They could host themselves in a different place with better privacy laws. I’ve always wondered why, for example, don’t privacy services establish themselves in international waters or in micronations such as Sealand.
Comment on Proton Mail Discloses User Data Leading to Arrest in Spain
Mikufan@ani.social 1 month ago
Nothing they can do about that.
veniasilente@lemm.ee 1 month ago
GenderNeutralBro@lemmy.sdf.org 1 month ago
They could avoid storing the recovery email in plaintext. A hash would be sufficient if they require the user to enter their recovery email for confirmation when they really need to recover the account.
For an ostensibly privacy-oriented service, Proton makes some weird architectural choices.
Mikufan@ani.social 1 month ago
I’ve had to use the recovery, they need plaintext because they send you a recovery code or a support ticket (depends) nobody knows all their emails.
GenderNeutralBro@lemmy.sdf.org 1 month ago
Sure, but we’re talking about architectural choices. It is Proton’s choice to use that system; it is not required for the goal of account recovery.
Mikufan@ani.social 1 month ago
Well yes but you could just set another Proton account as recovery and not your email which you used to sign up to everything…