Using Multiple Email Accounts for Privacy
2 June 2023 | 11:32 am

Using one email address for everything can be a vulnerability for privacy and security. Our email address often becomes our username by default when we sign up for online services. This means a hack of one such a service would give interested parties half of your login details—your username— across all other services you have signed up for.

Secondly, if you use one email address for everything, then all your online interactions can be tied to that address. The single email address becomes a proxy for your identity, tying your interests, your concerns and all the purchases you do and services you use to it.

A good first step, therefore, is to use different email addresses for different purposes.

Private personal email: Tutanota

I began using multiple email addresses while investigating privacy-preserving email companies. I describe that process here. Before deciding on Tutanota, I created several trial accounts with a range of email providers, including Protonmail and Startmail. This made me realise that operating several email accounts simultaneously is both doable and advantageous.

Once I decided on Tutanota as my main email for personal use, I began the quite slow and tedious process of migrating to my new account, letting friends and family know, and changing some of the login details with online services.

At this point, I realised that setting up a new email for personal use provided an opportunity to separate personal email traffic and 'business' email. I could simply limit who I shared my new address with, and continue using the existing mainstream email addresses (Microsoft, Gmail) for commercial and other uses. This began a separation of my online identity into separate categories, namely my private, personal self, and my consumer, subscriber self.

Dedicated email addresses for commercial use

One advantage to signing up for products, shops, mailing lists, online learning, and government platforms with a non-personal email address is that all of the newsletters, updates and spam don't clutter up your personal email inbox. It gives you a feeling of control, and reduces the day to day management of labelling spam and junk mail.

It can be argued that having just one email address for commercial use does create a fixed point online profiling all your interests, but keeping all of those interactions in a separate box to your important personal interactions feels like a good first step. Logically, creating additional unique email addresses for different purposes would be better, but I can also see that that might feel cumbersome to many. A simple separation into two online identities is an improvement.

Keeping work and personal life separate through email

A further split of my online life was essentially already in place. My work has provided me with a gmail address managed by the organisation. Whereas in the past I was more lenient in including my personal email account into work-related messages, I now became more vigilant and aimed for a total separation of the two identities. So now my online identity was split three ways: personal, commercial, professional.

What really helped maintain the separation from work was that I began to used dedicated devices for work, and stopped logging in onto online work spaces from personal devices.

While having them may be tempting for many, I recommend deleting any work-related apps and logins from your smartphone. If your work requires you to be contactable, then using different profiles on your smartphone could be an option for separation.

Using email aliases tied to one user

When I began a Premium subscription with Tutanota, I noticed it came with the option of 5 extra email addresses. These are called 'aliases'. It was unclear at first what this was for, but then I realised that these aliases could be used to further separate my online identity into fragments.

An alias is a new email address, followed in this case by @tutanota.com, which all connect to my main inbox. It could look like this:

  • theprivacydad@tutanota.com (main account)

  • newsletters@tutanota.com (1st email alias)

  • iloveshopping@tutanota.com (2nd email alias)

  • myonlinecourse@tutanota.com (3rd email alias)

  • promotion.tpd@tutanota.com (4th email alias)

  • sillystuff@tutanota.com (5th email alias)

Email traffic from all five aliases comes into the inbox of my main account. But the companies I use the 'iloveshopping' address with only see the alias, never the main account. The fact that all five email aliases point to the same user is only visible to me. If I name the aliases carefully, then nothing can tie them to my identity.

Tutanota's user interface makes sending from an alias instead of your real account very easy: there is a drop-down tool under the 'Sender' bar, and clicking on it lists all your aliases. You can also turn off individual aliases in the settings menu, temporarily suspending that account. With higher payment tiers, you get more aliases.

Email aliases—I Contain Multitudes

For many normal users, the level of online identity fragmentation using separate email addresses I have described above should be manageable. For those who want more control and greater fragmentation, a dedicated email aliasing product like SimpleLogin provides a solution.

I don't yet use Simple Login, but can briefly describe what it does here. Please see Documentation section below for more thorough articles on this topic.

A dedicated email aliasing platform such as SimpleLogin enables you to create a unique email address for every service you sign up for. So if I have an Amazon account, I could create an email address with a totally random username like 'x45zy' just for Amazon. The advantage then is that your online identity is now as fragmented as is possible. Email aliasing also gives you full control over spam, as you can kill any one address by flicking a switch next to that email account; you no longer have to unsubscribe or log in to a particular service to change your settings with them.

