They could avoid storing the recovery email in plaintext. A hash would be sufficient if they require the user to enter their recovery email for confirmation when they really need to recover the account.
For an ostensibly privacy-oriented service, Proton makes some weird architectural choices.
They could host themselves in a different place with better privacy laws. I’ve always wondered why, for example, don’t privacy services establish themselves in international waters or in micronations such as Sealand.
but “muh terrorism” is such a wildcard that it can be (and is) used to excuse anything, so that’s pretty much the same as saying that Proton does not offer any guarantee at all.
deleted by creator
They could avoid storing the recovery email in plaintext. A hash would be sufficient if they require the user to enter their recovery email for confirmation when they really need to recover the account.
For an ostensibly privacy-oriented service, Proton makes some weird architectural choices.
deleted by creator
Sure, but we’re talking about architectural choices. It is Proton’s choice to use that system; it is not required for the goal of account recovery.
deleted by creator
Can you? Didn’t someone else mention that Proton don’t allow another Proton account?
deleted by creator
This person isn’t a terrorist.
Proton also don’t allow temp addresses.
deleted by creator
They could host themselves in a different place with better privacy laws. I’ve always wondered why, for example, don’t privacy services establish themselves in international waters or in micronations such as Sealand.
deleted by creator
but “muh terrorism” is such a wildcard that it can be (and is) used to excuse anything, so that’s pretty much the same as saying that Proton does not offer any guarantee at all.
deleted by creator