Yeah I got there eventually

I'm not familiar with this blog, so I can't comment on their general stance, but this particular article seems balanced and fair. They point out questionable implementation practices on Proton's side rather than criticising the AI itself.

The worst part is that once again, proton is trying to convince its users that it's more secure than it really is. You have to wonder what else they are lying or deceiving about.

For a critical blog, the first few paragraphs sound a lot like they're shilling for Proton.

I'm not sure if I'm supposed to be impressed by the author's witty wording, but "the cool trick they do" is - full encryption.

Moving on.

But that’s misleading. The actual large language model is not open. The code for Proton’s bit of Lumo is not open source. The only open source bit that Proton’s made available is just some of Proton’s controls for the LLM. [GitHub]

In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure!

oof.

Over the years I've heard many people claim that proton's servers being in Switzerland is more secure than other EU countries - well there's also this now:

Proton is moving its servers out of Switzerland to another country in the EU they haven’t specified. The Lumo announcement is the first that Proton’s mentioned this.

No company is safe from enshittification - always look for, and base your choices on, the legally binding stuff, before you commit. Be wary of weasel wording. And always, always be ready to move* on when the enshittification starts despite your caution.

* regarding email, there's redirection services a.k.a. eternal email addresses - in some cases run by venerable non-profits.

Moving the servers out of Switzerland may bein response to the proposed? regulations allowing more access to data of foreigners or something like that.

Regarding the fact that proton stops hosting in Switzerland :
I thought it was because of new laws in Switzerland and that they hzf not much of a choice ?

How much longer until the AI bubbles pops? I'm tired of this.

Mullvad FTW

Yes, indeed. Even so, just because there is a workaround, we should not ignore the issue (governments descending into fascism).

Very true

Both your take, and the author, seem to not understand how LLMs work. At all.

At some point, yes, an LLM model has to process clear text tokens. There's no getting around that. Anyone who creates an LLM that can process 30 billion parameters while encrypted will become an overnight billionaire from military contracts alone. If you want absolute privacy, process locally. Lumo has limitations, but goes farther than duck.ai at respecting privacy. Your threat model and equipment mean YOU make a decision for YOUR needs. This is an option. This is not trying to be one size fits all. You don't HAVE to use it. It's not being forced down your throat like Gemini or CoPilot.

And their LLM. - it's Mistral, OpenHands and OLMO, all open source. It's in their documentation. So this article is straight up lies about that. Like.... Did Google write this article? It's simply propaganda.

Also, Proton does have some circumstances where it lets you decrypt your own email locally. Otherwise it's basically impossible to search your email for text in the email body. They already had that as an option, and if users want AI assistants, that's obviously their bridge. But it's not a default setup. It's an option you have to set up. It's not for everyone. Some users want that. It's not forced on everyone. Chill TF out.

Really? This article reads like it's AI slop reproducing Proton copy then pivoting to undermine them with straight up incorrect info.

You know how Microsoft manages to make LibreOffice pulls errors on Windows 11? You really didn't stop to think that Google might contract out some slop farms to shit on Proton?

Their AI is not local, so adding it to your email means breaking e2ee. That's to some extent fine. You can make an informed decision about it.

But proton is not putting warning labels on this. They are trying to confuse people into thinking it is the same security as their e2ee mails. Just look at the "zero trust" bullshit on protons own page.

This was it for me, cancelled my account. Fuck this Andy moron

depends on what and with whom. based on my current jobs with smaller companies and start ups? soon. they can't afford the tech debt they've brought onto themselves. big companies? who knows.

Who Proton???? Nooo come on… who could ever seen this coming?

Over the years I've heard many people claim that proton's servers being in Switzerland is more secure than other EU countries

Things change. They are doing it because Switzerland is proposing legislation that would definitely make that claim untrue.
Europe is no paradise, especially certain countries, but it still makes sense.