Not having used this before, I wonder what managing this many email accounts feels like in practice. I am not 100% convinced that I need to go this far in separating my accounts, but would like to try it out one day.

Problems

Separating personal and consumer accounts is effective, it makes checking the inbox of the account for commercial less compelling, which may lead to missing important or urgent information.

Tutanota's aliases work really well, but you do have to pay close attention in selecting your alias and not sending something off by accident from your main personal account, defeating the purpose of using aliases. Once you have started a thread, however, further replies are automatically sent from the alias, so you only have to pay close attention when starting a conversation thread.

I once deactivated an alias and forgot all about it. This caused a panic when I later tried to log onto a website where I had used that alias as my username. It took me days to figure out what had happened, but it's a mistake you'll only make once.

Finally, while separating work and personal life through emails is effective, it does cause problems when you see something online that you will want to use at work. Powering on the work device just to find that same resource and bookmark it or send it to myself is impractical.

The only solution I can think of is to mail my work self and email from my personal self. It might be a better idea to create a Tutanota alias just for this purpose, but I have used up my five, and you can't reset them. A second workaround is to use my Nextcloud server and create a work profile there, using Nextcloud as a go-between.

Current use and looking ahead

I currently use Tutanota for personal email communication, several mainstream accounts (Microsoft, Gmail) for consumer emails, work email for work, and my five Premium aliases for dedicated services.

I have noticed some email subscribers to this blog use an aliasing platform, with some reference to 'theprivacydad' in the email address. I think I will have to try a service like SimpleLogin for myself to see if the balance between greater privacy and multiple accounts management is worth it.

Documentation

Using an email aliasing service article by Seth for Privacy

What is an email alias and how it protects your privacy by SimpleLogin

Email alias: How do email aliases add to my security and how do I use them? by Tutanota

Tutanota prices

The line "I contain multitudes" comes from Walt Whitman's poem "Song of Myself, 51".

-----Discuss on Reddit-----

Subscribe to my blog via email or RSS feed.

Find me on Mastodon and Twitter.

Back to Blog


Kids & Screens: Questions for Students, Teachers and Parents
23 May 2023 | 7:51 pm

As a parent and teacher, I get to see both sides on how schools handle data privacy. Here is a list of questions that students, teachers, parents and school administrators should consider:

  1. What happens when you upload a picture to 'the cloud'?
  2. What is a server?
  3. What can the administrator of a server do and see?
  4. What are methods a school could adopt to limit admin access to community data (protocols, zero-knowledge, encryption)
  5. How does a data collection business model work?
  6. What is data encryption?
  7. What does 'decentralised' mean?
  8. What is free open source software?
  9. What are the real risks with current popular applications (Instagram, TikTok, etc.)
  10. What are good alternatives to these applications?
  11. What data does the school store about you?
  12. What data does the school store about teachers and staff?
  13. Where is this data stored?
  14. How long will it be stored after someone leaves the school?
  15. Who can see it?
  16. How is the school's data secured, and is that security tested?

I have the following three recommendations for schools:

Teach Information Technology a core subject

Many of my colleagues and most of my students don't know what a server is. I learned about how servers work, just the basic concepts, not all that long ago. I cannot now remember what I thought happened whenever I posted a photograph or comment to Facebook. I held a blind trust in companies, an almost literal view of a data cloud. I think I assumed it was a private space.

I firmly believe schools are the best places to learn about the mechanisms that now form the backbone of our society: storage space on hardware owned or rented by a company, a database with usernames and passwords that enable access to desirable content or networks, and a stored record of all actions and interactions.

Learning about data storage and networked interaction can open discussions about moral and ethical decision-making around these realities. Should a company store user data by default, simply because they can? Is trading free content for user data a desirable approach? Are whistleblowers heroes or villains? Is a tool bad because it is useful to criminals? How can we ensure IT administrators don't abuse their position? Given the direction we are going, and how few critical questions are being asked, teaching Information Technology as a core subject is now essential.

