Duress Password that wipes emails
A password which can be entered in times of coercion to reveal the mailbox password. When used a security mechanism (eg. wiping the mailbox) can be employed
This could also be set as a rule. Delete what is set. if you login with this password -
Delete, alle mails in this folder, mails labeled this and this and then empty trash.
I was about to make a suggestion like this but I'm glad someone else thought of it.
This is what I was going to post:
Device-specific alias visibility
The ability to toggle visibility of an account's various aliases (and thus the existence of e-mails associated with those aliases) based on either what device you're logged into, or in the case of Android/IOS, what PIN you unlock the app with. The "duress PIN" approach for mobile devices might be easier to implement.
This would be useful for journalists, attorneys, political activists, etc in places where the state of being on the wrong side of the mood of a corrupt authority figure who can coerce an unlock would put their confidential contacts and other sensitive information at risk.
when entering an alternative secret password, delete the entire mailbox permanently
This a great idea. To have a separate password display a previously organized secondary inbox, with trivial emails.
But, since this feature would be of most value in third world countries, who suppress freedom of expression, such as China, Russia, Turkey, etc., please offer it to free accounts also, not just paid accounts.
A great and essential feature. While I don't know that I require this function now or in the near future the same is not true for others.
For many, many people in all parts of the world this feature could literally save a life or allow a person to avoid an indefinitely long stay in a 'labor camp' managed by the Supreme Leader. Use cases are abundant and documented.
This is an essential feature that would seem to be at least somewhat related to Protonmail's reason for existence.
Great idea. I think when the security password is entered perhaps there should be a dancing meme of Christmas elves. That should be interesting!
Should be option to require correct TOTP code or just a password.
And option to wipe only selected folder / tagged messages (so attacker will still see less confidential messages).
Good point about indications of which password was used. If used perhaps an email to the recovery address after resetting to some default inbox? Hope to see more interest in this.
if a very specific, duress password is entered, the mailbox should self-destruct, or delete all emails, or reset to a default view displaying only a few "public" emails, without any indication to the user that this has been done. If people know about the duress password feature (i.e. it's advertised on the proton mail website), then coercers will know if it had been used. deleting all private and uncategorized emails, and displaying only public emails would probably be the best auto feature
Very nice idea.
I think the simpler idea here is the dummy inbox.
Excellent idea, along the same line, can a sent email expire one hour after its read...or maybe 24hrs?
We the People commented
Shut up and take my money.
Or create a third password that would open up a fake mailbox with fake emails :)
Depends on implementation requirements and amount of interest. I have put some thought into Tristan's idea. This idea could make hacking more difficult. Just think if they guessed the wrong password... Other things to consider also, but I'm genuinely interested in this.
I just saw under review and it's been a year. Probably not going to be implemented?
Wow, this should be more popular. I don't think many people have thought about it.
Normal password works, working password doesn't. Special password wipe everything.
that is a great idea. I'd love to see something like that implemented.
This is a great idea Tristan. I am very interested in this as well.
This would be useful for those who are forced to turn over passwords in court.