@AIBrain@jonah@doomy@protonprivacy 1) If the hash isn't one-way then Proton can be compelled to unhash it so there's no point.
2) They could require the user to reenter the recovery address if it's needed for recovery, confirm that it matches the hash, send the recovery message to the address, and then discard the unhashed address.
If they're not doing it that way then they screwed up, or they decided convenience outweighs privacy, or they want to be able to cough it up if asked legally. 🤷