this post was submitted on 06 Mar 2026
117 points (86.3% liked)

Privacy

9170 readers
273 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 2 years ago
MODERATORS
iopq@lemmy.world
117
Proton Mail Helped FBI Unmask Anonymous ‘Stop Cop City’ Protester (www.404media.co)
submitted 3 days ago* (last edited 3 days ago) by not_IO@lemmy.blahaj.zone to c/privacy@lemmy.world
24 comments fedilink hide all child comments
 

they handed over payment info with the real name

https://nationaltoday.com/us/ga/atlanta/news/2026/03/05/protons-privacy-policies-fail-to-fully-protect-payment-info/

you are viewing a single comment's thread
view the rest of the comments
[–] XLE@piefed.social 3 points 3 days ago* (last edited 3 days ago)

This is concerning for anybody who has ever paid proton using a traceable method. If I have a free email address, but I paid for VPN on the same account five yards ago, it sounds highly likely that Proton could give someone my name based on that half-decade-old payment.

Sounds like the best way to subvert this is to create a brand-new account and never submit payment info, but good luck creating a brand-new account without some extra identifier. From an older conversation among several people:

Proton does require a recovery email address if you sign up to a mail forwarding service or similar, right after creating the account. In that case the account remains locked...

In the article it says that that’s a one-time verification address. Though that leaves the question if/how long it’s stored.

Proton doesn’t allow you to use certain domains for recovery addresses... when I first joined Proton they wouldn’t allow me to set a duck.com or simplelogin.com or addy.io address as a recovery email.

Other comments point out how Proton isn't doing a great job of relaying privacy and security concerns to new users who may be unfamiliar with them.