[tentacleuno]

> Like, if we assume that the user is this paranoid, then why couldn't they just check the JS file/bundle with a local copy that is verified?

Well for one, the code is minified. That makes it a lot harder to inspect, so therefore it's substantially harder to make sure that the code isn't doing something malicious.

Plus then of course, should the JS file served from Proton's servers be updated, you'd need to diff the changes (which, in the context of minified code, is not easy) to ensure nothing dodgy is added.

[sedeki]

I assume that, realistically, the JS is verified by outside experts (and not by the user), and that a check on the user's part would simply be comparing a calculated hash to a given one.

I understand that this might not be how things are really done at PM (i.e. do they provide a hash? probably not) so my arguments may be hypothetical, but it doesn't render them invalid in the larger context imo.

[mgerdts]

If the trusted web service is under law enforcement order to decrypt mail of a particular user, a version of the JavaScript code that breaks the encryption could be delivered to only that user. No third party experts will be aware of this special version so no red flags can be raised by these third parties.

In contrast if an app does not download code, the eavesdropping will require a new version of the app to hit the app store. Third party experts may review this and raise red flags.

This is the first time I felt that an app had a privacy advantage over a browser interface.