[rdl]

You can serve different JS to "special" users once. If you're smart, you run checks "for the security of the browser environment" first to make sure it's something unlikely to contain debugging capabilities, e.g. an unmodified iOS device.

The site even helpfully asks you to identify yourself with ANOTHER username and passphrase first, making it even safer for the attacker.

[fareastcoast]

An attacker would have to (1) Gain access to the server in Switzerland (without the admins noticing) or (2) Break the SSL and execute a MITM attack.

It seems ProtonMail actively scans the code on the backend for unauthorized changes. It's not 100% secure against a very determined attacker (NSA), but for the citizen that wants more privacy without the hassle of PGP, it's pretty good until we can replace SMTP.

[tptacek]

The same thing is true of a mail server in Switzerland that uses TLS and doesn't use clientside encryption.

[rdl]

Honestly if it is a good usability service based in Switzerland with no special sauce, but well run, I would like it. The only problem I have is that the security asserted doesn't match the reality of a decent threat model.

You can go pretty far with policy and law alone.

[sp332]

Or (0) Be an admin.