Chrome / Firefox add-on
Even the mailbox encrypted, it is possible to subvert the code in your servers - or force ProtonMail to subvert it by court order - to capture users mailbox password and therefore gain access to emails. This is exactly how the HushMail got "busted" some time ago, feeding a specified user a subverted code, that captured the users password to them!
Systems like BlockChain Wallet use browser add-ons to prevent this from happening. Ever. Since the add-on is used to handle ALL communications from and to the servers, and it decrypts the content from the servers, it does not matter whether the server is backdoored (from one reason or another)! It would not matter how you would subvert the code in ProtonMail servers, since add-on would handle all these things inside users computer - and no critical information would ever, never, be sent to ProtonMail servers no matter how bad code would be installed in ProtonMail servers.
Since anyone can download and verify the add-on, there is hardly possibility to install any kind of backdoor there - and absolutely no way to install backdoor there for a specific user.
Markus Jansson
shared this idea