Switch to free open source platforms

Secondly, schools should adopt open source tools for content management and communication, and use free open source software by default. We need to think big and onboard the entire cohort of each new generation in the whole country, state or province. Google knows this, which is why they put so much effort into pushing Chromebooks and Google Suite into schools.1

There is a financial incentive beyond the ethical considerations too: these tools are free, and as robust as any of the proprietary platforms we use today. Nextcloud could easily function as a school wide platform, with user spaces, shared calendars, document storage, email and so on. School laptops could run on Ubuntu, or any distro, really. LibreOffice could easily replace Word, Excel and Powerpoint. Jitsi could be used for video calls. Standard Notes could be promoted as an excellent organisation and note-taking tool, and BearBlog for minimalist, private publication. Firefox could be set as the default browser.2

All that is required is a shift in perspective, a period of adjustment, and retraining of IT support staff (though my guess is most IT staff are already very much onboard with adoption of these tools).

Normalise asking questions about data & security

Lastly, asking questions about how data is stored should be normalised for all stakeholders.

Last year, I contacted my school's administration with the last five questions in the list. In particular, I wanted to know how well or ill-prepared our school is against a ransomware attack—listening to the Surveillance Report weekly will put a person in that mindset.

Schools store very sensitive data, and are therefore vulnerable to ransomware attacks. School databases and servers contain information such as:

  • teacher and staff evaluations, improvement plans, performance reports
  • letters of dismissal
  • police records on all staff (required)
  • all student grades and performance reports
  • university application information
  • notes on discussions about students who may be struggling academically, socially, or health-wise
  • detailed health records
  • previous school records, including any medical or psychological reports
  • psychologists' reports on learning disabilities, giftedness, mental health, family life
  • notes on behaviour, including academic honesty infringements and other forms of cheating, suspensions and expulsions
  • notes on home situations and attendance
  • notes about parents
  • everyone's contact details
  • copies of letters sent home on a range of personal issues
  • communications to outside agencies regarding concerns about abuse or neglect
  • school counsellor emails, files, reports
  • the school's financial reports, public and closed
  • board minute minutes and reports, public and closed
  • strategic and financial plans
  • accident reports
  • union and health and safety records, communication, and other documents

It's not the kind of information schools can afford to have out in the open. Future careers could be impacted, or current careers of alumni could be affected—for example with academic honesty records.

I learned that some of our data is kept on servers on site, but a lot of it is entrusted to a third party company. It was impossible to contact that company directly with my questions; their website was nebulous. I wanted to ask, for example, whether or not our community's data was used in test-running new tools in development phase for their platform, and if so, whether or not that data was anonymised.

I distinctly began to feel like an unwanted, nosy intruder. The admin at one point asked me: why do you need to know this? Psychologically and socially, it was a strange, alienating position to be in. It felt as if people might begin to think I was asking these questions for potential misuse.

Conclusions

There is an unfortunate, wide-spread apathy to the problems around data privacy. People know about the Orwell novel 1984, and "Big Brother" is still commonly referred to in pop-culture. But there doesn't seem to be a lot of preventative action. Orwell's dystopia, where the state or company control the individual through a total removal of privacy is exactly what we are headed for.

If ministries of education could show some clarity of mind, and just think like Google for a short while, then it should quickly become apparent what needs to be done. If you want to continue to organise people into free and open societies, where personal, digital and transactional privacy are self-evident, then you have to start in schools.

The three approaches I list above (teach IT as core subject; adopt FOSS tools; normalise data transparency) are not difficult to execute within a 5 to 10 year period across an entire district or even a country. The results could be as impactful and far-reaching as teaching reading and writing are today.

Documentation

The Surveillance Report makes you very aware of just how common data breaches and ransomware attacks are now.

Jesper Graugaard mostly reports on his activism against Chromebooks in schools on his LinkedIn page (search 'Jesper Graugaard').

-----Discuss on Reddit-----

Subscribe to my blog via email or RSS feed.

Find me on Mastodon and Twitter.

Back to Blog

  1. see Jesper Graugaard's battle against the use of Chromebooks in his child's school in Denmark

  2. My current school uses Chrome as default browser, Google default search engine, Google Drive, Docs, Calendar, Gmail; MacOS or Windows, Word, Excel, PowerPoint, WhatsApp, and proprietary third-party controlled software for all data storage and communication home.


Dual Booting on the ThinkPad T440p
19 May 2023 | 5:53 pm

For a regular user, fully committing to a Linux-only system can be too big of a leap forward. On my blog, I have been describing how the 'small steps' approach can make the process feel safer. One of those steps is setting up a dual-boot system.

