Doesn't that mean the courts could compel you to just alter the JS payload to capture keystrokes for these folks? If not, how do you prove that to us?
Swiss law is very clear in stating that this is not permissible, and this can be verified by checking the law itself.
I'm not an expert in Swiss law, so I have no idea. I'll wait for a 3rd party I trust to vet your claim.
That's not secret, or hidden by them.
They're pointedly not denying they do so in every otherwise detailed response they've given on the subject so far.
> ProtonMail does not voluntarily offer assistance. We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in criminal cases.
That wouldn't be ProtonMail'fault. Which email provider could refuse to comply with their own government orders and get away with it?
Solving this problem is the reason I built this:
if it's open source and you can build it yourself, sure
[UPDATE] Now that I think about it some more, I guess that kind of auditor is analogous to a financial auditor, as you said. I didn't really make that connection before because the nature of the work is very different, but it's a fair analogy.
[UPDATE2] Looking back at your previous comment I see that the word "regulation" is in there. I'm not sure if you edited your comment or if I just missed it before, but my recollection of reading that comment is that it said "financial audit". Either way, I apologize for the misunderstanding and subsequent confusion.