Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
Privacy Your Rights Online

Proton Might Recycle Abandoned Email Addresses (nerds.xyz) 30

Posted by msmash from the how-about-that dept.
BrianFagioli writes: Popular privacy firm Proton is floating a plan on Reddit that should unsettle anyone who values privacy, writes Nerds.xyz. The company is considering recycling abandoned email addresses that were originally created by bots a decade ago. These addresses were never used, yet many of them are extremely common names that have silently collected misdirected emails, password reset attempts, and even entries in breach datasets. Handing those addresses to new owners today would mean that sensitive messages intended for completely different people could start landing in a stranger's inbox overnight.

Proton says it's just gathering feedback, but the fact that this made it far enough to ask the community is troubling. Releasing these long-abandoned addresses would create confusion, risk exposure of personal data, and undermine the trust users place in a privacy focused provider. It's hard to see how Proton could justify taking a gamble with other people's digital identities like this.
This discussion has been archived. No new comments can be posted.

Proton Might Recycle Abandoned Email Addresses More

Proton Might Recycle Abandoned Email Addresses

Comments Filter:

  • Never used emails (Score:5, Insightful)

    by sinij ( 911942 ) on Thursday November 13, 2025 @12:34PM (#65793504)
    TFA is self-contradictory. If this is about "never used" emails, then there is no concern about sensitive messages, as the only emails would be misdirected spam.

    • Re:Never used emails (Score:5, Interesting)

      by geekmux ( 1040042 ) on Thursday November 13, 2025 @12:46PM (#65793544)

      TFA is self-contradictory. If this is about "never used" emails, then there is no concern about sensitive messages, as the only emails would be misdirected spam.

      Does it really matter in 2025?

      Here's an example. You are 9-12 years old and getting ready to be a brand new recipient of what will forever be known as your phone number.

      Prove to me today that the phone number knowingly issued to a child isn't some recycled drug lords number, or that anyone issuing smartphone numbers is legally obligated to give a flying fuck about what number anyone gets.

      • tell me you haven't tried this (Score:1)

        by Anonymous Coward

        Yahoo! did this when that idiot woman was in charge. I signed up for myname@yahoo.com and what happened is my beautiful, spam-free inbox became absolutely innundated with spam. Most people are not careful, at all, with their e-mail addresses and just accept getting loads of spam as a fact of life, in the same way that a 16th century sailor took venereal disease as a fact of life.

        Phone numbers are not the same at all because by and large phone numbers are dialed by hand. If a drug dealer hasn't been respondi

      • At least in some places, phone numbers have to be re-used after only a few months of non-use because of demand.

        "Short, easy to remember" email addresses are also scarce, but you don't need a "short, easy to remember" email address to function in society. Most people do need a phone number.

        • "Short, easy to remember" email addresses are also scarce, but you don't need a "short, easy to remember" email address to function in society. Most people do need a phone number.

          Wrong. Everyone needs an alias, not a number to remember. Most people know everyone by a contact name, not a number.

          Most people couldn't even tell you their own parents cell phone number. If their life depended on it.

          • Re: (Score:2)

            by PPH ( 736903 )

            This.

            Why have phone numbers not devolved into something similar to IP addresses? Then one could use an 'enhanced' DNS service to map real names (and aliases) to an actual number.

    • Re: (Score:3)

      by piojo ( 995934 )

      If you read the Reddit post there's no contradiction:

      millions of accounts were created by scripts that registered Proton accounts in bulk in violation of our terms of service. These accounts were typically detected soon after registration and disabled so they have never been used.

      These are not people's email addresses and never were.

    • Proton could just form a proton2 company and use abc@proton2.com for email addresses with some sort of auction for nicely named email address like "ai@proton2.com"

  • I see no problem here... (Score:5, Informative)

    by Ecuador ( 740021 ) on Thursday November 13, 2025 @12:35PM (#65793510) Homepage

    These were mass registrations by bots that were not used, disabled years ago. I see none of the privacy reasons, legitimate private email would not get into them any more than what already happens accidentally with people mistyping the intended recipient. This is a non issue, definitely not worth a post here. Even on reddit the top comment is release them, but as they are valuable ones (the bots got tons of "nice" ones), release them to paid users - which sounds fair to me...

  • yahoo tried this years ago and it was a failure. Users were getting a lot of personal info about the pervious user of the address. In this day of 2fa using email addresses and phone numbers, it could be a security nightmare for some.

    • If you don't like getting that in your new mailbox, register a new one. If the old owner did not care enough to change their email addresses across the services they use, they either don't care about privacy or might be long dead. It's not so different from me getting letters for the five previous people who rented this place. Life goes on.

      • Most people don't know their email address will expire after a year or whatever If you use a phone app like blue mail, samsung or some other third party email client for your email, it may not count as signing in to your email account on some email services.

        In addition, do you remember all the services and online retailers you used your email address for over the years? I sure don't. What if you used your email address on an account where you also entered your credit card info and that site subscribe

        • Thus retailers ask for zip code and security code.

        • I'm not entirely convinced a mail server wouldn't know if someone periodically checks the mail. I will concede that just one year might be a bit rushed. I think 3 to 5 is much better. As for websites I'm registered with... That's not actually a concern to me. I use a password manager, it lists every website. Maybe I'll skip for some something really stupid, but not for anything I leave my payment info with. As for security, I'm more concerned about this whole automatic card updating. And there's a stack of

  • Horrible (Score:4, Funny)

    by OrangeTide ( 124937 ) on Thursday November 13, 2025 @12:51PM (#65793558) Homepage Journal

    Imagine if a phone number or mailing address was reused? You'd get someone's old spam all the time. Getting messages not relevant to you with the wrong name on it must be most frustrating experience a person can have.

    • Imagine if a phone number or mailing address was reused? You'd get someone's old spam all the time. Getting messages not relevant to you with the wrong name on it must be most frustrating experience a person can have.

      Worrying about recycled email addresses will soon be about as legitimate as worrying about someone's snail mail getting delivered to the "wrong" address.

      Tough shit if you happen to be born well after a planet invented email addressing. You better be willing to be known as [random_number_generator@email] if you intend on being "hidden" from spam for more than 30 fucking days.

      • Re:Horrible (Score:5, Interesting)

        by The-Ixian ( 168184 ) on Thursday November 13, 2025 @01:28PM (#65793646)

        There are plenty of domain names out there that would allow for simple e-mail addressing.

        You don't have to use @protonmail.com or @gmail.com or whatever. If you want a simple name, register a custom domain and add it to an e-mail service.

        I have always wanted a three letter domain name, so I registered my initials in a TLD and currently enjoy an 8 character e-mail address. This was well, well, well, past the advent of e-mail.

    • Re: Horrible (Score:4, Insightful)

      by robbak ( 775424 ) on Thursday November 13, 2025 @08:13PM (#65794656) Homepage

      Phone numbers are reused all the time. Stop paying for your phone service for a year, and your number gets assigned to someone else.

      Have you never had the experience of trying to contact someone using an old number, and having someone else answer?

  • I self-host email, and after spending weeks dealing with a very persistent asshole trying to break in to my systems, was looking at options a while back. (I still self host email.)

    Proton was the first one I looked at, but they charge per-email address, including aliases, which is a blocker for me. (I use unique email addresses for each service I use, and more for other things.)

    But this is even worse. I would never use a service that would start sending my email to someone else if I stop paying, that's

  • No one has scruples any more?

  • Always disable and retain. Golden user management rule.

Slashdot Top Deals

Money can't buy happiness, but it can make you awfully comfortable while you're being miserable. -- C.B. Luce

Close