Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source
Technology
126
Beiträge
58
Kommentatoren
3
Aufrufe
-
Why does an email service need a chatbot, even for business?
they are not only an email service, for quite some time now
There are about a bajillion of these, and one could host the same thing inside docker in like 10 minutes.
sure, with a thousand or two dollars worth of equipment and then computer knowledge. Anyone could do it really. but even if not, why don't they just rawdog deepseek? I don't get it either
...On the other hand, it has no access to email I think?
that's right. you can upload files though, or select some from your proton drive, and can do web search.
I guess the sell is easy access to Proton Drive for RAG here?
-
I guess the sell is easy access to Proton Drive for RAG here?
what is RAG?
-
I think it's different. The fundamental operation of all these models is multiplying big matrices of numbers together. GPUs are already optimised for this. Crypto was trying to make the algorithm fit the GPU rather than it being a natural fit.
With FPGAs you take a 10x loss in clock speed but can have precisely the algorithm you want. ASICs then give you the clock speed back.
GPUs are already ASICS that implement the ideal operation for ML/AI, so FPGAs would be a backwards step.
Thank you for the explanation!
-
Any business putting "privacy first" thing that works only on their server, and requires full access to plaintext data to operate, should be seen as lying.
I've been annoyed by proton for a long while; they do (did?) provide a seemingly adequate service, but claims like "your mails are safe" when they obviously had to have them in plaintext on their server, even if only for compatibility with current standards, kept me away from them.
Proton has always been shitty. They don't even give you the encryption keys. Always been a red flag for me.
Not your keys, not your encryption.
-
Because this is highly nuanced technical hair splitting, which is not typically a good way to sell things.
Look, we need to agree to disagree here, because you are not changing your mind, but I don't see anything compelling here that's introduced a sliver of doubt for me. If anything, forcing me to look into it in detail makes me feel more OK with using it.
Whatever. Have a nice day.
is not typically a good way to sell things.
Ah yes, telling the truth is not good for sales, therefore deception is ok.
Yeah, it seems we won't agree here. Have a nice day.
-
This post did not contain any content.
see, i'm saying this. that guy ain't to be trusted.
-
Mullvad FTW
MullChad is the best for anyone who doesn't require port forwarding
-
what is RAG?
Retrieval-augmented generation (RAG) is a technique that enables large language models (LLMs) to retrieve and incorporate new information. With RAG, LLMs do not respond to user queries until they refer to a specified set of documents. These documents supplement information from the LLM's pre-existing training data. This allows LLMs to use domain-specific and/or updated information that is not available in the training data. For example, this helps LLM-based chatbots access internal company data or generate responses based on authoritative sources.
From Retrieval-augmented generation.
Specifically here, I imagine the idea is to talk to the chatbot about what's in your documents.
-
SMH
No one is saying it's encrypted when processed, because that's not a thing that exists.
homomorphic encryption?
not there yet, of course, but it is conceptually possible
-
This post did not contain any content.
There's some good discussion about the security in the comments, so I'm just going to say that Lumo's Android app required the Play Store and GPlay Services. I uninstalled.
It's also quite censored. I gave Proton's cute chatbot a chance, but I'm not impressed.
-
This post did not contain any content.
Since there's already good discussion in the comments about this, I'm just going to add that Lumo's Android app requires the Play Store and GPlay Services. I uninstalled.
From my testing on the website, it's also very censored. I gave Proton's cute private chatbot a chance, but I'm not impressed.
-
They support IMAP. Which means, IMAP client can read your mails from the server.
Proton mail does not support IMAP. Because your emails are encrypted on the server.
Again, unless you add a layer of encryption (assuming the recipient understands it, too), it's plaintext. On the servers.
Protonmail doesn’t claim that non-protonmail email is end to end encrypted. Any emails sent to a regular email without third party encryption will be plain text through the SMTP server, but they don’t store it. So in this case they are still not storing your emails in plaintext. Your recipient will, but that’s out of Protonmail’s control.
shows up in full plaintext on their SMTP server. Whatever they do after that (and we've established it's not client-controlled encryption), they have access to it.
You’ve not established that at all. Protonmail stores that message with client side encryption and they have no access to it. Nothing you’ve brought up here suggests that anything is stored in plaintext on Protonmail servers.
