"Accounts that are inactive for over 3 months may be automatically deleted." Please consider altering that policy.
"Accounts that are inactive for over 3 months may be automatically deleted."
Please consider altering that policy. Three months is way too short a time!
Why not 1-2 or more years instead of 3 months?
@Lhgeam Strelkov That's good as I've seen it before, although as hinted the rooms for improvement is still very large.
Lhgeam Strelkov commented
Seems like this policy has changed (for the better): https://proton.me/support/inactive-accounts
@pras92 I think that's a great idea, although it would still put a large portion of privacy conscious users where they would not link their emails, phones and even 2FAs to their accounts as "recovery purposes" or so on, at disadvantage.
There are many reasons why they choose to leave out the recovery emails/phones. They may want to protect their privacy and avoid being deanonymized or outed, especially with the hard turn to far right by the SCOTUS. Airport secondary inspections can sometimes be so intrusive that it's better off in taking precautions to minimize whatever that can land you unwarranted troubles. In the event of a hack they would want to slow down the hacker (who will definitely turn the tables with the email recovery function, although to a degree due to the encryption) and minimize the damage.
Hence, it would be disingenuous to label such users or use cases as Throwaway Accounts. Instead, more criteria such as the activation of "@pm.me" addresses or the presence of certain activities such as organically sending an email, alongside its frequencies can be used to make the call on whether it is a throwaway or not.
Some time ago I had reached out to their management and they tentatively promised to consider putting a proposal of a freeze of mail functions such as outgoing messages in inactive accounts, into next years roadmap. The freeze as envisioned in the proposal, alongside an additional throttling of storage limit to 100MB, would be lifted upon the completion of a process such as a fee, or an ID verification, or so on.
There are certain exceptions in the proposals though. lnbound messages would be restored immediately upon next successful login as it is critical for users to access any other accounts that are 2FA linked to it. Sending a message to oneself would still be permitted, as there's a good chance that most of us have the habit to use mail services as a mini-cloud to store jawns like pictures or documents, since life happens and there are unexpected emergencies along the way. Although still, that action would be subjected to a monthly quota-style limit, in addition to the aforementioned throttling of storage limit to 100MB.
Any accounts made on or before Protonmail's 8th anniversary can be subjected to a grandfathering process, example being the airdropping of $1 Proton credits and the creation of an adjacent plan which would be a very slight modification of the Free plan, to reward users who display longstanding customer loyalty towards Proton. In that demographic, the measure would distinguish longstanding and active users from "throwaways".
The accounts who made their way into the $1 plan would be exempt from inactivity deletion, but would be subjected to the said functionality-freezing measure. Anyone who had much higher plans like Visionary can be exempted from those measures penalizing inactivity altogether.
Furthermore, a probationary period should be set for new accounts which would use our criteria to see whether they are going to be established/active accounts, or rather throwaways, the latter which could be subject to account deletion.
Because the heuristics of ProtonVPN is more permissive than Proton Mail in terms of making throwaways, the criteria for any accounts which hasn't activated its mail function for the first time yet can be subjected to more stringent conditions, such as a longer probationary period.
Ultimately, you may need to bring back the good old prompts that force users to either donate or verify their phone number upon signup to display on IPs where the registrations and/or abuses of Proton accounts are rampant. Either that, or put them in a 100MB storage limit and a much reduced mail functionality in the first place (a little bit like Tutanota, which puts inbound mail function of newly registered accounts on hold until they are reviewed) until they can do either of the two.
FYI since the original thread I replied and voted for was merged; it was a suggestion to use alternative measures like clear out inbox contents instead of the draconian measure of account deletion.
To balance the issue of wasted valuable storage on dormant/ throwaway accounts and retaining accounts as long as possible, you could:
>> As a first step, internally differentiate Throwaway Accounts (TA) from Regular Accounts (RA) by certain guidelines. Example: Any account that doesn't add recovery email (not recovery phone) and 2FA can be termed as a TA, since the user didn't care for the account recovery in case of lost password.
>> TAs can be subjected to account deletion over a period of 1 or 2 year inactivity. Given how easy it is to open a protonmail account without any mandatory verification via phone numbers, I suppose there would be lots of TAs, which can be nuked this way to save space for active users.
