| ▲ | rvnx 3 days ago | |
It is very possible for them to inject custom JS to a specific user. You are the bosses at Protonmail, do you want police at 6 am shaking your kids, seize all your devices, loose all agreements with PayPal and Visa/MasterCard, because you want to protect a guy who distributes child pornography or plans a terrorist attack ? No way, so you tap on the shoulder of the CTO and ask him to push a temporary update or turn on a feature flags, in order to collect the missing information. This is true for all companies who control the client. | ||
| ▲ | bigiain 3 days ago | parent [-] | |
From what we (at least I) know, this wasn't the police in Switzerland waking up senior management. t was - without anyone admitting to it - probably KrCERT who requested the account suspension. KrCERT don't seem to have any legal jurisdiction in Switzerland. "KrCERT/CC, which is an internal division of KISA, is a CSIRT with national responsibility and a focal point of contact for Korea on international cybersecurity incident handling." -- https://en.wikipedia.org/wiki/Korea_Internet_%26_Security_Ag... I'd like to think if they 'tapped on the shoulder of the CTO ' of a company headquartered in Switzerland, he'd say "maybe, come back with an order from a relevant court or security agency in Switzerland and I'll get my team right on that". | ||