Removing accounts after some time of inactivity and Recycling usernames are bad ideas.
Email is not only a communication tool, but probably more importantly an internet identity. People use their email to open accounts on websites. If an email address is deleted and reused by another user, then all personal data bonded with that email address is lost and at risk.
As I know gmail doesn't recycle email addresses. That's a considerate idea.
-
Anonymous commented
I am currently trying to find my final email account, that will last "for life".
I would love for ProtonMail to publish a formal policy + procedure for account dormancy, and if we can expect our accounts to last indefinitely?
I'm sick of playing email hopscotch; time to find a service that lasts indefinitely. One account to rule them all. And in encryption bind them.
-
Diego Otelo commented
-
JMonteyne commented
Removing account after a very long inactivity may be ...?
Recycling usernames is a very bad idea.JM
-
sascha commented
I support idea that accounts are not deleted, if they must do it in the future when and if they get million users, they should do it after 3 years of inactivity, with option to recover email inbox messages. theoretically some human right activist can get 3 years of prison and when he is free again, he would like to access email messages. so, inbox can be backed up and account can be closed after 3 years, user can contact support to recover inbox messages or to use email account again. but surely, even if account get deleted, it should not be allowed to the other people to register again the same account.
-
Anonymous commented
I hope that protonmail will offically confirm this into the policy of service! Please support this feedback
-
AdminProton (Admin, Proton) commented
At this time we do not recycle usernames. While we do not have an official policy set for this, we do not have plans to recycle usernames at this time. We will take this feedback into consideration as we establish official policy.
-
the dude commented
Everything Stian says is true, and these are all very valid concerns.
The one thing I think might be ok is recycling the username if the invitation is not activated after some duration. This amount of time doesn't even need to be that long, as someone who never actually completed registration of a given email address isn't operating on the assumption that they would be the only ones with access to that email address (i.e., they won't be registering other accounts using the aforementioned email address yet).
-
Stian commented
Admin should merge these votes into the other one.
-
Stian commented
There's already an idea for this. Please use the search function. :)
-
Stian commented
This is important because you can request sensitive information by e-mail. It can be as simple as request new password on a site.
A scenerio: A user have the email "example@examplemail.com". He later decides to delete it OR it get deleted due to inactivity. Later another person signs up with this e-mail. He then want to create an account on a website with this e-mail as username. He gets the message "this e-mail is already in use". Now this person can just request a new password and get access to this account. The previous owner of the e-mail-adress might have forgotten about this, and so it becomes easy to misuse and get access to personal information.
So I totally agree, never recycle usernames! And never delete inactive accounts.
But I think you should cancel the invitation request if the activation link doesn't get used. How long to wait? I think a couple of years is good, that leaves some time for people to activate the account the reserved username for.
-
Anonymous commented
7 years is more reasonable. Then someone forgot all about his email adres or died.
After a while recycling goes at the same speed. It only starts later. -
derelict commented
If your account expires after inactivity and then some other person creates an account with the same name, then you are in a big trouble, because that person would be receiving all correspondence that was intended for your eyes only. Especially if you used your protonmail account at you financial institutions and many other organizations who has your sensitive information.
-
Anonymous commented
Then I suggest to Protonmail that considering that most of you are only using PM for backups or not using PM at all, you should make a valid claim that you are using it for that reason only and have your accounts restricted to only 1-50-100MB or less.
Most of you have probably 1GB accounts if you didn't sign up recently and don't intend to use most of it.
So I think Protonmail should include a feature before hand when applying and in Settings, with the information as to "how many MB you think you will need" with the inclusion that if you opt for a smaller account and don't intend to use it regularly more users can be added.
Choice 10MB-50MB-100MB-250MB-500MB-1GB
I Hope Protonmail considers this, it seems right, doesn't it?
-
Kimmy commented
that's extremely important. for example, I have a protonmail only to create accounts on the Internet(like facebook, twitter, paypal, etc). And forget to login for 3 months and BANG! my protonmail is taken back and registered by someone else. and BANG! my facebook account, twitter, paypal, amazon, ..., not mine any more! in someone else's hand! that's great, huh? how can you call it "secure"?
Simple logic. don't know why stay unresponded for so long. -
Anonymous commented
Tutanota.de doesn't do this "for security reasons. There should be no possibility that someone else is able to register your previously used email address, and then, by accident, receive a confidential email that was meant for you."
Why doesn't PM? +3 for this!
-
Anonymous commented
Please dont recycle any accounts, this would be a shame.
I would also prefer if accounts NEVER would be deleted if nobody is log in for a while. This is a massive disadvantage and a reason to choose another provider. -
Joe Mama commented
Recycling usernames is a huge privacy concern. If a username gets recycled the new owner will also get any future mail sent to them, even if that mail is NOT for them but for the previous owner. I realize this can potentially cause users to deliberately block up usernames so that nobody can use them, but that is a hell of a lot better than the alternative.
-
Anonymous commented
Never remove an inactive account. Very bad to do so.
-
Cameron Taylor commented
I agree with OP.
Closing 'inactive' accounts, or those that haven't been logged into for some time, is a real problem for me. I'm currently using ProtonMail as my email account for backups and account resets for other services. I'm also planning to move all my internet banking there.
Because everything is automated, I'm not planning to login for months on end. I don't want to suddenly find myself needing to reset something from my cloud storage provider, only for ProtonMail to have closed down the account. I wouldn't mind paying a small auto-renewing subscription fee to keep the account open and not have to login all the time. (Though, please allow a monthly subscription.)
-
Anonymous commented
Gmail don't recycle username. After some time of inactivity, they delete account but never recycle account.
Outook, after 5 year of inactivity delete an account an recycle username
PLEASE STOP THIS ABSURD IDEA OF RECYCLE USERNAME!