• GenderNeutralBro@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      8
      ·
      8 months ago

      They could avoid storing the recovery email in plaintext. A hash would be sufficient if they require the user to enter their recovery email for confirmation when they really need to recover the account.

      For an ostensibly privacy-oriented service, Proton makes some weird architectural choices.

      • Mikufan@ani.social
        link
        fedilink
        English
        arrow-up
        12
        ·
        8 months ago

        I’ve had to use the recovery, they need plaintext because they send you a recovery code or a support ticket (depends) nobody knows all their emails.

        • GenderNeutralBro@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          4
          ·
          8 months ago

          they need plaintext because they send you a recovery code or a support ticket

          Sure, but we’re talking about architectural choices. It is Proton’s choice to use that system; it is not required for the goal of account recovery.

          • Mikufan@ani.social
            link
            fedilink
            English
            arrow-up
            2
            ·
            8 months ago

            Well yes but you could just set another Proton account as recovery and not your email which you used to sign up to everything…

              • Mikufan@ani.social
                link
                fedilink
                English
                arrow-up
                1
                ·
                7 months ago

                Well… I did… Idk

                Well on the other hand you can just not be a terrorist (for that case)

                You can also set a temporary mail if another Proton isn’t working. There are enough ways around such restrictions.

                  • Mikufan@ani.social
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    7 months ago

                    The person is a terrorist by definition and Proton does allow temp addresses simply because they cant enforce that you don’t just set up a SMTP server on your pc and get a temporary mail from that…

                    They are privacy focused but you don’t have to use their services for committing treason and plan terrorist actions/actions against a state when you are to dumb to not use your go to email as recovery.

    • Venia Silente@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      They could host themselves in a different place with better privacy laws. I’ve always wondered why, for example, don’t privacy services establish themselves in international waters or in micronations such as Sealand.

      • Mikufan@ani.social
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        Because Proton is part of CERN and the privacy laws in Switzerland are very strict. They just have to hand over stuff for very certain cases, terrorism and treason being such cases.

        • Venia Silente@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 months ago

          , terrorism and treason being such cases.

          but “muh terrorism” is such a wildcard that it can be (and is) used to excuse anything, so that’s pretty much the same as saying that Proton does not offer any guarantee at all.