Skip to content

Security Enthusiast

← The Voice of the Proton Community

My feedback

3 results found

  1. Only allow login with single/main address/username

    906 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    57 comments  ·  Accounts & payments » Accounts  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Security Enthusiast supported this idea  · 

  2. Wrong password limit

    209 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    2 comments  ·  Accounts & payments » Accounts  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Security Enthusiast supported this idea  · 

  3. *Unlimited* Disposable Email Aliases

    15,568 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    Under review  ·  239 comments  ·  Proton Mail » New feature  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Security Enthusiast supported this idea  · 
    An error occurred while saving the comment
    Security Enthusiast commented  · 

    I so agree with this and would pay extra for it.

    The way yahoo! has implemented this is actually perfect because:
    1) Not only can you reply from the disposable email but you can start an email chain from a disposable email as well.
    So if I need to initiate contact through email to support@example.com I never need to reveal my real email address.
    When the example company gets hacked and my email address gets sold to spammers on the dark web I just turn off that disposable email address, create a new one and update my details with that 1 compromised company if I still need them.

    2) It really does mask your real email:
    e.g.
    Real email = name@yahoo.com
    You choose the first part of the alias "e.g."mask" and this can only be chosen once and never be changed.
    All disposable emails use this mask as the first part so appear as mask-1234@yahoo.com
    There is no way to determine from the stolen info (mask-1234@yahoo.com) that your real email is name@yahoo.com.
    The Gmail and ProtonMail way of using the "+" alias doesn't really protect you at all as it contains your real email address.
    It is not difficult to post process the stolen database and just filter out the + alias.
    e.g.
    Real email = name@pm.me
    Alias = name+1234@pm.me
    Process the data to remove everything between "+" and "@" to convert the stolen email back to name@pm.me

    Using the yahoo! way can completely eliminate SPAM forever! The issues with yahoo! are:
    1) They have a poor security track record and were themselves hacked twice in short succession
    2) They don't support 2FA apps (they use SMS codes which can be circumvented using SIM swapping)
    3) You can't turn off their SPAM filter. Relevant because you'll never receive SPAM so will only ever result in false positives.

    If you combine the yahoo! way of disposable emails with a password manager and strong unique passwords your online security is seriously beefed up and you'll never receive SPAM.

Feedback and Knowledge Base

(thinking…)