Proton Might Recycle Abandoned Email Addresses (nerds.xyz)
- Reference: 0180064882
- News link: https://yro.slashdot.org/story/25/11/13/172239/proton-might-recycle-abandoned-email-addresses
- Source link: https://nerds.xyz/2025/11/proton-email-address-recycling-danger/
> Popular privacy firm Proton is floating a plan on Reddit that should unsettle anyone who values privacy, writes Nerds.xyz. The company is considering [2]recycling abandoned email addresses that were originally created by bots a decade ago . These addresses were never used, yet many of them are extremely common names that have silently collected misdirected emails, password reset attempts, and even entries in breach datasets. Handing those addresses to new owners today would mean that sensitive messages intended for completely different people could start landing in a stranger's inbox overnight.
>
> Proton says it's just gathering feedback, but the fact that this made it far enough to ask the community is troubling. Releasing these long-abandoned addresses would create confusion, risk exposure of personal data, and undermine the trust users place in a privacy focused provider. It's hard to see how Proton could justify taking a gamble with other people's digital identities like this.
[1] https://slashdot.org/~BrianFagioli
[2] https://nerds.xyz/2025/11/proton-email-address-recycling-danger/
I see no problem here... (Score:5, Informative)
These were mass registrations by bots that were not used, disabled years ago. I see none of the privacy reasons, legitimate private email would not get into them any more than what already happens accidentally with people mistyping the intended recipient. This is a non issue, definitely not worth a post here. Even on reddit the top comment is release them, but as they are valuable ones (the bots got tons of "nice" ones), release them to paid users - which sounds fair to me...
Re:If you want e-mail privacy (Score:5, Informative)
FUD, they are complying with court orders, as any company is obligated to do, but the data is encrypted with a key derived from your password, which they don't store. Plus, Proton natively supports PGP, which you could use on top of that.
Making Proton, obsolete. (Score:2)
> use PGP. This company has a long history of complying with police.
If that is true, then I have NO idea why this company even exists. Encrypting email prior to sending it, tends to completely defeat the entire point of bragging about 'secure' email and the entire business model around it.
And not that you're wrong, but you're literally recommending thirty-five year old technology. This is akin to telling newly licensed drivers that they should buy a '91 Corolla because every model newer than that isn't going to get you from point A to point B without getting carjacked. E
yahoo tried this (Score:1)
yahoo tried this years ago and it was a failure. Users were getting a lot of personal info about the pervious user of the address. In this day of 2fa using email addresses and phone numbers, it could be a security nightmare for some.
Re: yahoo tried this (Score:2)
If you don't like getting that in your new mailbox, register a new one. If the old owner did not care enough to change their email addresses across the services they use, they either don't care about privacy or might be long dead. It's not so different from me getting letters for the five previous people who rented this place. Life goes on.
Re: (Score:3)
Most people don't know their email address will expire after a year or whatever If you use a phone app like blue mail, samsung or some other third party email client for your email, it may not count as signing in to your email account on some email services.
In addition, do you remember all the services and online retailers you used your email address for over the years? I sure don't. What if you used your email address on an account where you also entered your credit card info and that site subscribe
Horrible (Score:3, Funny)
Imagine if a phone number or mailing address was reused? You'd get someone's old spam all the time. Getting messages not relevant to you with the wrong name on it must be most frustrating experience a person can have.
Re: (Score:2)
> Imagine if a phone number or mailing address was reused? You'd get someone's old spam all the time. Getting messages not relevant to you with the wrong name on it must be most frustrating experience a person can have.
Worrying about recycled email addresses will soon be about as legitimate as worrying about someone's snail mail getting delivered to the "wrong" address.
Tough shit if you happen to be born well after a planet invented email addressing. You better be willing to be known as [random_number_generator@email] if you intend on being "hidden" from spam for more than 30 fucking days.
Re:Horrible (Score:4, Interesting)
There are plenty of domain names out there that would allow for simple e-mail addressing.
You don't have to use @protonmail.com or @gmail.com or whatever. If you want a simple name, register a custom domain and add it to an e-mail service.
I have always wanted a three letter domain name, so I registered my initials in a TLD and currently enjoy an 8 character e-mail address. This was well, well, well, past the advent of e-mail.
No proton for me (Score:2)
I self-host email, and after spending weeks dealing with a very persistent asshole trying to break in to my systems, was looking at options a while back. (I still self host email.)
Proton was the first one I looked at, but they charge per-email address, including aliases, which is a blocker for me. (I use unique email addresses for each service I use, and more for other things.)
But this is even worse. I would never use a service that would start sending my email to someone else if I stop paying, that's
Re: No proton for me (Score:2)
Why not use simplelogin or another alias system?
Re: (Score:2)
Mainly because I started doing this in 1997 and managing /etc/aliases myself works just fine.
Shmucks! (Score:2)
No one has scruples any more?
Never reuse users (Score:2)
Always disable and retain. Golden user management rule.
Never used emails (Score:5, Insightful)
TFA is self-contradictory. If this is about "never used" emails, then there is no concern about sensitive messages, as the only emails would be misdirected spam.
Re:Never used emails (Score:5, Interesting)
> TFA is self-contradictory. If this is about "never used" emails, then there is no concern about sensitive messages, as the only emails would be misdirected spam.
Does it really matter in 2025?
Here's an example. You are 9-12 years old and getting ready to be a brand new recipient of what will forever be known as your phone number.
Prove to me today that the phone number knowingly issued to a child isn't some recycled drug lords number, or that anyone issuing smartphone numbers is legally obligated to give a flying fuck about what number anyone gets.
tell me you haven't tried this (Score:1)
Yahoo! did this when that idiot woman was in charge. I signed up for myname@yahoo.com and what happened is my beautiful, spam-free inbox became absolutely innundated with spam. Most people are not careful, at all, with their e-mail addresses and just accept getting loads of spam as a fact of life, in the same way that a 16th century sailor took venereal disease as a fact of life.
Phone numbers are not the same at all because by and large phone numbers are dialed by hand. If a drug dealer hasn't been respondi
Re: (Score:2)
> steve@hotmail.com made all the sense in the world...
> And them spammers, they nail first-name addresses. All of them. All the time. Complaining about your 'name' being a spam magnet shows you do not well understand the methods spammers use to get mail out the door.
Naturally this reeks of the problem being solely on the email victim and never on the spammers who should have been legally beheaded in the town square by now. In order to permanently fix the problem of 98% of ALL email being spam.
As if History needs to prove actual enforcement actually fucking works.
Phone numbers are scarce Re:Never used emails (Score:2)
At least in some places, phone numbers have to be re-used after only a few months of non-use because of demand.
"Short, easy to remember" email addresses are also scarce, but you don't need a "short, easy to remember" email address to function in society. Most people do need a phone number.
Re: (Score:2)
> "Short, easy to remember" email addresses are also scarce, but you don't need a "short, easy to remember" email address to function in society. Most people do need a phone number.
Wrong. Everyone needs an alias, not a number to remember. Most people know everyone by a contact name, not a number.
Most people couldn't even tell you their own parents cell phone number. If their life depended on it.
Re: (Score:2)
This.
Why have phone numbers not devolved into something similar to IP addresses? Then one could use an 'enhanced' DNS service to map real names (and aliases) to an actual number.