miracle091/privacy-settings
miracle091
/
privacy-settings
mirror of https://github.com/StellarSand/privacy-settings.git
0
0
Fork 0
Code
privacy-settings/Privacy Settings/Proton-Mail.md

2.5 KiB
Raw Permalink Blame History

Proton Mail Privacy Settings

Login to your Proton Mail from browser.

Click gear icon on top right > Go to settings

Recovery

Data recovery

  • Recovery phrase: On > Generate recovery phrase > Enter Password > Submit > Save Recovery phrase > Done/Download.

NOTE: A recovery phrase lets you access your account and recover your encrypted emails after a password reset. Keep this phrase somewhere safe, to prevent loss or unauthorised access. It can be stored in a password manager, in an encrypted note, or write it down somewhere safe.

Account and password

  • Two-factor authentication >
    • On > Next > Scan the code using an authenticator app > Enter Password and Two-factor authentication code > Submit > Save the backup codes > Ok.

NOTE 1: Use a privacy respecting authenticator app. Check out recommendations, alternatives & reviews.

NOTE 2: The backup code is required to login, if 2FA method is lost, broken or unavailable. Keep this code somewhere safe, to prevent loss or unauthorised access. It can be stored in a password manager, in an encrypted note, or write it down somewhere safe.

  • Two-password mode: On (Optional, but can be enabled for one extra layer of security.)

Security and privacy

Session management

  • Revoke any old sessions which you don't use anymore.

Security logs

  • By default, Proton Mail keeps temporary IP logs to combat abuse and fraud. IP address may be retained permanently if you're engaged in activities that breach their terms and conditions (spamming, DDoS attacks against ProtonMail infrastructure, brute force attacks, etc.).
  • If you suspect that someone else has access to your account, you can check your login activity in the authentication logs by enabling this. If you enable advanced logs, it'll capture IP addresses and the date and time of activity. However, this also means your login IP address is kept permanently until you manually wipe the logs.

Privacy and data collection

  • Send crash reports: Off

Messages and composing

Messages

  • Auto-load embedded images: Off
  • Confirm link URLs: On

Composing

  • Undo send: 20 seconds (Not necessarily a privacy feature but might come in handy)

Email privacy

  • Auto show remote images: On (Make sure to enable the next setting below too)
  • Block email tracking: On

Encryption and keys

External PGP settings

  • Sign external messages: On
  • Attach public key: On
  • Default PGP scheme: PGP/MIME