Problem:
The ProtonMail servers can serve malicious JavaScript in the Web Client.
Users need a way to ensure the code is clean.
Solution:
IPFS solves this problem by making checksums addresses of the file. This way, if somebody knows the address, the integrity of the file is guaranted.
If two users put the same file into IPFS, the address would be the same.
ProtonMail should host the webclient on IPFS too. The IPFS address (SHA256 based checksum) could be displayed on the website, GitHub, Reddit, and other places. It's easy to check on several other platforms (e.g. chat), because one address guarantees the integrity of the entire site.
Users could use the HTTP gateway, by running ipfs daemon on localhost, or using IPFS Desktop.
The URL using the local gateway (requires running ipfs daemon) looks like this: http://127.0.0.1:8080/ipfs/bafybeidatpz2hli6fgu3zul5woi27ujesdf5o5a7bu622qj6ugharciwjq (makes it easy to ensure the checksum). The above hash is the address of version v2.7.5 of the IPFS web UI, hosted on IPFS. Take a look at their releases page.
IPFS content can be downloaded too, for those who don't want to run the IPFS daemon, they can easily get a local copy (checksumming is done automatically), and use that version.
It would require some changes (e.g. all resource links must be relative), there is a tutorial: https://medium.com/pinata/how-to-easily-host-a-website-on-ipfs-9d842b5d6a01
Problem: The ProtonMail servers can serve malicious JavaScript in the Web Client. Users need a way to ensure the code is clean.
Solution: IPFS solves this problem by making checksums addresses of the file. This way, if somebody knows the address, the integrity of the file is guaranted. If two users put the same file into IPFS, the address would be the same. ProtonMail should host the webclient on IPFS too. The IPFS address (SHA256 based checksum) could be displayed on the website, GitHub, Reddit, and other places. It's easy to check on several other platforms (e.g. chat), because one address guarantees the integrity of the entire site. Users could use the HTTP gateway, by running ipfs daemon on localhost, or using IPFS Desktop. The URL using the local gateway (requires running ipfs daemon) looks like this: http://127.0.0.1:8080/ipfs/bafybeidatpz2hli6fgu3zul5woi27ujesdf5o5a7bu622qj6ugharciwjq (makes it easy to ensure the checksum). The above hash is the address of version v2.7.5 of the IPFS web UI, hosted on IPFS. Take a look at their releases page. IPFS content can be downloaded too, for those who don't want to run the IPFS daemon, they can easily get a local copy (checksumming is done automatically), and use that version. It would require some changes (e.g. all resource links must be relative), there is a tutorial: https://medium.com/pinata/how-to-easily-host-a-website-on-ipfs-9d842b5d6a01