Experimenting with Linux on older laptops can help you become familiar with distros like Ubuntu, Pop!_OS and Manjaro over time, while keeping the fallback option of the proprietary system you've grown used to over the years. Setting up Linux on these older laptops can also help develop confidence with the installation process, and help familiarise you with the different physical parts of a laptop.

With this iterative learning process in mind, I recommend trying a dual-boot system. I had experimented with this on a ThinkPad E540 I bought second-hand, and was now ready to move on to the oft praised ThinkPad T440p.

Below, I will describe two dual-boot setups:

  1. Windows main <--> Linux secondary
  2. Linux main <--> Windows secondary

Taking steps in this order helped me eventually commit to a Linux-only system.

Lenovo ThinkPad T440p

Linux content creators (like Wolgang's Channel) seem especially fond of the T440p. As an older laptop, the T440p is easy to find online and relatively cheap for what is inside. It is also very customisable, which is great for learning. Jérôme Loisel's extremely thorough Octoperf article about the T440p and all its potential modifications finally persuaded me to get one.

Looking over my notes written at the time, here are a couple of key elements that helped with the decision:

  • The T440p is the last ThinkPad model with socketed CPUs; after that CPUs are soldered on. Socketed CPUs can be swapped out easily
  • The CPU has 4 cores and 8 threads, which is more than enough for regular use, and even for the audio processing work I do
  • It has 16GB of RAM, which is on par with many regular use laptops in shops today
  • By replacing the DVD tray with a special SSD cache, the laptop can house three separate hard drives. This is not only a remarkable amount of storage space for a single laptop, it also gives flexibility with dual booting and archiving large projects
  • ThinkPad docking stations with multiple outputs are cheap and easy to find
  • a 1920 x 1080 HD screen can be fitted (most T440p have 1600x900)

It should be noted that the T440p is not great for gaming. I use consoles.

I found a seller online who had already swapped in the HD screen and helped out by installing a bigger SSD drive prior to mailing the device. I got the sense the previous owner had really loved this laptop and taken very good care of it. Once it arrived, I could get started setting up my operating systems.

Das Dual boot - Windows first

My first setup was a dual-boot system that started up in Windows 10 Pro by default. This is surprisingly easy to set up, and having spent some time previously learning how hard drives store data helped.

This blog is not a technical guide, but, if I recall correctly, as long as Windows is installed on the main drive first, then installing a commonly used Linux distro like Ubuntu or Pop!_OS on a second hard drive doesn't require any adjustments to the BIOS, which is great; adjusting BIOS stuff feels quite risky to me.1

All of this was made easy by having three separate physical hard drives, which meant I didn't have to worry about drive partitions:2

  1. Main - Windows 10 - default boot
  2. Secondary - Linux - manual boot
  3. Shared large data storage drive

To start up Windows, I just had to turn the laptop on.

To start up Linux, I would reboot the laptop while holding down the F12 key. This starts up a very 1980s looking menu, in which you can select the drive you want.

My plan was to use drive #3 as a shared storage between the two operating systems—easier said than done, to be honest. I spent several weeks learning about different ways you can format a drive so it is visible to both Windows and Linux systems, which was a very good learning experience. Having said that, I was glad that I could always return to my main Windows drive for day-to-day use; not having that option would have made this experience quite stressful.

Big crash

Half a year or so later, I experienced my first full system crash. I was using Clonezilla to clone my Windows drive, which contains all the audio software and plugins that I use for recording and mixing. I wanted to clone this OS because as anyone who works with digital audio will know, it can take many days to install and set up audio software and plugins correctly, so redundancy is in order.

During the process, Clonezilla picked up on some corruption on my main Windows drive that was quietly waiting to cause mayhem at a later point, and things went downhill from there. I learned a lot about corrupted drives and recovery methods during those frantic days, but in the end, I had to give up. This was not great, especially given all the time and thought I had put into the setup.

Drastic as it was, this complete system failure gave me an opportunity to start from scratch, consider the things that had annoyed me about the previous setup, and plan my ideal setup. I spent quite a bit of time planning it out on paper. I bought a new SSD drive and decided to start using Linux as my main daily system.

Dual boot - Linux first

Technicalities aside, I found setting up a reverse (Linux, then Windows) dual boot system relatively painless too. I don't have notes on making changes to the BIOS system, so I assume this was as straightforward as setting up the Windows first system before.

