in that particular case the people involved were identified through their recovery email which they did not hash like ‘safe’ other providers do. they have positioned themselves as safe even for activist and journalists and have failed to deliver in that account consistently.
How do you recover an account on the other providers? Do you have to provide the same recovery email you set before during account recovery? If you hash the email, you have no way of reading it anymore, so someone has to provide it to you again.
in that particular case the people involved were identified through their recovery email which they did not hash like ‘safe’ other providers do. they have positioned themselves as safe even for activist and journalists and have failed to deliver in that account consistently.
no surprise since their CEO is a MAGA guy
How do you recover an account on the other providers? Do you have to provide the same recovery email you set before during account recovery? If you hash the email, you have no way of reading it anymore, so someone has to provide it to you again.
you ask the user for it if they want to recover the account and hash it. if the hash matches your previously stored hash then you send the email
other providers that position themselves as secure for activists or journalists do exactly that and they cannot handle that information