>> As for RA, these accounts are safe regardless of the inactivity, but if a user logging in after more than 1 or 2 years of inactivity, you can either ask them a reactivation fee equivalent to, say, 3 months of premium for keeping their account save from deletion or if you feel generous, force them to sign up for a 3 months premium to get access to their dormant account.
This way, you get to convert long time inactive users to first time premium users and, they get value for their money so they won't hesitate to pay for reactivation and hopefully they'll learn to be active should they not want to pay in the future.
I hope someone in the management reads this idea and understands the balance it provides for both the service and it's free users.
Finally, a lot of the comments here shows how ignorant users are, regarding the existing policy. To clarify from the TnC:
> Deactivated accounts won't be recycled to prevent identity theft.
> Inactivity will not matter if the user had paid for a subscription at any point in the past.
Davion Taylor commented
Maybe understandable if they do this to long-inactive (1 or 2+ years inactive) free accounts, but this should *NEVER* happen with a paid account -- even if it's an inactive one -- that is still routinely paying the periodic subscription without issue.
I give my vote to this idea. You should never delete anyone's account. There are so many scenario where people can't access their account for a long period of time (illness, accident, natural disaster, incarcerated, etc). Deleting account is not a solution of what ever problem you want to avoid.
Proton had been changed to a shit. Now it is WORST email provider. Nothing changed to better after update. Fuck proton. I’m am moving to mail2tor. N
I suggest you to clean up the contents of your mailbox to save disk space, instead of deleting it completely. In case of prolonged inactivity, stop accepting emails to this box until further login. As a precaution against abuse of such accounts, please set a timer that will prevent instant use of accounts that have been inactive for too long.
Please stop deleting accounts!
Joe Weaver commented
Adding my support to the DO NOT DELETE voices.
Can't believe you'd delete accounts. Sure, it might be costly to keep old accounts, but I'd never want that old stuff deleted. If I have something I need, I email it to myself, and I have plenty of email accounts I haven't opened in years, which I still use on a daily basis as forwarding accounts, etc.
DO NOT DELETE ACCOUNTS. Please. Thanks! :)
Unless something changed this year, Tutanota delete accounts too, after 6 months of inactivity.
While I don't think that deletion of inactive accounts is necessarily a bad thing, it helps to keep clutter away, especially the spam accounts, there should be a more clear definition of when the account gets deleted. Three or more months of inactivity seems like someone is going on a whim if to delete an account or not, instead of it being a strict rule.
If deletion is the way to go, maybe extending it to 1 year would be better, as most likely people will be able to get internet access within that time somehow, even though three months in today's world is a long time as well.
A better way would probably be to simply de-activate an account by making the user verify that their account is still theirs after a long inactivity period.
It could be verified through personal data or a secondary e-mail account that should be set up and verified in the settings.
A notification e-mail maybe would also be nice to let the user know that their account is about to be de-activated.
David Christain commented
According to https://www.bookwritingbureau.co.uk/publishing/, It's a simple way to keep Google from canceling your account. Simply use Gmail, Google Drive, or Google Photos on the browser or on your mobile device when logged into your account and connected to the internet.
Strange. The comment didn't go through. I'll try again.
Over 1126 votes already. The management of the company simply doesn't care. They just don't care about their users. Go to hell, you moron who invented account deletion! You don't belong at Proton! I've never seen such a fucked up idea anywhere else. Dear developers, please fuck this bastard once and then kick him out of the company. Deleting accounts will do NOTHING good. And your greed will only lead to more hetjy! You just read that thread already. Fucking morons!
There are already over 1,126 votes. The company management simply doesn't care. They just don't care about their users. Go to hell, you moron who invented account deletion! You don't belong at Proton! I've never seen such a fucked up idea anywhere else. Dear developers, please fuck this bastard once and then kick him out of the company. Deleting accounts will do NOTHING good. And your greed will only lead to more hetjy! You just read that thread already. Fucking morons!
Shut the fuck up Geoff Jones, you're probably a ProtonMail employee trying to make this feature look good! It's a terrible fucking idea... Gmail doesn't delete their customers account, because they know it doesn't make fucking sense. The idea of deleting user's account is absolutely trash. I wish I could punch in the fucking face the retard that came up with this idea!!!
