Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source
Technology
126
Beiträge
58
Kommentatoren
3
Aufrufe
-
How much longer until the AI bubbles pops? I'm tired of this.
as long as certain jobs and tasks can be done easier, and searches can be done faster, its gonna stay. not a fad like nft.
the bubble here is the energy and water consumption part. -
Proton has always been shitty. They don't even give you the encryption keys. Always been a red flag for me.
Not your keys, not your encryption.
For most people, having access to their own encryption keys will cause for data loss.
Most countries have systems in place that you can do proper audits on companies which you can trust. You can audit companies for securities or financial reports which are the most common once, but you can also audit a VPN if they keep logs or not (Pure VPN has done this) and you can audit them if they have access to your encryption keys or not.
We really need to normalise that kind of control to keep companies in check.
-
Ok yeah thats a far cry from Proton actually “Having your unencrypted emails on their servers” as if they’re not encrypted at rest.
There’s the standard layer of trust you need to have in a third party when you’re not self hosting. Proton has proven so far that they do in fact encrypt your emails and haven’t given any up to authorities when ordered to so I’m not sure where the issue is. I thought they were caught not encrypting them or something.
We need to call for an audit on Protons policy and see if they actually do what they say, that way we can know for almost certain that everything is good as they say
-
The worst part is that once again, proton is trying to convince its users that it's more secure than it really is. You have to wonder what else they are lying or deceiving about.
We really need to audit Proton
-
is not typically a good way to sell things.
Ah yes, telling the truth is not good for sales, therefore deception is ok.
Yeah, it seems we won't agree here. Have a nice day.
You said yourself that it wasn't actually wrong or deceptive or inaccurate, but rather "confusing."
read your own words.
-
End to end encryption of a interaction with a chat-bot would mean the company doesn't decrypt your messages to it, operates on the encrypted text, gets an encrypted response which only you can decrypt and sends it to you. You then decrypt the response.
So yes. It would require operating on encrypted data.
The documentation says it's TLS encrypted to the LLM context window. LLM processes, and the context window output goes back via TLS to you.
As long as the context window is only connected to Proton servers decrypting the TLS tunnel, and the LLM runs on their servers, and much like a VPN, they don't keep logs, then I don't see what the problem actually is here.
-
You said yourself that it wasn't actually wrong or deceptive or inaccurate, but rather "confusing."
read your own words.
I didn't. Being wrong and being deceptive are two different things.
-
We need to call for an audit on Protons policy and see if they actually do what they say, that way we can know for almost certain that everything is good as they say
I mean we know from documented events that Proton doesn’t store you emails in plain text because there have been Swiss orders to turn over information which they have to comply with and they’ve never turned in emails, because they can’t.
-
And Gmail can retrieve your mails from proton using IMAP. It’s even in their own (proton’s) documentation.I don’t think it can. Where in the documentation did you find that?
An online search brought me here : https://www.getmailbird.com/setup/en/access-protonmail-com-via-imap-smtp which did looks like a documentation page about how to do exactly that. Obviously, it has nothing to do with them, and the actual details makes no sense the lower you get in the page. I've been had
They still can see most mails transit from their service in plaintext in both directions, though, which remain a privacy issue, but it has more to do with email protocols than anything.
You’re right that they can see the emails in transit if you’re not using encryption, but they never said they can’t. They are as secure as they can possibly be, and are honest about what’s secure and what’s not. I would leave Protonmail at the first sniff of trouble but I just haven’t seen anything that concerning.
-
I mean we know from documented events that Proton doesn’t store you emails in plain text because there have been Swiss orders to turn over information which they have to comply with and they’ve never turned in emails, because they can’t.
Do you have a source for that? I know they handed over an IP address, but I haven't heard about them handing over an email.
-
Do you have a source for that? I know they handed over an IP address, but I haven't heard about them handing over an email.
As far as I know they have not handed over any emails.
-
This post did not contain any content.
Okay but are any AI chatbots really open source? Isn't half the headache with LLMs the fact that there comes a point where it's basically impossible for even the authors to decode the tangled madness of their machine learning?
-
I'm not impressed by Proton at all tbh. There are plenty of reasons to dislike them. Here is a nice article about it:
https://マリウス.com/i-do-not-recommend-proton-mail/
Disclaimer: always do your own research as well.
No chance anyone’s clicking on that link
-
Okay but are any AI chatbots really open source? Isn't half the headache with LLMs the fact that there comes a point where it's basically impossible for even the authors to decode the tangled madness of their machine learning?
Yeah but you don't open source the LLM, you open source the training code and the weights and the specs/architecture
-
No chance anyone’s clicking on that link
Are you talking about the “xn—“ domain name? Because FYI that’s just a punycode domain. It’s pretty commonly used for non-ascii domains. https://en.wikipedia.org/wiki/Punycode
The article itself is only available over Tor or I2P anyways though.
-
Are you talking about the “xn—“ domain name? Because FYI that’s just a punycode domain. It’s pretty commonly used for non-ascii domains. https://en.wikipedia.org/wiki/Punycode
The article itself is only available over Tor or I2P anyways though.
Yes lol. Nobody is going to want to open that link.
-
Yes lol. Nobody is going to want to open that link.
You still think it's sketchy?
I've explained that it's perfectly normal, that it's just someone who wants to use Unicode in their domain name (in this case because they probably speak a non-ascii based language), and most good web clients should be showing that link as the Unicode characters. Firefox for example shows that as the proper Unicode directly.
It literally is just a way for non-english speakers to have a domain name in their native language.
-
This post did not contain any content.
Proton is shifting as mainstream company. AI craps, false misleading advertising.
-
You still think it's sketchy?
I've explained that it's perfectly normal, that it's just someone who wants to use Unicode in their domain name (in this case because they probably speak a non-ascii based language), and most good web clients should be showing that link as the Unicode characters. Firefox for example shows that as the proper Unicode directly.
It literally is just a way for non-english speakers to have a domain name in their native language.
People are usually aware enough to know that seeing Unicode characters in a URL looks wrong even if they don’t know why. Pair that with Punycode’s reputation for being abused by malicious actors and some clients not even showing the Unicode, and you have a link few are going to want to click on.
It’s not that I don’t understand what you’re saying I was just commenting on the fact that nobody is going to want to click that link.
-
Proton is shifting as mainstream company. AI craps, false misleading advertising.
And a MAGA CEO
The Intercept: Proton Mail Says It’s “Politically Neutral” While Praising Republican Party
Here’s an excerpt: Proton, the company behind the eponymous email provider Proton Mail, has won itself a loyal fanbase of dissidents, investigative journalists, and others skeptical of the prying eyes of government or …
Privacy Guides Community (discuss.privacyguides.net)
