From a threat-modeling perspective, this exposes users to risks such as:
-Local email collection from an unlocked or compromised endpoint;
-Abuse of an already-authenticated session;
-Bypassing MFA through session reuse;
-Insider or shared-device access;
-“Evil maid” style access where someone briefly uses an unattended machine;
-Malware or remote-access tools interacting with an already-unlocked mail client
-Account takeover escalation through password reset emails and recovery links.
Please add:
- Require PIN, password, or Windows Hello when launching Proton Mail Desktop
Auto-lock after configurable inactivity;
- Lock when minimized, when the computer sleeps, or when the screen is locked;
- Optional lock on app close/reopen;
- Optional clearing or protection of local cached mail data;
Users should not have to fully sign out and clear application data every time just to prevent casual or opportunistic access. A privacy-first mail client needs a first-class local app lock.
Leonardo
From a threat-modeling perspective, this exposes users to risks such as:
-Local email collection from an unlocked or compromised endpoint;
-Abuse of an already-authenticated session;
-Bypassing MFA through session reuse;
-Insider or shared-device access;
-“Evil maid” style access where someone briefly uses an unattended machine;
-Malware or remote-access tools interacting with an already-unlocked mail client
-Account takeover escalation through password reset emails and recovery links.
Please add:
- Require PIN, password, or Windows Hello when launching Proton Mail Desktop
Auto-lock after configurable inactivity;
- Lock when minimized, when the computer sleeps, or when the screen is locked;
- Optional lock on app close/reopen;
- Optional clearing or protection of local cached mail data;
Users should not have to fully sign out and clear application data every time just to prevent casual or opportunistic access. A privacy-first mail client needs a first-class local app lock.