Geoff Jones commented
I can understand why Proton want to do this. There are probably thousands of defunct accounts on their servers that have been dormant for years, that are just consuming storage space. I say this because - due to the level of anonymity provided by a ProtonMail account, and the ease of creating a new account - it's highly likely that:
1) many people have created a "throw-away" account for a particular purpose and once fulfilled, they abandon the account, maybe without even clearing it of emails first.
2) many people have created accounts, then forgotten their password, and have no recovery methods configured, so have no way to access their accounts, so have to abandon them and create a new account.
I have actually been guilty of both of those charges - when I first heard about ProtonMail, I created an account that was only ever intended to be a repository for receiving mail in connection with a particular website/app that has a reputation for spamming its customers by default with promotional and subscription-based email, so wanted to avoid junking up my main email account. This Proton account also served as a receptacle for the "verify to activate your account" email from the aforementioned website. I created the Proton account quickly, midway through registering with the website, so skipped all the 2FA / recovery options. I then tried to log into the account a few days later and was told that the password was incorrect, even though I was sure that I'd memorised it and entered it correctly. With no way to recover the password, I had to abandon the account, which by now is probably full of hundreds of marketing mails from the website, and maybe still receiving more on a daily basis.
Later, I created another account that I intended to use for Steam account management, and again (stupidly) didn't set up any recovery option. Thankfully I hadn't actually bought any games from Steam at that point, as when I tried to log into this ProtonMail account - having manually copied my password into Kaspersky Password Manager during registration - I was told again that the password was invalid.
For my third attempt at setting up a ProtonMail account - the one I'm currently using - I decided to do things properly, as I wanted to migrate from Gmail to PM. o during the registration process, I not only added the credentials to KPM, but also created 2FA / account recovery options and also created recovery files/phrases for it which are saved to my computer. I have been using this account successfully for about six months now.
Back to the point of this reply, I hope that I have been able to demonstrate why Proton want to purge dead accounts from their servers, thereby freeing up huge amounts of storage space, as well as (depending on their security policies) freeing up usernames/email addresses to be reallocated to new members. To just hang on to every account ever created, no matter how long its been since it was last accessed by the account holder, would be massively inefficient, in terms of storage space/costs, maintenance and security.
I do understand the points you raise about people being unable to access their accounts for extended periods of time due to unforeseen illness or global/political crises, so here's what I would suggest:
1) For all ProtonMail accounts that have lain dormant (not been successfully logged into for more than 12 months), Proton need to send out an email to all email addresses associated with the account, warning that the account will be deactivated within seven days unless the account is logged into again, and as such will be unable to receive incoming mails. However, it will be left available so that, if someone then logs into an account that is marked as dormant, it reactivates it immediately and makes it a live account as if it had never been made dormant.
2) After 18 months, Proton need to send out another email to all email addresses associated with the dormant account, warning that, if the account isn't reactivated within another six months, it will be permanently deleted, including all associated data - emails, calendar appointments, etc.
3) Seven days before the 2-year final deadline, one final warning should be sent to the account and all associated email addresses stating that, if not re-activated via successful logon within seven days, the account and all data will be permanently and irretrievably deleted from all Proton servers.
4) After that seven-day period is complete, the account - if not accessed by the owner - is then deleted permanently, freeing up server space.
5) Depending on GDPR / other data security laws, the deleted account username is then 'released' so for instance deleted account "John.Smith@protonmail.com" then becomes available for a new person called John Smith who is signing up to ProtonMail to be able to use. For data security/privacy reasons, the lead time on releasing usernames may be between 5-10 years.
I'm not sure 100% what the timeframe was, but I was a customer with another service. My services got disrupted and I came back to said service with no account, and I'm going to keep in mind that ProtonMail also does this. However, I have to disagree with Jo, as TutaNota was the service that axed my email account. I'd finally gotten free of Google and wanted to set up with service providers that DON'T use Google or enable their bad business practices. If I wanted Google, I'd have stuck with GMail, wouldn't I..?
Should Protonmail be required to keep a record of your user account and password in perpetuity? I would think that Protonmail would be required to delete your information after a certain period of time, but I live in the USA.
I do think the cleaning idea is excellent. Just save our email address and password. Unfortunately, this will make all usernames longer over time. That would mean Protonmail would have to store a very large number of usernames. The usernames would become so long and complex very few people would want one.
John Smith commented
Please, don't delete inactive accounts!