126
AliasVault | Open-Source Password & Alias Manager (www.aliasvault.net)
submitted 1 day ago by Sunny@slrpnk.net to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments

Just discovered this cool project, thought i'd share it here.

AliasVault is an end-to-end encrypted password and alias manager that protects your privacy by creating alternative identities, passwords and email addresses for every website you use. Keeping your personal information private.

Link to website: https://www.aliasvault.net/

Link to source code (MIT Lisense): https://github.com/lanedirt/AliasVault

For those wondering how the alias feature works:

AliasVault includes a built-in email server that allows you to create unique email addresses (aliases) for different services. When someone sends an email to your alias, it's received directly in AliasVault, helping you maintain privacy and reduce spam.

top 19 comments
sorted by: hot top controversial new old
[-] NaibofTabr@infosec.pub 29 points 1 day ago* (last edited 1 day ago)

Ah, if all of your email aliases trace back to your personal, locally hosted server, of which you are the only user, on presumably your personally owned domain, it will not be private... well private in the sense that it's just you I guess... but super duper identifiable - because it's just you. At which point why bother with the aliases.

[-] Dark_Arc@social.packetloss.gg 19 points 1 day ago

As someone that uses a custom domain for the majority of his email, it's not really a privacy thing, it's a control thing.

I have hundreds of unique unpredictable email addresses and I can disconnect them at will to stop spam.

[-] starshipwinepineapple@programming.dev 6 points 22 hours ago* (last edited 18 hours ago)

Agreed, though i do think it's a privacy thing. Many people use privacy and anonymity interchangeably but they are different things.

The options are:

  • use a single email. If it is leaked you need to update hundreds of accounts or risk falling for a malicious email
  • use a catch-all email and each service gets a separate email, but you can't turn off receiving mail at a specific address unless you use a sieve filter. This doesn't stop people from just guessing random addresses.
  • use specific aliases for each service. Idk about this specific project but usually you can turn off receiving mail at an alias. So if a company gets a data breach i just change my email (or close the acct), then i turn off the old alias.

I did the catchall for a few years but have been doing aliases for 5+ now. In the end, the only people/ companies who have my email are the ones I want.

[-] mbirth@lemmy.ml 29 points 1 day ago

why bother with the aliases

Because once some service “loses” (or sells) your email and you start getting spam, it’s pretty easy to burn that specific email address and change it to something else with that specific service and the spam will stop.

[-] Engywuck@lemm.ee 1 points 1 day ago

A catch-all domain address with whois privacy and hosted elsewhere helps a lot.

[-] Tetsuo@jlai.lu -2 points 1 day ago

Does it?

Do you think spammer will just stop at the first address and then call it a day?

In my experience there is no such thing as a "catch all" domain address. The second your domain leaks then many spammer will just go into a frenzy and try hundreds or thousands of mail aliases.

Especially since they can't really spam Gmail as easily (since early 2024) they will even more aggressively spam any other domain.

[-] Moonrise2473@feddit.it 6 points 1 day ago

spammers they just email info@domain and call it a day, they don't try to see if you have some custom naming scheme. I bounce all emails sent to that, the rest is catchall, with occasional blacklist to some TLD like .monster .asia .xyz or .su

[-] Tetsuo@jlai.lu 0 points 1 day ago

This is not at all my experience with custom mail domains.

And I say that after spending a lot of time setting SPF, DKIM and DMARC filtering.

I guess you got lucky.

[-] ShortN0te@lemmy.ml 2 points 20 hours ago

Why should a scammer or spammer bother with a tech savy person. Scammers and spammers use E-Mail dumps from data leaks to spam and scam ppl. The first step is automated, way more profitable then to go spear fishing on a normal user.

[-] Tetsuo@jlai.lu 1 points 19 hours ago

I'm not sure why people are trying convince me to change my mind on something.

I have seen it in my logs with my own eyes. I wish I could be left alone without having to bother looking into it.

Whatever the reason is. Someone is crawling through dictionaries of address. It is slow but steady. It started with abuse@ and other generic addresses and then started trying names. I blocked the sending SMTP server once I realized what was going-on.

What am I suppose to do? Ignore it and just triage in inbox?

[-] ShortN0te@lemmy.ml 1 points 18 hours ago

It is just not the way the usual scammer and spammers operate. Ofc there are other types of criminals that do operate differently but those do not get their Addresses from a data leak which E-Mail aliases pretect against

[-] Engywuck@lemm.ee 4 points 1 day ago

More than 2 years with my personal domain and I can't remember a single spam email... But you do you.

[-] NaibofTabr@infosec.pub 1 points 18 hours ago

yet

[-] Engywuck@lemm.ee 1 points 15 hours ago

Again, you do you.

[-] Tetsuo@jlai.lu 17 points 1 day ago

I'm a bit skeptical on the Email alias feature but this is a really cool project.

I just don't know how practical it is to use custom domains to receive those confirmation emails.

Wouldn't you receive a ton of spam once your email domain leaks (which will eventually happen)?

Email is also useful for password reset.

[-] ikidd@lemmy.world 4 points 18 hours ago

I've been using a wildcard accept rule on my main domain, and every once in a while one of the made up addresses gets out of hand, I just go in and blackhole it on my email server. I then send a nasty email to the admin of whoever got hacked or sold the address (sending from another bullshit address), as I use unique addresses per signup and keep track of them in my password manager. It seems to have kept my inbox fairly clean since anything to those addresses goes into a side folder.

Been doing it for 20 years, seems like a good strategy so far.

[-] Preflight_Tomato@lemm.ee 2 points 15 hours ago

+1 on wildcard addresses. Any 10 min mail site is also great for anything unimportant.

[-] lud@lemm.ee 4 points 20 hours ago* (last edited 20 hours ago)

I use a wildcard domain (with simplelogin which makes it easier to use). All the emails are sent to my normal email and it works great.

I have never heard of spammers spamming an entire domain like that. They are not human operated anyways.

[-] ocean@pyfedi.selfhostcat.com 3 points 20 hours ago

very interesting!

this post was submitted on 08 Jan 2025
126 points (96.3% liked)

Selfhosted

40956 readers
1038 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz