I’ve changed my mind about recovery connections being strong connections. If an attacker creates several sybil accounts and connects them to their friends as “already known,” the friends won’t be any less likely to upgrade their connections to “recovery” after having connected to one of the sybils. Even if we require the presence of mutual friends before a recovery connection is counted as such, the attacker can still partition their connections carefully among sybils with one sybil per each of their social circles. “Strong” connections should be designed to defeat partitioning attacks, which the “family vouch” connection is designed to do.