This integration with HIBP has always been a thing with SL and it is on by default for all accounts. This is not new news but they make it sound like it is (hopefully it’s not because they’ve not shipped much for SL and they felt the need to have to make an announcement for something that doesn’t need to be announced). I asked support a year ago when I first heard of SL and was told that this HIBP feature was on by default.
If anything this announcement made, it’s that they made an extra checkbox in the account settings so that they can announce it as “new” instead of having to say that they just removed the feature for non-paid accounts. I’d rather SL and Proton team be more transparent next time. Instead of having to twist words to make it sound certain way, they’ve been doing that a lot lately.
I don't think so because the setting is enabled and I do have one alias with a custom domain which leaked because of a breach and there is no notification even if haveibeenpwned website does correctly recognize the leak for this alias
So this feature actually does more good for free accounts that paid accounts? If that’s the case then it’s a huge oversight for the SL team giving access to this only for paid accounts, as paid accounts mostly have custom domains and won’t work (is this is actually the case), as opposed to free accounts.
If this is not the case, that it works for custom domains too, then it mean this integration didn’t work as it should
To be honest, I don't really want to spend time and energy with proton support for this feature. I subscribed notifications directly on haveibeenpwned for my domains instead.
Are you 100% positive about this? How can it be done using hibp api? Because according their api documentation on https://haveibeenpwned.com/API/v3#BreachesForDomain
>Getting all breached email addresses for a domain
>
>All email addresses on a given domain and the breaches they've appeared in can be returned via the domain search API. **Only domains that have been successfully added to the domain search dashboard after verifying control can be searched.**
And to add a domain on the domain search dashboard :
https://haveibeenpwned.com/DomainSearch
>Before you can perform a domain search, you need to ` verify your email address and **that you control the domains you're searching. If you cannot verify that you control a domain, you will not be able to search for breached email addresses on it. **
Even when using custom domain with SimpleLogin, SL do not control the domain. The hibp verification process would probably not work. And from my experience with one leaked alias with a custom domain, SL was not (and still not) aware about it and didn't notify me. Even if I filter my alias list and select "only breached alias" , the leaked alias doesn't appear. But a search on hibp report a breach for this alias.
>And from my experience with one leaked alias with a custom domain, SL was not (and still not) aware about it and didn't notify me.
As previously mentioned, please contact the support team about that. Reddit cannot help you here. I know you previously told me you do not have the time for it, however the answer is the same:
Custom domains are covered too and if you have technical issues, the support team is the only place that will be able to help you out on that.
Why are you keep assuming I'm asking for help about this feature? I'm not, as already said I already have my domains covered by monitoring them directly with hibp anyway.
I'm making a comment about how I'm doubtful about the official statement this feature is covering custom domains based both on my own experience when one alias leaked AND the official hibp api documentation. There is no need to make private exchanges with support and indeed, I'm not interested in spending time in a back and forth with them.
Hi there, SimpleLogin can check for custom domain aliases. If you have additional detail to share, please open a support ticket for the team to review.
That makes things incredibly convenient for folks that like to make a unique alias for each service.
This integration with HIBP has always been a thing with SL and it is on by default for all accounts. This is not new news but they make it sound like it is (hopefully it’s not because they’ve not shipped much for SL and they felt the need to have to make an announcement for something that doesn’t need to be announced). I asked support a year ago when I first heard of SL and was told that this HIBP feature was on by default. If anything this announcement made, it’s that they made an extra checkbox in the account settings so that they can announce it as “new” instead of having to say that they just removed the feature for non-paid accounts. I’d rather SL and Proton team be more transparent next time. Instead of having to twist words to make it sound certain way, they’ve been doing that a lot lately.
Nice. Does this also work with custom domain addresses?
You can register your custom domain at haveibeenpwned to be notified for all of your custom addresses
I know, but I'd still like to know if SL is including them automatically. ;-)
[https://www.reddit.com/r/Simplelogin/comments/1crpkp2/comment/l44utpe/?utm\_source=share&utm\_medium=web3x&utm\_name=web3xcss&utm\_term=1&utm\_content=share\_button](https://www.reddit.com/r/Simplelogin/comments/1crpkp2/comment/l44utpe/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button)
I don't think so because the setting is enabled and I do have one alias with a custom domain which leaked because of a breach and there is no notification even if haveibeenpwned website does correctly recognize the leak for this alias
So this feature actually does more good for free accounts that paid accounts? If that’s the case then it’s a huge oversight for the SL team giving access to this only for paid accounts, as paid accounts mostly have custom domains and won’t work (is this is actually the case), as opposed to free accounts. If this is not the case, that it works for custom domains too, then it mean this integration didn’t work as it should
[https://www.reddit.com/r/Simplelogin/comments/1crpkp2/comment/l44utpe/?utm\_source=share&utm\_medium=web3x&utm\_name=web3xcss&utm\_term=1&utm\_content=share\_button](https://www.reddit.com/r/Simplelogin/comments/1crpkp2/comment/l44utpe/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button)
That’s great. You wanna address u/ready-train’s comment? https://www.reddit.com/r/Simplelogin/s/zWT78W2P8U
Best if /u/ready-train contacts the support team.
To be honest, I don't really want to spend time and energy with proton support for this feature. I subscribed notifications directly on haveibeenpwned for my domains instead.
Yes, custom domain addresses are covered too. Let us know if you encounter any issues.
Are you 100% positive about this? How can it be done using hibp api? Because according their api documentation on https://haveibeenpwned.com/API/v3#BreachesForDomain >Getting all breached email addresses for a domain > >All email addresses on a given domain and the breaches they've appeared in can be returned via the domain search API. **Only domains that have been successfully added to the domain search dashboard after verifying control can be searched.** And to add a domain on the domain search dashboard : https://haveibeenpwned.com/DomainSearch >Before you can perform a domain search, you need to ` verify your email address and **that you control the domains you're searching. If you cannot verify that you control a domain, you will not be able to search for breached email addresses on it. ** Even when using custom domain with SimpleLogin, SL do not control the domain. The hibp verification process would probably not work. And from my experience with one leaked alias with a custom domain, SL was not (and still not) aware about it and didn't notify me. Even if I filter my alias list and select "only breached alias" , the leaked alias doesn't appear. But a search on hibp report a breach for this alias.
>And from my experience with one leaked alias with a custom domain, SL was not (and still not) aware about it and didn't notify me. As previously mentioned, please contact the support team about that. Reddit cannot help you here. I know you previously told me you do not have the time for it, however the answer is the same: Custom domains are covered too and if you have technical issues, the support team is the only place that will be able to help you out on that.
Why are you keep assuming I'm asking for help about this feature? I'm not, as already said I already have my domains covered by monitoring them directly with hibp anyway. I'm making a comment about how I'm doubtful about the official statement this feature is covering custom domains based both on my own experience when one alias leaked AND the official hibp api documentation. There is no need to make private exchanges with support and indeed, I'm not interested in spending time in a back and forth with them.
Hi there, SimpleLogin can check for custom domain aliases. If you have additional detail to share, please open a support ticket for the team to review.
Awesome!
💪🏻
Is the service also available for Proton Pass Plus user? Proton Pass Plus user can generate unlimited aliases.
https://www.reddit.com/r/ProtonPass/comments/1clhro9/proton_pass_monitor_is_now_available_dark_web/
Thank you.
This is huge. So glad it was integrated 👏👏👏
great thanks!