Today's Deep-Dive: SimpleLogin

Okay. You know the drill. You're online, signing up for something, anything really.

And bam, enter email. It's just everywhere. Our universal key.

It really is super convenient, no doubt,

but it's also like leaving your front door unlocked.

Sometimes that single address opens you up to spam fishing and honestly,

just relentless tracking. Yeah. The tracking thing is big.

It feels like our email has become this a central point,

this online ID that data brokers just love. Exactly.

And even if you're smart, you use a VPN, you've got ad blockers running.

That email address lets them connect the dots.

They can build this whole profile about you across different sites. It's,

well, it's a bit creepy actually. So if that's the weak link,

what can we actually do about it? Are there solid ways to, you know,

shield that email address and get some control back?

Well, that's precisely what we're diving into today.

There's a really interesting solution called simple login. It's open source,

which is a big plus.

And it's all about helping you manage your inbox and protect your privacy

online. Simple login. Yeah. Okay. Yeah.

The core idea uses something called email aliases.

Think of them as decoys for your real email.

So today our mission is basically to unpack what these aliases are,

how simple login makes them work for you. And, uh,

for anyone feeling adventurous will even touch on how you can host this thing

yourself. Self-hosting. Interesting. Yeah.

The goal is really just to make sense of it all,

even if you're not super technical, it's about boosting your online privacy.

Right. And speaking of taking control and having a solid foundation online,

this deep dive is brought to you by safe server.

They're all about digital transformation and can handle the kind of hosting we

might touch on later. They help you get set up and support your digital journey.

You can find out more at www.safeserver.de.

A very fitting sponsor for today's topic. Definitely. Okay. So aliases,

let's get into it. What exactly is an email alias in this context?

How does simple login use it to like protect my real email? Okay.

Think of an alias as simply a forwarding address.

It sits in front of your real email address and hides it.

Like giving out a specific mailbox number at the post office instead of your

home address. Ah, okay. Like a PO box makes sense. Pretty much.

The process is basically three steps. One,

when a website asks for your email, you don't give your real one.

You create and give them a simple login alias instead.

So you're signing up for, I don't know, a shopping site.

You might use cool shop at my alias.com. Okay. Step one, use the alias.

Easy enough. What happens next?

How does the email get to me without them knowing my real address? Right.

That's step two. Any email sent to that alias, cool shop at my alias.com.

Simple login instantly forwards it to your actual inbox.

The original sender, the shopping site, they only ever see the alias.

Your real address stays completely hidden from them. Okay. Hidden forwarding.

Got it. And then step three, this is the really cool part.

You can actually reply to that email or even start a new email and have it come

from the alias, simple login handles, swapping out the from address automatically.

So the whole conversation stays under the alias. Wait, you can send from it too.

That feels like the key differentiator because, you know,

people might know the little plus sign trick with Gmail,

like my mail plus Facebook and gmail.com. Right. The plus addressing. Yeah.

That's okay for filtering maybe, but it doesn't really hide anything, does it?

And I've heard some sites just block those anyway.

You've hit the nail on the head with the plus trick. Your actual email address

is right there in plain sight. Just remove the bit after the plus.

Many sites do block them and crucially advertisers can easily strip the plus

part and link everything back to your one core identity.

It doesn't stop cross site tracking at all. Okay.

Simple login aliases completely avoid those problems because the alias itself

contains no clue about your real address. It's a proper shield.

So it's much more than just, you know, managing spam.

It's actually about breaking that chain of tracking across different websites.

Precisely. Think about it.

If you use a unique alias for every single service,

data brokers can't just link your activity on site a with your activity on

site B using your email anymore.

Each site only knows a unique identifier that you control. Right.

And if one of those sites gets hacked and the email list leaks, well,

you just disable that one alias.

Your main inbox isn't suddenly flooded with spam from that breach.

And your core email address remains safe. It gives you compartmentalization.

That level of control is pretty compelling. Now you mentioned it's open source

for something handling my email, my privacy. That feels important.

