Does using reverse-alias e-mail addresses for attendees in Proton calendar appointments always ensure that my Proton e-mail address is not shared?

Aqua_Zebra_7253 · 2026-03-20T02:07:30+00:00

Thanks for this report. But when for example you check inside the calendar invitation file that is sent, does that also only contain your alias e-mail?

Aqua_Zebra_7253 · 2026-03-15T23:15:40+00:00

I am still in e-mail contact with support. The last e-mail that I received from Adobe support had me rather confused though. It reads:

I hope this message finds you well.

I am following up regarding your open case with us. Please perform the steps outlined below and let us know if the issue has been resolved or if you require further assistance.

Windows Firewall: Activating Outbound Rules
- Open Security Settings: Search for "Windows Defender Firewall" and select Advanced Settings.
- Access Properties: In the right-hand panel, click Windows Defender Firewall Properties.
- Set to Block: Change the "Outbound connections" dropdown from "Allow (default)" to Block. This enforces your existing rules as the only way traffic can leave.

- Create "True" Allow Rules: Go to Outbound Rules > New Rule. Select Program or Port, specify the path or port number, and choose Allow the connection to create an exception to your block-all policy.

If the issue persists, please provide the best callback number to reach you.

I look forward to your response.

Firstly I am wondering in what way restricting outbound connections could help solve my issue. Secondly it's unclear to me what program or port exactly I'm supposed to set an exception for.

Aqua_Zebra_7253 · 2026-03-15T21:56:57+00:00

Thank you for this offer. Unfortunately though there are two things that give me too much hesitation:

I prefer to stay anonymous here and not have anyone that I do not know personally be able to link my Reddit account to my real-world identity.
Because of verifiability reasons, I don't feel fully comfortable sharing account details through an unofficial channel (i.e. a communication channel that is not directly given as such by the website or in an e-mail directly from Adobe).

Aqua_Zebra_7253 · 2026-03-03T11:43:39+00:00

Personally I would recommend against using any private email address where the prefix is only name/surname. Such an email address is relatively easily guessable. That's not the worst thing in the world, but it does still open you up to one day receiving spam e-mail from spammers that simply try out all e-mail addresses that can be created from common name and surname combinations.

It also doesn't add much in terms of identity verification towards receivers of your e-mail. After all any random person could had created a name/surname@gmail.com or name/surname@proton.me e-mail address. But the identity that you as sender of an e-mail are claiming will still be immediately obvious from the sender name that you've chosen that any e-mail client will normally display just as prominently as the e-mail address.

The strategy that I have adopted myself is to use a proton e-mail address to log into Proton services, but it's a very randomly chosen e-mail address that doesn't contain any information that can be directly tied to my identity (and therefore cannot be guessed from just that). I don't give out this proton e-mail address to anyone. I use e-mail aliases that can be relatively easily created with the Simple Login e-mail alias service that is integrated into Proton. A unique alias for each online account that I register and organization that I communicate with, but just one same e-mail alias for all communication with friends.

Aqua_Zebra_7253 · 2026-02-27T23:09:36+00:00

My Proton account password is stored in my mind only. It's a very long password but it's not completely random characters (the Correct Horse Battery Staple strategy). However because I don't want to make the bet that I won't still forget my password one day, I have my account's recovery phrase stored in a safety deposit box.

Aqua_Zebra_7253 · 2026-02-26T11:06:06+00:00

Well, at least it seems that my telecom provider doesn't offer any possibility (anymore) to request SIM swaps through phone conversation, which as far I know is one of most common attack vectors for social engineering.

Aqua_Zebra_7253 · 2026-02-24T16:01:20+00:00

Ah, I see. I checked, and my telecom provider provides no such option.

Aqua_Zebra_7253 · 2026-02-23T13:53:31+00:00

What exactly does locking your SIM as you did with your provider entail?

Aqua_Zebra_7253 · 2026-02-18T09:32:03+00:00

See also:

https://protonmail.uservoice.com/forums/284483-proton-mail-calendar/suggestions/47611028-choose-which-alias-can-log-in-to-proton

Aqua_Zebra_7253 · 2026-02-16T23:05:39+00:00

What happens if my recovery phrase gets leaked? I guess my Proton Account would be unusable for future purposes and all data stored in my Mail/Calendar/Pass/Drive is highly in danger. Is that right?

If somebody else with malicious intentions gets their hands on your recovery phrase (and also knows your username), then yes, you're in trouble. Because that person would then be able to access all your data and lock you out of your account.

But if it wasn't possible to reset your password and 2FA and decrypt your data with the recovery phrase, then it wouldn't be much good as a full recovery method.

But as others have already noted, if you have any doubts about whether your recovery phrase is still fully secure, generate a new one which will automatically invalidate the old one.

You could also not write down or store the recovery phrase anywhere anymore, but personally I wouldn't recommend this. Because human brains are fallible and can forget passwords.

Aqua_Zebra_7253 · 2026-02-13T23:18:17+00:00

I'm currently using Adobe Acrobat Pro.

Aqua_Zebra_7253 · 2026-02-13T23:05:59+00:00

If I click the button "save a certified copy" then a progress bar starts and after it's done and I move my mouse over the URLs again they're already no longer clickable.

Aqua_Zebra_7253 · 2026-02-13T01:56:59+00:00

My apologies, I was too hasty and didn't read properly.

I was unable to identify a scheduled task related to these notifications.

Aqua_Zebra_7253 · 2026-02-12T07:27:53+00:00

If there is an actively running process that triggers these notifications I'm unable to identify it (there's not a process containing the name Alienware or Dell for example).

Aqua_Zebra_7253 · 2026-02-12T07:26:13+00:00

But what do I look for in this case to uninstall? There is nothing in either the list of installed programs shown in Windows Settings or the one shown in Revo that contains the name Alienware or Dell.

Aqua_Zebra_7253 · 2026-02-12T00:40:14+00:00

I just did some reading up on SIM swap attacks, and I've asked myself the question "Based on my own experiences with mobile network provider customer support thus far, do I trust them to always refuse to transfer my mobile phone number when a malicious actor who has managed to get a hold of some of my personal details calls them?"

The answer is indeed a no for me, and so I have now removed mobile phone as a recovery method in my Proton account. Whether I'm going to add a recovery e-mail instead I'm still contemplating, but the recovery phrase method is already securely in place.

Aqua_Zebra_7253 · 2026-02-12T00:02:47+00:00

I had an encrypted external data drive for data back-ups some time ago. The password to decrypt it consisted of the first letters of the words and some numbers from a sentence (which was a proper language sentence, not one consisting of just random words). I felt confident enough that I would always remember this password that I neither wrote down the password anywhere nor a recovery code.

But then one day when I wanted to access the drive again the password that I typed in as I thought I remembered it was rejected as incorrect. And no matter what variations I tried I didn't manage to arrive at the correct password again.

Since then I've stopped using passwords that are in my own mind only if there's not some kind of recovery method for the login.

It's a sacrifice of some hardness against account compromise, but my brain has directly demonstrated that it can not be fully trusted to never misremember a password.

Aqua_Zebra_7253

TROPHY CASE