email autofill
The "Use my email" autofill suggestion is hardcoded to the Proton account login email and cannot be changed. Users should be able to designate any email address — including one stored in a ProtonPass Identity — as the default autofill suggestion. This is a blocker for users whose primary email differs from their Proton account email (e.g., after rebranding or when using a custom domain professionally).
Dallion McGregor
shared this idea
-
Dennis
commented
I agree on this. I accidentally clicked on it instead of generating alias. Which could be read by websites for data capture before clicking next in an account creation page.
I don't want to expose my proton address that is the reason I use aliases with Pass. Nowadays, javascript is most openly used for user tracking. Each keystroke could be logged before final input submission (looking at you, paypal 👀).
When the UX is this way, the user accidentally exposes their proton address which is a serious privacy leak and then use alias filling which is itself could be used for linking identities.
I understand that this would be seem dramatic. But being a privacy-conscious individual, I think this is valid point. If you want, Go to paypal website, signup, open browser console, type email, you can see every keystroke being sent. I am not a full fledged nerd. I might be wrong. But still this kind of leaks could happen too.
Proton should allow disabling primary proton address during autofill as an option so as to enhance privacy.
If possible rename this as hide primary address during email autofill.