Here’s their recovery process: https://proton.me/support/set-account-recovery-methods
I don’t see there customer support call as a recovery method. I‘d expect that for paid accounts you could theoretically verify your identity to CS via payment, but in that case you lose the data anyway.
Some searching finds this comment. [1] I would be interested if such a password reset were possible against someone who for instance had 2FA enabled, no recovery information and only accessed their account using the Tor onion-service. ;-)
The number of tutorials I have seen about spinning up a tor relay on a VPS is crazy. These tutorials are probably written by three letter agencies - though I have no proof.
Regardless, protonmail doesn’t let people register when connecting with Tor unless you use phone number or card to make a payment. You will have to give up something which identifies you, and so it really doesn’t matter when you connect with Tor after you have already registered - there is a way to connect who you are.
It doesn't matter if you lose data. If you control an email address, you get all future email including forgot-my-password emails.
And yes, signing up to Home Depot's email newsletter and other services so that they could tell the customer service agent "my last few emails were from Home Depot and ..." was successful against their customer support system. That's just how amazing it is.
Finally, I don't expect the social media guy running protonmail's HN account to give us much insight into protonmail's customer support security issues, but if you're going to show up, I would've at least expected you to forward my email somewhere for follow up.
