#privacytechpro tip don't use a recovery email with e2ee service prividers. it's metadata. when pressed by 3 letter agencies, the service (in this case proton) must give over what they have.
#cybersecgirl #proton
Proton AG of ProtonMail can provide FBI with your account recovery email
Comments ( https://news.ycombinator.com/item?id=39658647 )
https://fxtwitter.com/monetaryreset/status/1691446834655535105
Discussion
βAny information received would be limited to metadata, since email contents, attachments, files, calendar entries, etc. are all end-to-end encrypted and no-one, not even Proton, can access them.β
can one "undo" this by editing or erasing the recovery? or must they start new?
Removing it should remove the records.
"You can provide an external email address for notification or password recovery purposes. Should you choose to provide it, we associate this email address with your Account (for password recovery or notification purposes). Such data will only be used to contact you with important notifications about the Services, to send you information related to security, to verify your account or to send you password recovery links if you enable the option. We may also inform you about Proton products in which you might have an interest. The legal basis for processing is consent and you are free to modify this in your Account settings panel at any time."
https://proton.me/legal/privacy
They mention nowhere that they keep older records. Typically the things that they can see are things they either cannot encrypt for technical reasons or if it is something you chose them to store (like Login history logs for example).
many thanks final
What can't Proton see on there end with your account? I always get mixed messages on what they have access to
#privacytechpro tip dont use email.
Ftfy
I wonder if Proton keeps the 2fa setup email address, which is required for every account...