I realize this could easily be fake, but the accusations made against protonmail here are pretty “wow if true” https://pastebin.com/bwvqHhbA
-
-
Replying to @0xabad1dea
I don't understand the accusation, they could just change the SRI to match the modified one, no?
2 replies 0 retweets 3 likes -
Replying to @taviso @0xabad1dea
Isn't the point of SRI to ensure the integrity of remote hosted 3rd party JS anyway, of which there doesnt seem to be any on their auth pages? If the JS and the hash is hosted on the same infrastructure, what is that buying you?
1 reply 0 retweets 0 likes
Replying to @ml_siegel @0xabad1dea
Exactly, it buys nothing.
I think they should have done a bit more research before making up their claims 
11:22 AM - 16 Nov 2018
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.