Email recycle proton

Proton might recycle abandoned email addresses and the privacy risks are terrifying

by

Proton quietly posted on Reddit about a plan that should worry anyone who cares about privacy. The company is considering releasing millions of old email addresses that were originally created by bots in its early years. These accounts were disabled almost immediately, but the addresses lived on.

The problem is that many of these addresses are extremely common. Think firstname@proton.me. For almost a decade, people around the internet have been accidentally typing those emails into forms. Some appear in breach datasets. Some get password reset attempts. Some have collected personal details from strangers who assumed they were sending something legitimate.

If Proton hands those addresses to new owners, all of that misdirected traffic suddenly lands in someone’s inbox. That is a nightmare scenario. Sensitive emails meant for completely unrelated people could start flowing straight to whoever claims the address today.

Proton says it wants community feedback, which is good, but the fact that it is even considering such a reckless idea makes me question the company’s judgment. Releasing these abandoned email addresses feels like a privacy landmine waiting to explode.

Avatar of Brian Fagioli
Written by

Brian Fagioli

Technology journalist and founder of NERDS.xyz

Brian Fagioli is a technology journalist and founder of NERDS.xyz. A former BetaNews writer, he has spent over a decade covering Linux, hardware, software, cybersecurity, and AI with a no nonsense approach for real nerds.

📄 More by Brian Fagioli ✖ Follow on X ▶ YouTube @ Threads 🐘 Mastodon

3 thoughts on “Proton might recycle abandoned email addresses and the privacy risks are terrifying”

  1. Article is total FUD, author is just trying to drum up internet drama and clicks. What if an active human user already legitimately had one of these addresses? Is this still “a nightmare scenario?” Are email providers supposed to blackhole common names and make them forever unavailable just because some fool doesn’t know their own address?

    What does the scare word in “quietly posted on Reddit” even mean? How do you “quietly post?” It’s a public discussion on the relevant sub. Luckily the comments on the super secret “quiet”-yet-oddly-open-to-the-world post are more level-headed than this alarmist tripe. Looks like everyone else is in favor of the action, and Proton will hopefully move forward with it.

    Reply

    • The best practice is to never recycle any email address for any reason. It’s unnecessary for any reason other than profit.

      Reply

      • If addresses are never recycled, there will only be 20+ char random strings which look like bot addresses already. Recycling doesn’t have to give access to old emails, and all other reasons listed are spurious arguments.

        Reply

Leave a Comment