Comment on Proton Mail Discloses User Data Leading to Arrest in Spain
RootBeerGuy@discuss.tchncs.de 8 months ago
They provided the backup e-mail address
Upon receiving the recovery email from Proton Mail, Spanish authorities further requested Apple to provide additional details linked to that email, leading to the identification of the individual.
Just in case anyone thinks they decrypted mails and handed them over, nope. I hadn’t thought about that “settings” are not encrypted. Guess if you want to stay anonymous you shouldn’t add your private mail address in there as a backup.
Alk@lemmy.world 8 months ago
Yeah. Even if they couldn’t hand over recovery emails, having a personal email as a backup to a “private and sensitive” email account is bad practice.
BlushedPotatoPlayers@sopuli.xyz 8 months ago
But what do you do if that field is needed? A throwaway address won’t work as it’s easy to recreate. Buy your own domain and run a server?
pineapplelover@lemm.ee 8 months ago
I put the Simplelogin email alias as my backup mail. Which forwards mail to my proton, so I guess it isn’t really a backup. Even more so if you realize I need to sign into simplelogin with my protonmail account and protonmail owns Simplelogin.
shortwavesurfer@monero.town 8 months ago
I just have no backup email at all. If I manage to lose my password manager file and forget my password, then I’m just fucking stupid anyway.
gravitas_deficiency@sh.itjust.works 8 months ago
Ah yes the email ouroboros
Alk@lemmy.world 8 months ago
I don’t believe you need that field with Proton, correct me if I’m wrong. If you do need that field with an email provider, use a different provider.
shortwavesurfer@monero.town 8 months ago
It wasn’t a requirement when I signed up several years ago, and to my knowledge, it’s still not required now. Just as long as you keep your email and password in something like a password manager and don’t fuck it up, you’re fine.
Legend@lemmy.sdf.org 8 months ago
Its not
Scrollone@feddit.it 8 months ago
No, domain names are tied to a person and, even if that person register the domain with fake person details, there will be a digital payment associated with the purchase.
EngineerGaming@feddit.nl 8 months ago
Some registrars accept crypto though.
EncryptKeeper@lemmy.world 8 months ago
It’s not needed, that’s just it.
WaliBoi@lemmy.world 8 months ago
Proton doesn’t require recovery. But if you want recovery without email addresses, there’re multiple different ways from recovery phases to recovery phone number to even an encrypted recovery file you download onto a local device.