Greatest respect to the people at CERN, but come on, clientside/js crypto has been pretty thoroughly bunked for many, many good reasons. The only text I could find that touches on this topic is at https://protonmail.ch/blog/protonmail-threat-model/:
> ProtonMail has implemented numerous safeguards against this on the server level. We have routines that constantly scan for code changes and will detect them. The attacker would have to gain control of the server, instantly change the behavior of the code scanners, and then modify the software all without anybody at ProtonMail noticing. The odds of this being successfully executed is indeed quite low.
Really.
Even KimDotCom made a better effort of implementing his browser crypto at Mega. Practically, there is no advantage of choosing this product over FastMail, except maybe the prettier UI.
2 comments
[ 4.5 ms ] story [ 10.9 ms ] thread> ProtonMail has implemented numerous safeguards against this on the server level. We have routines that constantly scan for code changes and will detect them. The attacker would have to gain control of the server, instantly change the behavior of the code scanners, and then modify the software all without anybody at ProtonMail noticing. The odds of this being successfully executed is indeed quite low.
Really.
Even KimDotCom made a better effort of implementing his browser crypto at Mega. Practically, there is no advantage of choosing this product over FastMail, except maybe the prettier UI.