Skip to content

Golliwog

My feedback

15 results found

  1. 447 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Golliwog commented  · 

    I want segregated security between my password manager and my other services to:
    1. reduce the frequency of use of my password manager password (every use of my password is an increased security threat).
    2. decouple access to high-risk services (eg. email/calendar) from extreme-risk services (password manager).
    3. allow me to disable 2FA on only my password manager as they are not suited to having 2FA enabled (chicken and egg problem).
    For example, a traveling backpacker may want to check his emails at an internet café. He could use his ‘open everything’ Proton password to access his email with no 2FA (as this would require 2FA on his Pass account too) with a high risk of local security threats (eg. keylogger). Or he could open his password manager on his phone with his Proton Pass password and no 2FA, and then log into the café computer with his Proton email only password and 2FA. This second option keeps his Proton Pass password off the café computer and protects his Mail account from keyloggers using 2FA. Additionally, his risk profile is limited to only his email account.

    I dislike Proton’s current implementation because:
    • using one password across all Proton service is analogous to re-using the same password across multiple websites.
    • having multiple passwords to access Proton Pass negates the use of a password manager – a password manager should minimise the number of passwords that need remembering.

    I would recommend a tiered password system – Proton Pass password (master) can access all Proton services. Proton Mail/Calendar/Drive Password(s) can only access the services they are registered to (this may be one password for all services or different passwords for each service). I believe this would be possible with Proton’s current architecture (with or without requiring the passwords to be stored in the password manager).

    Another feature could be a login via QR code when the user scans a QR code on the computer he wants to login to, and his phone negotiates the authentication (eg. Netflix’s login system on smart TVs). But, I am not sure if this is technically possible, or practical (as a user may not always have network connectivity on their phone).

    Best luck with this new feature.

    Golliwog supported this idea  · 
  2. 930 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Golliwog supported this idea  · 
  3. 228 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Golliwog commented  · 

    On Windows too please!

    (It hurts being the Windows guy...)

    Golliwog supported this idea  · 
  4. 494 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Golliwog supported this idea  · 
  5. 4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Golliwog supported this idea  · 
    An error occurred while saving the comment
    Golliwog commented  · 

    I would add that Proton should be generating PGP certificates for each alias. This would allow encrypted emails to aliases (currently not possible). Additionally, a temporary feature should added to strip Proton domain PGP certificates from aliases emails to prevent unmasking of the true email address.

  6. 2,667 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Golliwog commented  · 

    In Proton's defence, this is a very hard problem to solve. Contacts are deeply integrated into the Android OS where Google Play Services reside with root privileges. It is like trying to keep the chickens safe from a fox who resides IN the hen house.
    I would assume it is almost impossible to accomplish this without users switching to an alternate OS like GraphineOS. Even then, it would be very hard to achieve.

    Golliwog supported this idea  · 
  7. 91 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Golliwog supported this idea  · 
  8. 973 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Golliwog supported this idea  · 
  9. 108 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Golliwog commented  · 

    This can be done with a box like pfSense. See https://protonvpn.com/support/pfsense-wireguard/

    An issue arises when you have multiple VPNs using the same subnet. According to Proton support, multiple VPN connections from the same device are possible with this workaround:

    "Regarding the feature request, you should be able to use 10.3.0.1 for gateway/DNS, and 10.3.0.2 for your IP.
    It also works for 10.4.0.x, 10.5.0.x, etc. (the important thing is that the gateway should be .1)"

    I have tested and confirmed the solution up to 10.8.0.x.

    Also note, your Wireguard listening port (normally 51820) must be unique. I increment mine, eg. 51821, 51822, etc. for every additional connection. The peer port does not change.

  10. 3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Golliwog commented  · 

    I spoke to Proton support, the solution has already been implemented!

    "Regarding the feature request, you should be able to use 10.3.0.1 for gateway/DNS, and 10.3.0.2 for your IP.
    It also works for 10.4.0.x, 10.5.0.x, etc. (the important thing is that the gateway should be .1)"

    I have tested and confirmed the solution up to 10.8.0.x.

    Also note, your Wireguard listening port (normally 51820) must be unique. I increment mine, eg. 51821, 51822, etc. for every additional connection. The peer port does not change.

    An error occurred while saving the comment
    Golliwog commented  · 

    The root of this issue is that all of ProtonVPNs Wireguard tunnels use the same network for clients on all servers - 10.2.0.2/32.

    I suggest setting the Wireguard network to a random IP. For example: 10.2.0.{random}/32

    Alternately, set the last octet to the server number in that country; eg. AU#66 would use 10.2.0.66/32

  11. 56 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Golliwog supported this idea  · 
    An error occurred while saving the comment
    Golliwog commented  · 

    Tailscale is insecure if the coordination server is hosted by a third party. It effectively gives the coordination server access to someone's whole network.

    With ProtonVPN, I hate that at home, from my Android phone, I cannot access my local network securely as I have to chose between Always-On VPN and 'LAN Connections'.

    I think the above idea about using ProtonVPN with Tailscale exit nodes is based on a similar problem to me. I would suggest Proton looks at my root cause issue and cooks up a better custom solution.

    I would love a solution to allow access to my home network (at home and away) with all my traffic routing through a ProtonVPN gateway. (Tailscale tech could be used as a starting point.)

  12. 8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Golliwog supported this idea  · 
  13. 7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Proton Mail  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    An error occurred while saving the comment
    Golliwog commented  · 

    This is critical. Proton should be conducting extra checks (eg. like the email missing attachments feature) to check for leaked email addresses.

    Golliwog supported this idea  · 
  14. 10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Golliwog supported this idea  · 
  15. 94 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    Golliwog supported this idea  · 

Feedback and Knowledge Base