Comment on Proton Mail Discloses User Data Leading to Arrest in Spain
GenderNeutralBro@lemmy.sdf.org 4 months agoThey could avoid storing the recovery email in plaintext. A hash would be sufficient if they require the user to enter their recovery email for confirmation when they really need to recover the account.
For an ostensibly privacy-oriented service, Proton makes some weird architectural choices.
Mikufan@ani.social 4 months ago
I’ve had to use the recovery, they need plaintext because they send you a recovery code or a support ticket (depends) nobody knows all their emails.
GenderNeutralBro@lemmy.sdf.org 4 months ago
Sure, but we’re talking about architectural choices. It is Proton’s choice to use that system; it is not required for the goal of account recovery.
Mikufan@ani.social 4 months ago
Well yes but you could just set another Proton account as recovery and not your email which you used to sign up to everything…
CaptObvious@literature.cafe 4 months ago
Can you? Didn’t someone else mention that Proton don’t allow another Proton account?