64 lines
2.5 KiB
Markdown
64 lines
2.5 KiB
Markdown
# Proton Mail Privacy Settings
|
|
|
|
Login to your [Proton Mail](https://mail.proton.me) from browser.
|
|
|
|
Click gear icon on top right > Go to settings
|
|
|
|
|
|
|
|
## Recovery
|
|
|
|
#### Data recovery
|
|
- Recovery phrase: On > Generate recovery phrase > Enter Password > Submit > Save Recovery phrase > Done/Download.
|
|
|
|
NOTE: A recovery phrase lets you access your account and recover your encrypted emails after a password reset. Keep this phrase somewhere safe, to prevent loss or unauthorised access. It can be stored in a password manager, in an encrypted note, or write it down somewhere safe.
|
|
|
|
|
|
## Account and password
|
|
- Two-factor authentication >
|
|
- On > Next > Scan the code using an authenticator app > Enter Password and Two-factor authentication code > Submit > Save the backup codes > Ok.
|
|
|
|
NOTE 1: Use a privacy respecting authenticator app. Check out [recommendations, alternatives & reviews](https://github.com/StellarSand/privacy-settings#recommendations-alternatives--reviews).
|
|
|
|
NOTE 2: The backup code is required to login, if 2FA method is lost, broken or unavailable. Keep this code somewhere safe, to prevent loss or unauthorised access. It can be stored in a password manager, in an encrypted note, or write it down somewhere safe.
|
|
- Two-password mode: On (Optional, but can be enabled for one extra layer of security.)
|
|
|
|
|
|
|
|
## Security and privacy
|
|
|
|
#### Session management
|
|
- Revoke any old sessions which you don't use anymore.
|
|
|
|
#### Security logs
|
|
- By default, Proton Mail keeps temporary IP logs to combat abuse and fraud. IP address may be retained permanently if you're engaged in activities that breach their terms and conditions (spamming, DDoS attacks against ProtonMail infrastructure, brute force attacks, etc.).
|
|
- If you suspect that someone else has access to your account, you can check your login activity in the authentication logs by enabling this. If you enable advanced logs, it'll capture IP addresses and the date and time of activity. However, this also means your login IP address is kept permanently until you manually wipe the logs.
|
|
|
|
#### Privacy and data collection
|
|
- Send crash reports: Off
|
|
|
|
|
|
|
|
## Messages and composing
|
|
|
|
#### Messages
|
|
- Auto-load embedded images: Off
|
|
- Confirm link URLs: On
|
|
|
|
#### Composing
|
|
- Undo send: 20 seconds (Not necessarily a privacy feature but might come in handy)
|
|
|
|
|
|
|
|
## Email privacy
|
|
- Auto show remote images: On (Make sure to enable the next setting below too)
|
|
- Block email tracking: On
|
|
|
|
|
|
|
|
## Encryption and keys
|
|
|
|
#### External PGP settings
|
|
- Sign external messages: On
|
|
- Attach public key: On
|
|
- Default PGP scheme: PGP/MIME |