That's a fair statement - I think it then comes down to: Can you by law in Switzerland order someone to serve malicious JavaScript, or only to e.g. deliver information you already have?
In the present case, ProtonMail was compelled to backdoor its system to log an IP it did not log previously, so it's arguably closer to the former situation you presented.
Thanks for the clarification, and for making your homepage much more honest in regards to your privacy policy.
May i ask what's the difference in regards to the law between being compelled to modify your systems to record an IP address (which i heard was the fact in this case) and to backdoor OpenPGPJS? From my technical perspective it sounds exactly the same, but i'm unfamiliar with swiss law.
