If Proton got court ordered to use a malicious version of their web app that steals encryption keys from x user couldn't it be targeted by IP or potentially depending on how their web app is written by username?
Also could Proton even be court ordered into doing this or does swiss law not allow it?