I want to propose having web site source code verification. This would mitigate malicious code being service by the user web interface at proton[.]me. There are several tools, most famous being Meta's open source 'Code Verify' that uses published hashes.

It's no secret that Proton's web interface is a weak point for password compromise - such as via a court order. My proposal would require Proton, or a trusted entity, posting the hashes of known good Proton.me interface web site code. By allowing Proton users to verify the web site code they are being served, this reduces the risk of their password being at risk.