|
|
|
|
|
|
by happypumpkin
771 days ago
|
|
|
> While we did use phone verification in the past, this is not the case any longer. Phone numbers were stored in the same way as the email addresses, so, again, we have no way to derive them back from the hash. I've no reason to doubt this but brute-force cracking a hash known to be from a phone number would likely be pretty trivial. Fwiw, I use protonmail and trust it more than most other services. But my threat model doesn't involve technically capable adversaries directly targeting me, certainly not ones that could compel protonmail to divulge phone number hashes. |
|
|