> Counterpoint: seems to me that protonmail is doing exactly that.
ProtonMail is security theater. It is simply not possible for a webmail service to maintain a zero-knowledge policy. They can capture your password every time you log in, and use that to decrypt your email if they want to. Or they could send you a backdoored version of their own JS-based encryption library the next time you visit protonmail.ch. (Hushmail got under fire for doing this a few years ago at the behest of the Canadian government.)
At the end of the day, the only thing that is actually protecting your email at ProtonMail is the fact that Switzerland is not yet known to be collaborating with the NSA. If they claim otherwise, they're either lying, incompetent, or seriously lacking in imagination.
ProtonMail is security theater. It is simply not possible for a webmail service to maintain a zero-knowledge policy. They can capture your password every time you log in, and use that to decrypt your email if they want to. Or they could send you a backdoored version of their own JS-based encryption library the next time you visit protonmail.ch. (Hushmail got under fire for doing this a few years ago at the behest of the Canadian government.)
At the end of the day, the only thing that is actually protecting your email at ProtonMail is the fact that Switzerland is not yet known to be collaborating with the NSA. If they claim otherwise, they're either lying, incompetent, or seriously lacking in imagination.