• GenderNeutralBro@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    8
    ·
    8 months ago

    They could avoid storing the recovery email in plaintext. A hash would be sufficient if they require the user to enter their recovery email for confirmation when they really need to recover the account.

    For an ostensibly privacy-oriented service, Proton makes some weird architectural choices.

    • Mikufan@ani.social
      link
      fedilink
      English
      arrow-up
      12
      ·
      8 months ago

      I’ve had to use the recovery, they need plaintext because they send you a recovery code or a support ticket (depends) nobody knows all their emails.

      • GenderNeutralBro@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        8 months ago

        they need plaintext because they send you a recovery code or a support ticket

        Sure, but we’re talking about architectural choices. It is Proton’s choice to use that system; it is not required for the goal of account recovery.

        • Mikufan@ani.social
          link
          fedilink
          English
          arrow-up
          2
          ·
          8 months ago

          Well yes but you could just set another Proton account as recovery and not your email which you used to sign up to everything…

            • Mikufan@ani.social
              link
              fedilink
              English
              arrow-up
              1
              ·
              7 months ago

              Well… I did… Idk

              Well on the other hand you can just not be a terrorist (for that case)

              You can also set a temporary mail if another Proton isn’t working. There are enough ways around such restrictions.

                • Mikufan@ani.social
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  7 months ago

                  The person is a terrorist by definition and Proton does allow temp addresses simply because they cant enforce that you don’t just set up a SMTP server on your pc and get a temporary mail from that…

                  They are privacy focused but you don’t have to use their services for committing treason and plan terrorist actions/actions against a state when you are to dumb to not use your go to email as recovery.