Having tried out a range of Linux distros by now, I decided on Pop!_OS, partly because it was recommended by people I had been following in the privacy community. So now, my setup looked like this:

  1. Main - Linux Pop!_OS - default boot
  2. Secondary - Windows 10 Pro - manual boot
  3. Shared large data drive

Trying to get a shared data drive working well with both systems continued to throw up complications, as was the case previously. I still run into the occasional permissions problem today.

But overall, this setup felt great. It was exciting to finally bite the bullet and fully commit to Linux for my daily use. I liked the snappy feel of Pop!_OS a lot, and it was fun learning about customisation and generally just getting into the Linux structures and applications. It's one thing to have Linux on a practice machine, but quite different to depend on it for daily use.

The Windows drive was now just for audio processing work; I could boot into that OS as needed. In hindsight, that didn't work. Eventually, I removed Windows from the device altogether, a process I'll describe in a separate post.

Problems

While fairly easy to set up, running a dual-boot system does increase the chance of complications. Here are a few I ran into:

  • Backblaze, a good third party application that I had running in the background for worst-case-scenario crashes as described above, doesn't run well in Linux.3 Backblaze was what saved my files when the drive became corrupted, so I was reluctant to give up on this subscription, but later found a similarly reliable backup solution with pCloud
  • I ran into problems with user permissions when trying to edit directories (folders) on the shared data drive while working from Linux. This was quite a complex problem, and still is. Having a pCloud backup running at the same time compounded the permissions issues, and at times pCloud's syncing will get stuck on certain files. A full reboot usually solves the problem. I have run into a bit of a wall on this one
  • The barrier of rebooting the system to work on audio was just high enough to stop me from doing it. It is interesting just how impactful these tiny workflow barriers are. After months of denial, I admitted defeat and moved my audio work to a different device.
  • I have the T440p hooked up to a docking station most of the time, but when I detach it, I have experienced annoying response issues with the touchpad.
  • When booting into Windows, the backup drive would sometimes just disappear, which is not great of peace of mind. I ended up replacing that physical drive with a new one
  • As already mentioned, the T440p is too old for new games. Eurotruck Simulator on Steam, for example, looks pixelated

Current use and looking ahead

I'm writing this article on the T440p I bought at the time, using Pop!_OS. Making the switch to Linux in small steps, over a long period of time, using several devices and dual-boot systems, turned out to be the right path towards full adoption of Linux.

I like the laptop so much, that I bought one for my middle child, who is now in high school. This device also runs Windows and Linux (Ubuntu is good for kids), but with Windows as the main system. This is to do with Minecraft servers and software required for school. I met the seller in person in the city, and thought I saw a hint of reluctance as he handed over his well-looked after T440p. It's just a lovely device.

As I'm typing this article, I'm well aware that these configurations and problems are highly specific and personal. However, I hope that by describing my specific hurdles and victories, I might encourage anyone thinking of switching over to Linux to take it slow and in small steps.

Documentation

Specifications T440p

User guide T440p

Octoperf article on T440p

"Should you buy a Thinkpad T440p in 2019?" Wolfgang's Channel

Updates

A reader made the following recommendations after reading the post:

I spent a lot of time struggling with shared drives and permission errors and eventually settled on a server running samba shares; this handles all the permissions issues seamlessly across platforms with the added benefit of making my files accessible on my phone via my VPN.

My only other dual-boot 'hack' is setting up GRUB to always boot from the last OS booted. This means that if Windows decides to boot your computer for you in an attempt to update, it doesn't default to your Linux partition and end up burning power all night before you notice the next morning....Check out the Arch Linux wiki for tips - it is a very well maintained source of information and is often applicable to non Arch-based systems. Most of the pages on common packages like GRUB have detailed info about specific use-cases and configuration examples.

Thanks for the useful input!

-----Discuss on Reddit-----

Subscribe to my blog via email or RSS feed.

Find me on Mastodon and Twitter.

Back to Blog

  1. "What Is BIOS (Basic Input Output System)?" (Lifewire, 2021)

  2. A single hard drive can be divided up into separate partitions, which will be seen as separate drives by the OS.

  3. While Backblaze does have a tier for backing up files that can work with Linux, it feels a bit too complicated for regular customers.



More News from this Feed See Full Web Site