Not a security expert, so take everything with a grain of salt.
Traffic between your browser and a website using HTTPS is encrypted. Large scale plain text sniffing could happen by enforcing government owned certificates like Kazakhstan[^1] does.
Another possibility is getting access to root certificates, issuing valid certificates for domains and redirecting traffic. This attack is expensive and I don't know if it's possible to perform at scale.
The ISP has connection records and metadata (how much time, how many connection, what time of day). That is enough to re-construct internet activity and extract valuable information (e.g. build a user profile).
DNS records can be protected by using DoH and DNS records featuring DNSSEC can be used an counter-measures for DNS spoofing. DoH and DNSSEC play well together (e.g. dnscrypt + unbound).
Non compliance with a country's laws will surely lead to some sort of punishment, but I'm pretty sure it's legal to use a VPN in Switzerland so if you are worried about your privacy you can use a VPN service. Install the VPN server to your router. Just FYI, many government, service (e.g. audio/video streaming services) and such block access to their service based on GeoIP.
ps. "Operation Rubicon"[^2] is a very interesting read and somewhat related.
Pretty sure some of these laws are illegal in regard to many constitutions anyway. So sometimes these laws exist because they were not challenged yet and as a means to scare people. Switzerland might be different, but another country should and would enact a law that would force the removal of any CA roots connected to Swiss government because those would then pose an extreme risk to security.
Traffic between your browser and a website using HTTPS is encrypted. Large scale plain text sniffing could happen by enforcing government owned certificates like Kazakhstan[^1] does.
Another possibility is getting access to root certificates, issuing valid certificates for domains and redirecting traffic. This attack is expensive and I don't know if it's possible to perform at scale.
The ISP has connection records and metadata (how much time, how many connection, what time of day). That is enough to re-construct internet activity and extract valuable information (e.g. build a user profile).
DNS records can be protected by using DoH and DNS records featuring DNSSEC can be used an counter-measures for DNS spoofing. DoH and DNSSEC play well together (e.g. dnscrypt + unbound).
Non compliance with a country's laws will surely lead to some sort of punishment, but I'm pretty sure it's legal to use a VPN in Switzerland so if you are worried about your privacy you can use a VPN service. Install the VPN server to your router. Just FYI, many government, service (e.g. audio/video streaming services) and such block access to their service based on GeoIP.
ps. "Operation Rubicon"[^2] is a very interesting read and somewhat related.
[^1]: https://www.f5.com/labs/articles/threat-intelligence/kazakhs...
[^2]: https://en.wikipedia.org/wiki/Operation_Rubicon