How open are we talking? Very important.

You wouldn't want a black box managing this stuff, right? Yeah.

Simple login is a hundred percent open source.

That means the server code that runs the service, the browser extensions,

the mobile apps, all of it, everything. Yep. Everything.

The code is out there on places like GitHub for anyone to look at, to audit,

to see exactly how it works. You can verify it's doing what it says it does.

That transparency is absolutely key for building trust in a privacy tool. Okay.

That's reassuring. And beyond the trust factor,

how easy is it to actually use day to day?

It's designed to be pretty seamless. Actually.

You can manage your aliases from their website. Sure.

But also directly from browser extensions. They've got them for Chrome,

Firefox, Safari, and mobile apps too, for Android and iOS.

So you can create or manage aliases right where you need them.

So it fits into your workflow. Nice. Definitely.

And it goes beyond just basic aliases.

There are some quite powerful features tucked in there too. For instance,

you can use your own custom domain name. Oh,

like contact at my own domain.com. Exactly like that.

So you can have really professional looking aliases or even manage basic

business emails this way, like info at my company.com,

without needing a separate, sometimes expensive email hosting package,

just for a few addresses. Simple login handles the forwarding.

That could actually save some money too. What was that other thing? Catchall.

Ah, yes. Catchall. This is super handy. If you do use a custom domain,

you can set it up so that literally anything sent to at your custom domain.com

automatically becomes an alias and forwards to you. Anything.

So I could just make one up on the spot like random service 24 at my custom

domain.com. Yeah, exactly that.

You don't even need to log in to simple login to create it first.

Just invent it when you sign up for something.

And even if you don't have a custom domain,

they offer a similar thing with sub domains they provide. Okay.

So you could create say pizza place at my sub domain dot alias.com right at the

counter without opening the app. Wow. Okay. That is seriously convenient.

What if I use multiple email accounts? Like one for personal, one for projects.

No problem. You can add several of your existing email addresses.

They call them mailboxes to your simple login account.

Then when you create a new alias, you just choose which of your real mailboxes,

it should twine it forward to helps keep things organized.

Makes sense. And what about security? We're talking about handling email here.

Good question. They take that seriously. First, you can use PGP encryption.

If you set it up,

simple login encrypts the email using your public PGP key before it even

forwards it to your inbox.

So only I can decrypt it even if someone intercepted it somehow.

Exactly. It adds a strong layer of end to end encryption,

essentially works great with services like proton mail or if you use PGP tools

yourself. And then for securing your actual simple login account,

they offer strong two factor authentication or two F a like authenticator apps.

Yep. D O T P authenticator apps,

but also the really strong hardware keys using web often or FIDO standards,

things like Yubi keys or even biometrics on your phone or computer.

So even if someone gets your password,

they can't log in without that second factor.

That's robust. And just to clarify these aliases, they stick around, right?

They're not like those disposable 10 minute email things. Correct.

Aliases are permanent unless you actively decide to disable or delete one.

And critically simple login itself doesn't store the content of your emails.

They just pass through their system for forwarding and are never stored on their

servers. Okay. That's a really important privacy point.

So the hosted service sounds great, but you mentioned self-hosting.

That sounds potentially complicated, but also intriguing.

Why would someone go down that route?

Yeah, it's definitely more involved, but the appeal is ultimate control.

When you self-host, you run the entire simple login service on your own server,

all your data, all the infrastructure, it's completely under your management.

It aligns perfectly with the open source idea, total digital sovereignty.

Ultimate control. Okay.

But you said it might be accessible even for beginners.

That seems contradictory.

Well, beginner might need a slight asterisk,

like maybe someone comfortable with the command line using SSH to connect to a

server, but simple login provides really detailed documentation.

And the key thing is they used other containers. Ah, Docker.

I keep hearing about that. It makes things easier.

Massively easier in this context.

Think of Docker as providing pre-packaged boxes,

each containing one piece of the puzzle, the database, the mail server software,

the simple login web app itself.