Well, I've been had. There is no IMAP support indeed, during my quick lookup around it, I ended up on a website that does look a lot like a real documentation that claim it does. My bad.
The point about sending and receiving messages in cleartext stands, as SMTP works that way, but at rest it is possible they're keeping them encrypted.
-
They support IMAP. Which means, IMAP client can read your mails from the server.
Proton mail does not support IMAP. Because your emails are encrypted on the server.
Again, unless you add a layer of encryption (assuming the recipient understands it, too), it's plaintext. On the servers.
Protonmail doesn’t claim that non-protonmail email is end to end encrypted. Any emails sent to a regular email without third party encryption will be plain text through the SMTP server, but they don’t store it. So in this case they are still not storing your emails in plaintext. Your recipient will, but that’s out of Protonmail’s control.
shows up in full plaintext on their SMTP server. Whatever they do after that (and we've established it's not client-controlled encryption), they have access to it.
You’ve not established that at all. Protonmail stores that message with client side encryption and they have no access to it. Nothing you’ve brought up here suggests that anything is stored in plaintext on Protonmail servers.
I'll just repost the same message here, for completion sake.
Well, I've been had. There is no IMAP support indeed, during my quick lookup around it, I ended up on a website that does look a lot like a real documentation that claim it does. My bad.
The point about sending and receiving messages in cleartext stands, as SMTP works that way, but at rest it is possible they're keeping them encrypted.
-
There is no way to retrieve your mail using IMAP on a regular client if they're encrypted on the server.
That is probably why you can’t retrieve your emails using IMAP from a regular client.
And Gmail can retrieve your mails from proton using IMAP. It's even in their own (proton's) documentation.
I don’t think it can. Where in the documentation did you find that?
And Gmail can retrieve your mails from proton using IMAP. It’s even in their own (proton’s) documentation.I don’t think it can. Where in the documentation did you find that?
An online search brought me here : https://www.getmailbird.com/setup/en/access-protonmail-com-via-imap-smtp which did looks like a documentation page about how to do exactly that. Obviously, it has nothing to do with them, and the actual details makes no sense the lower you get in the page. I've been had
They still can see most mails transit from their service in plaintext in both directions, though, which remain a privacy issue, but it has more to do with email protocols than anything.
-
There's some good discussion about the security in the comments, so I'm just going to say that Lumo's Android app required the Play Store and GPlay Services. I uninstalled.
It's also quite censored. I gave Proton's cute chatbot a chance, but I'm not impressed.
I'm not impressed by Proton at all tbh. There are plenty of reasons to dislike them. Here is a nice article about it:
https://マリウス.com/i-do-not-recommend-proton-mail/
Disclaimer: always do your own research as well.
-
SMH
No one is saying it's encrypted when processed, because that's not a thing that exists.
End to end encryption of a interaction with a chat-bot would mean the company doesn't decrypt your messages to it, operates on the encrypted text, gets an encrypted response which only you can decrypt and sends it to you. You then decrypt the response.
So yes. It would require operating on encrypted data.
-
How much longer until the AI bubbles pops? I'm tired of this.
as long as certain jobs and tasks can be done easier, and searches can be done faster, its gonna stay. not a fad like nft.
the bubble here is the energy and water consumption part. -
Proton has always been shitty. They don't even give you the encryption keys. Always been a red flag for me.
Not your keys, not your encryption.
For most people, having access to their own encryption keys will cause for data loss.
Most countries have systems in place that you can do proper audits on companies which you can trust. You can audit companies for securities or financial reports which are the most common once, but you can also audit a VPN if they keep logs or not (Pure VPN has done this) and you can audit them if they have access to your encryption keys or not.
We really need to normalise that kind of control to keep companies in check.
-
Ok yeah thats a far cry from Proton actually “Having your unencrypted emails on their servers” as if they’re not encrypted at rest.
There’s the standard layer of trust you need to have in a third party when you’re not self hosting. Proton has proven so far that they do in fact encrypt your emails and haven’t given any up to authorities when ordered to so I’m not sure where the issue is. I thought they were caught not encrypting them or something.
We need to call for an audit on Protons policy and see if they actually do what they say, that way we can know for almost certain that everything is good as they say
-
The worst part is that once again, proton is trying to convince its users that it's more secure than it really is. You have to wonder what else they are lying or deceiving about.
We really need to audit Proton
