You’re absolutely right that not including a recovery address is the most secure approach for those with high concerns or a strict threat model. Going without a recovery address does minimize the risk of exposure entirely. However, for users who want a balance between security and accessibility, aliases can add an extra layer that’s still helpful, especially when combined with a secure, privacy-focused provider.
Of course, each approach has trade-offs, and it’s all about evaluating personal needs and risks. In my own experience, I’ve found that aliases offer a practical middle ground for those who need the option of account recovery without linking directly to their primary addres.
For people who want a recovery address for their Proton account but (whether it is a reasonable concern to have or not) are worried an adversary may be able to get details of the recovery address via the Swiss authorities, could they create an anonymous break-glass Tuta account via Tor (GL with that!)? The Tuta account should not be used for anything else at all for fear of leaking something, but the account holder would need to log in every few months to ensure the account is not deleted.
my question is do they also store phone numbers in plain format ?
If so if I remove my phone number from proton , then can they theoretically still hold that phone number?
Also one of the reasons why I gave phone number this time was because I had gone the hard way of using keepassxc and recovery keys only to one day find my linux system bricked and I was forced to hard reset (and I hadn’t duplicated the keepassxc keys) or straight up forgetting the password after many days of not using it.
I had even gone through many bad opsec decisions like writing the password on piece of paper only to then not know where the paper actually is.