You don't have to manually install and configure all those complex pieces

individually. Docker manages running them in these isolated containers

that are designed to work together. It streamlines the setup enormously.

Okay. So Docker simplifies it. If someone wanted to try this,

run their own private alias service, what are the main ingredients they'd need?

Just high level. Sure. High level. You'd need one, a server,

basically a computer running Linux like Ubuntu that's online two, four, seven,

needs a bit of memory, maybe two GB of Ram to be safe.

And you need certain network ports open like doorways for email to come in and

out and for you to access the web interface to your own domain name.

This is pretty essential.

You'll use it for your aliases like anything at your domain.com and also for the

web address where you log in to manage your self-hosted simple login.

Got it. Server domain name. What else?

Three DNS setup sounds technical,

but it's just about telling the internet how to handle mail and web traffic for

your domain. You need an MX record that tells other mail servers,

send email for this domain over here to my simple login server.

Like the post office knowing which building to deliver mail to.

Exactly.

Then A record points the web address for your simple login interface to your

server's specific IP address.

And finally some important ones for making sure your emails actually get delivered

and aren't marked as spam. DKIM, SPF, and DMRC.

Think of these as digital signatures and rules that prove emails coming from your

domain are legitimate and haven't been faked.

Okay. So server domain DNS rules for delivery and trust and Docker helps run

the actual software.

Precisely. Docker runs all the necessary background bits.

You'll typically use Postgres as the database to store alias information and

Postfix as the mail server software that actually handles sending and receiving

the emails.

Simple login itself runs as a few different Docker containers,

one for the web app, one to handle incoming emails, one for background tasks.

And often you'll use something like Nyang's as a front door,

a web server that directs traffic to your simple login web app and handles

secure connections using SSL certificates.

That still sounds like a few moving parts when you list them out.

It is, but honestly,

the Docker setup and the guides make it much more manageable than trying to

install all that from scratch. It's designed to be runnable.

And once you are set up,

a neat trick for self-hosters is you can actually disable new user registrations.

So it becomes your own truly private alias service just for you or maybe your

family. Locking it down. Nice touch. Yeah. So putting it all together,

simple login really does feel like the most advanced alias solution out there

right now. It's fully open source top to bottom.

Which builds that trust we talked about. Exactly.

And that unique ability to self-host is huge for people who want that level of

control. Plus on the hosted plan, the limits are generous, but self-hosted,

no limits on forwards, sends, bandwidth, nothing. And no ads, no trackers,

which you'd expect. Absolutely essential.

It even acts as a privacy respecting way to log into other services and

alternative to log in with Google.

And they're looking beyond just email talking about potentially adding phone

number and maybe even credit card masking in the future.

So bringing it back to the listener, what does this all boil down to for you?

It really means you can start taking back control of that core online identifier

for your email, less spam,

better protection against data breaches and just more genuine privacy online.

It's a practical tool for that. And it's worth remembering.

Simple login is made by Proton AG,

the same folks behind Proton mail based in Switzerland.

Privacy is kind of in their DNA.

Definitely. And maybe a final thought to leave you with,

just take a moment and think about how many websites,

how many services have your real email address right now? Hundreds,

maybe thousands. Yeah, probably more than I realized.

So what would it actually feel like?

What would it mean for your digital footprint if you could manage every single

one of those connections individually? Set up the link whenever you wanted.

That is a powerful thought. Moving from leaving your address everywhere,

to handing out specific keys you control. A big shift.

Well, thank you for joining us on this deep dive into simple login.

If any of this sparked your interest protecting your email,

maybe even tinkering with self-hosting,

it's definitely something worth checking out further.

And remember this exploration was supported by Safe Server.

If you're looking for reliable hosting solutions or support on your digital

journey, you can find them at www.safeserver.de.

What topics are on your mind? What should we explore next? Let us know.

What topics are on your mind? What should we explore next? Let us know.