alt Hacker NewsIt is very possible for them to inject custom JS to a specific user.
You are the bosses at Protonmail, do you want police at 6 am shaking your kids, seize all your devices, loose all agreements with PayPal and Visa/MasterCard, because you want to protect a guy who distributes child pornography or plans a terrorist attack ?
No way, so you tap on the shoulder of the CTO and ask him to push a temporary update or turn on a feature flags, in order to collect the missing information.
This is true for all companies who control the client.
From what we (at least I) know, this wasn't the police in Switzerland waking up senior management.
t was - without anyone admitting to it - probably KrCERT who requested the account suspension. KrCERT don't seem to have any legal jurisdiction in Switzerland.
"KrCERT/CC, which is an internal division of KISA, is a CSIRT with national responsibility and a focal point of contact for Korea on international cybersecurity incident handling." -- https://en.wikipedia.org/wiki/Korea_Internet_%26_Security_Ag...
I'd like to think if they 'tapped on the shoulder of the CTO ' of a company headquartered in Switzerland, he'd say "maybe, come back with an order from a relevant court or security agency in Switzerland and I'll get my team right on that".