Tell HN: Protonmail support reads your emails in unsuspension process
I have an old Protonmail account I hadn't logged in to since last year, when trying to log in I get a message saying it's disabled temporarily:
"Our systems detected unusual activity targeting your account. To protect you from potential compromise, we have temporarily disabled access to it. To recover your account, please contact us at https://proton.me/support/appeal-abuse."
After filling in the form, I received a reply from Support:
Hello,
We would like to inform you that our systems detected suspicious behavior for your account in the form of unusual login attempts, and in order to protect it from any possible misuse, we have decided to suspend it.
Please provide us with ownership information by answering the following security questions. Once we have a confirmation, we will be able to help you regain access and protect your account.
- Do you remember an approximate time and date when your account was created? - When was the last time you have accessed your account? - Did you use any of our mobile apps to login, or did you access your account through a web browser? - Some of the addresses you have communicated with and/or subject lines from your last sent messages; - Did you use this account to register for any websites or services? If so, which ones? - If you recall having a recovery address and/or phone number, please provide this information as well.
Please allow us some time to check and compare the provided information, and we will get back to you as soon as possible. Best regards,
Ethan Customer Support Proton Anti-Abuse Team
Seriously, they ask for "addresses and/or subject lines from your sent messages" that's a huge red flag, no?
No. They never claimed not to have address and subject line. In fact, that's all they have as demonstrated by the fact that it's all you can search unless you download your messages and decrypt them locally.
If they asked about message content, that would be questionable.
No. They are asking about information that would be in the headers, not the body of the email. They are also asking about sent emails, not received, so they could very well be looking at outgoing email logs, not your direct email.