Since this has been talked about today I have seen conflation between recovery vs. verification email addresses and they appear to be distinctly different:
- Recovery Email: You are not required to have a recovery email address. This is an optional step during registration or after an account is created used to recovery your account if you lost your password.
- Verification Email: During registration you may be asked to provide a verification email address. This email is not associated with your account and is hashed for the future.
** I say “may”, but human verification is almost always required in my experience with Proton and email is the least invasive option in my opinion.
Blockquote “Note that if you enter your email or mobile phone number, we only save a cryptographic hash of this personal data. It’s impossible to derive your phone number or email from that hash, and it’s not permanently associated with the account that you create.”
This article contains both the quote above as well as a screenshot showing the optional step of “Maybe later” when asked for a recovery email.