From the lumo announcement:

Lumo represents one of many investments Proton will be making before the end of the decade to ensure that Europe stays strong, independent, and technologically sovereign. Because of legal uncertainty around Swiss government proposals(new window) to introduce mass surveillance — proposals that have been outlawed in the EU — Proton is moving most of its physical infrastructure out of Switzerland. Lumo will be the first product to move.

This shift represents an investment of over €100 million into the EU proper. While we do not give up the fight for privacy in Switzerland (and will continue to fight proposals that we believe will be extremely damaging to the Swiss economy), Proton is also embracing Europe and helping to develop a sovereign EuroStack(new window) for the future of our home continent. Lumo is European, and proudly so, and here to serve everybody who cares about privacy and security worldwide.

Where does it say "zero trust" 'on Protons own page'? It does not say "zero-trust" anywhere, it says "zero-access". The data is encrypted at rest, so it is not e2ee. They never mention end-to-end encryption for Lumo, except for ghost mode, and they are talking about the chat once it's complete and you choose to leave it there to use later, not about the prompts you send in.

Zero-access encryption

Your chats are stored using our battle-tested zero-access encryption, so even we can’t read them, similar to other Proton services such as Proton Mail, Proton Drive, and Proton Pass. Our encryption is open source and trusted by over 100 million people to secure their data.

Which means that they are not advertising anything they are not doing or cannot do.

By posting this disinformation all you're achieving is getting people to pedal back to all the shit services out there for "free" because many will start believing that privacy is way harder than it actually is so 'what's the point' or, even worse, no alternative will help me be more private so I might as well just stop trying.

Scribe can be local, if that's what you are referring to.

They also have a specific section on it at https://proton.me/support/proton-scribe-writing-assistant#local-or-server

Also emails for the most part are not e2ee, they can't be because the other party is not using encryption. They use "zero-access" which is different. It means proton gets the email in clear text, encrypts it with your public PGP key, deletes the original, and sends it to you.

See https://proton.me/support/proton-mail-encryption-explained

The email is encrypted in transit using TLS. It is then unencrypted and re-encrypted (by us) for storage on our servers using zero-access encryption. Once zero-access encryption has been applied, no-one except you can access emails stored on our servers (including us). It is not end-to-end encrypted, however, and might be accessible to the sender’s email service.

My friend, I think the confusion stems from you thinking you have deep technical understanding on this, when everything you say demonstrates that you don't.

First off, you don't even know the terminology. A local LLM is one YOU run on YOUR machine.

Lumo apparently runs on Proton servers - where their email and docs all are as well. So I'm not sure what "Their AI is not local!" even means other than you don't know what LLMs do or what they actually are. Do you expect a 32B LLM that would use about a 32GB video card to all get downloaded and ran in a browser? Buddy....just...no.

Look, Proton can at any time MITM attack your email, or if you use them as a VPN, MITM VPN traffic if it feels like. Any VPN or secure email provider can actually do that. Mullvad can, Nord, take your pick. That's just a fact. Google's business model is to MITM attack your life, so we have the counterfactual already. So your threat model needs to include how much do you trust the entity handling your data not to do that, intentionally or letting others through negligence.

There is no such thing as e2ee LLMs. That's not how any of this works. Doing e2ee for the chats to get what you type into the LLM context window, letting the LLM process tokens the only way they can, getting you back your response, and getting it to not keep logs or data, is about as good as it gets for not having a local LLM - which, remember, means on YOUR machine. If that's unacceptable for you, then don't use it. But don't brandish your ignorance like you're some expert, and that everyone on earth needs to adhere to whatever "standards" you think up that seem ill-informed.

Also, clearly you aren't using Proton anyway because if you need to search the text of your emails, you have to process that locally, and you have to click through 2 separate warnings that tell you in all bold text "This breaks the e2ee! Are you REALLY sure you want to do this?" So your complaint about warnings is just a flag saying you don't actually know and are just guessing.