[fareastcoast]

An attacker would have to (1) Gain access to the server in Switzerland (without the admins noticing) or (2) Break the SSL and execute a MITM attack.

It seems ProtonMail actively scans the code on the backend for unauthorized changes. It's not 100% secure against a very determined attacker (NSA), but for the citizen that wants more privacy without the hassle of PGP, it's pretty good until we can replace SMTP.

[tptacek]

The same thing is true of a mail server in Switzerland that uses TLS and doesn't use clientside encryption.

[rdl]

Honestly if it is a good usability service based in Switzerland with no special sauce, but well run, I would like it. The only problem I have is that the security asserted doesn't match the reality of a decent threat model.

You can go pretty far with policy and law alone.

[sp332]

Or (0) Be an admin.