower customers to use virtual cards as aliases for their primary card numbers. The service is bound to be a hit, considering the sheer number of data breaches taking place today.

Got ideas of your own? Users are always welcome to contribute development suggestions via SimpleLogin’s open road map on GitHub.