@AIBrain@jonah@doomy@protonprivacy 1) If the hash isn't one-way then Proton can be compelled to unhash it so there's no point.
2) They could require the user to reenter the recovery address if it's needed for recovery, confirm that it matches the hash, send the recovery message to the address, and then discard the unhashed address.
If they're not doing it that way then they screwed up, or they decided convenience outweighs privacy, or they want to be able to cough it up if asked legally. 🤷
@jonah@AIBrain@doomy@protonprivacy In fact, people are significantly more likely to forget a password than to forget their email address.
And if they have multiple addresses and don't remember which they used, they can try all of them.
As I said, this is a privacy vs. convenience trade-off.
Other apps do this (require recovery email to be verified by user before it can be used for recovery). Proton would not be breaking new ground here.
@protonprivacy@jonah@AIBrain@doomy I don't understand why you keep making excuses instead of at least acknowledging that you could choose to handle recovery emails in a way that keeps them private.
@doomy From a technical perspective, one can't end-to-end encrypt or hash a recovery email as it needs to be accessible to send the recovery email, which is typically initiated by an unauthenticated user who has lost their password. In brief, if we did that, one wouldn't be able to use the recovery address for its intended purpose.
@protonprivacy Thank you for the response, but I don't think that is correct. You can still store only the hash of the email.
For example: If a user requests recovery, they must input their recovery email. The server would then check that the hash of the user provided email matches the stored hash. If it does, the server sends the recovery email to the provided address (or keeps the email for as long as needed for operations before scrubbing).
@doomy Recovery addresses are also used to inform users in case suspicious login attempts or something of that sort has occurred, and for that we need to have access to the address itself.
@protonprivacy from what I'm reading there it means that ALL data that you log will be handed over if account information is legally requested? And the Sentinal Program means that your IP gets logged and also handed over to authorities, if requested (which seems counterintuitive)? Also support tickets get stored and will be handed out if requested?
@protonprivacy can you tell us what other information can you provide so easy from our accounts? Or what is not encrypted?
Now I know I need to delete my recovery mail.
My phone number?
If I use the easy switch option I am exposed?
What about the new security options like proton sentinel or the dark web monitoring?
Note that It’s also important to differentiate that VPN is not classified as a communication tool in Switzerland — Proton VPN does not log IPs and there are no existing Swiss laws that can compel us to do so.
Also, nothing is delivered easily: Swiss law is very restrictive, and there are many hurdles to jump through to get a court order.
@lx We provide an official Proton Mail onion site for use with the Tor network for those seeking anonymity.
It’s also important to differentiate that VPN is not classified as a communication tool in Switzerland — Proton VPN does not log IPs and there are no existing Swiss laws that can compel us to do so.
@protonprivacy Thanks for the very specific information on what information you may or may not be compelled to provide here. Let us know if anything changes!
Add comment