They could avoid storing the recovery email in plaintext. A hash would be sufficient if they require the user to enter their recovery email for confirmation when they really need to recover the account.
For an ostensibly privacy-oriented service, Proton makes some weird architectural choices.
They could avoid storing the recovery email in plaintext. A hash would be sufficient if they require the user to enter their recovery email for confirmation when they really need to recover the account.
For an ostensibly privacy-oriented service, Proton makes some weird architectural choices.
deleted by creator
Sure, but we’re talking about architectural choices. It is Proton’s choice to use that system; it is not required for the goal of account recovery.
deleted by creator
Can you? Didn’t someone else mention that Proton don’t allow another Proton account?
deleted by creator
This person isn’t a terrorist.
Proton also don’t allow temp addresses.
deleted by creator
Did you read the story? Or are you just here to stir the pot and display your Proton Fanboi bona fides?