My feedback
109 results found
-
11 votes
An error occurred while saving the comment
shared this idea
·
-
33 votes
supported this idea
·
-
23 votes
supported this idea
·
-
24 votes
supported this idea
·
An error occurred while saving the comment
commented
Not in favor of ongoing sync to a less secure storage, but one time import is sorely needed.
Som of us have in the hundreds of GB in other clouds. I'm sure an import mechanism directly in proton's infrastructure would be much faster than downloading form the traditional public cloud and uploading to proton. -
1,340 votes
supported this idea
·
-
453 votes
supported this idea
·
-
1,063 votes
supported this idea
·
-
2,945 votes
An error occurred while saving the comment
commented
7 years later...
supported this idea
·
-
219 votes
An error occurred while saving the comment
commented
Horrible idea, Get ready for MFA bombing (being spammed with prompts until you give in and click "Approve") like what happend to apple Icloud users recently if this is implemented.
push authentication is vulnerabile to social engieering attcks like this, I'ld quite posibly leave proton if they put this in.
Passkeys or FIDO2 Secutykeys would be a more secure passwordless option -
483 votes
An error occurred while saving the comment
commented
TOTP is not the best MFA and idealy you would not store the keys for it on any device you will authenticate to
I would simplay recommend using a Yubikyey (maybe two so you have a backup) and keeping the TOTP secret on the yubikey(s) with the Yubico authenricator app
this restores TOTP back to being on a keyfob wich there is a reason it started out on keyfobs is it creates an air-gap where the seed/key/secret can’t be leaked -
1,555 votes
An error occurred while saving the comment
commented
Was going to post this mysefl, have 3 of my votes sir!
even if the storage counts against mail and drive. certin things make more sense to be an attachment alongside the login record in a password manager instead of a losse folder in cloud storage.
supported this idea
·
-
2,230 votes
supported this idea
·
An error occurred while saving the comment
commented
"Possibly in 2016."
Checks calendar, 2023. 7 years latter...
why is this still marked as planed? -
93 votes
An error occurred while saving the comment
commented
Would be great to see Monero (XMR) offred as a crypto payent option for Proton Subscriptions.
Right now there is really no private way of paying for Proton serivces:
Credit\Debit - Central Govment regualted bank montioring trnasactions
Paypal- Central Private Comany borkering the transaction to another financial institution
Bitcoin - Transactions are publlicly visible on the blockchain, privacy/anonymity is highly dependent on the assumption the wallet address isnt ever associated with the user’s true identity
Cash - Could get lost or stolen in the mail and Is marked with the destination.Monero restores to us the privacy originally promsied to us with crypto payments like bitcoin. I'm not sure about the specifics as to how it keeps the transactions private, but i do know you can't simply see transations on the moenrao blockchain without other transaction information.
supported this idea
·
-
148 votes
An error occurred while saving the comment
commented
Agreed, take how Apple implements Security keys as an example of how this should work.
You need at least two to even turn on U2F, and then OTP and other methods like SMS are shut off when you do with the exception of password/account recovery.
Having plain old TOTP as a plain old signin MFA and not at most a recovery method where I’m notified of login attempts alongside security keys should not be a thing it nullifies the added security.
Google also does similar if you opt in to their “advanced protection program”.
The largest players in the industry seem to be in agreement, that this is how security keys should work; They should be your only MFA.
supported this idea
·
An error occurred while saving the comment
commented
Would be great to see them go beyond this and allow the use of webauthn or passkey as a passwordless authentication method
-
324 votes
An error occurred while saving the comment
commented
An actual iPad app is sorely needed.
The “iPhone emulator” mode that is used on iPad currently frustrates me to the point I don’t use it
supported this idea
·
-
1,103 votes
supported this idea
·
An error occurred while saving the comment
commented
What would make Proton MobileOS diffrent from say CalyxOS or GraphineOS?
I did put in 3 votes for a desktop OS because at the moment proton has the infrusturcture and apps to make a more private ChromeOS altenrive, or maore daily use Tails, wichever way you wan t to spin it.
I don't see what value would be added byt them poducting a mobile OS, but i'll gve it a vote bescaus i wouldn't mind it. -
68 votes
An error occurred while saving the comment
commented
A loightwight OS similar to chomre OS but using prton services instead of Google, capable of routing all the traffic though ProtonVPN, much like Tails does with TOR was something I was going to suggest myself. Take 3 of my votes Sir!
supported this idea
·
-
67 votes
All Proton mobile apps now support FIDO2 for 2FA: https://proton.me/support/2fa-security-key
We'll be adding the option to disable authenticator app very soon.
An error occurred while saving the comment
commented
They should also work on using the current gen standards for FIDO2/WebAuthn, where it prompts for a PIN upon activation of the hardware key. As someone who has keys for both work and personal, the PIN feature has kept me from using the wrong key without failing the acutal Authentication challenge on more than one occasion.
BTW a workaround i did to re institiute this keyfob requirment on platfroms that still only support TOTP is to just store the TOTP secrets on my yubikeys using the Yubico Authenticator App. Extra Few Seconds to Copy/Paste the code, and extra app to have to download, but storing the secret physicly on the keyfob maks this method of TOTP almost as secure as U2F imho.
supported this idea
·
-
938 votes
supported this idea
·
-
387 votes
supported this idea
·
I would speculate maybe they feel diskless infrastructure is overkill because they don’t keep logs and would be extremely unlikely a data center would be raided in one of the countries where the secure core entry nodes are. But look at what happened with Pirate Bay, it was raided despite the fact there was really nothing on the servers other than a database.
So not completely out of the realm of possibility, especially with Hollywood going on a war against piracy again recently and wanting to setup a “great firewall” in the US this time.