• @GenderNeutralBro@lemmy.sdf.org
      link
      fedilink
      English
      86 months ago

      They could avoid storing the recovery email in plaintext. A hash would be sufficient if they require the user to enter their recovery email for confirmation when they really need to recover the account.

      For an ostensibly privacy-oriented service, Proton makes some weird architectural choices.

    • Venia Silente
      link
      fedilink
      English
      16 months ago

      They could host themselves in a different place with better privacy laws. I’ve always wondered why, for example, don’t privacy services establish themselves in international waters or in micronations such as Sealand.

        • Venia Silente
          link
          fedilink
          English
          16 months ago

          , terrorism and treason being such cases.

          but “muh terrorism” is such a wildcard that it can be (and is) used to excuse anything, so that’s pretty much the same as saying that Proton does not offer any guarantee at all.