• GenderNeutralBro@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      6 months ago

      They could avoid storing the recovery email in plaintext. A hash would be sufficient if they require the user to enter their recovery email for confirmation when they really need to recover the account.

      For an ostensibly privacy-oriented service, Proton makes some weird architectural choices.

    • Venia Silente@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      They could host themselves in a different place with better privacy laws. I’ve always wondered why, for example, don’t privacy services establish themselves in international waters or in micronations such as Sealand.

        • Venia Silente@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          , terrorism and treason being such cases.

          but “muh terrorism” is such a wildcard that it can be (and is) used to excuse anything, so that’s pretty much the same as saying that Proton does not offer any guarantee at all.