- cross-posted to:
- privacy@lemmy.ml
You must log in or # to comment.
I kind of wish this headline just kept going.
Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source, bad taste in music, murdered family of five
Once refused to say hello into the phone a toddler handed to them, refused to talk to the stray cat like it could understand them, farted on the bus and blamed it on an old lady
why are you wishing for that lmao
While the open source argument is valid, the end to end encryption critique is a bit odd to me. It is, by definition, end to end encrypted, and proton claims that the chat history is stored locally on your device and is blindly encrypted at rest on their servers, same as in their email system.
The individual messages do have to be decrypted for inference option arrival, but really there isn’t another option.
What I’d like to see is evidence of 3rd party audits on this scheme in addition to more information on the models used.
Like most things by Proton. The client side service is usually open source, but not server-side. I use & even pay for some services from Proton, but honestly they could probably decrypt your data if they had a reason to. They do pilot tests all the time. If you use Aurora Store, you’ll frequently see some Google Play accounts get different versions of the app that haven’t been rolled out to everyone.
I’ve noticed several times the “open-source” app on their GitHub is multiple versions behind what they’re publishing on Google Store. I don’t know of anyone doing automated testing for all the unpublished versions. If you use the browser—since the encryption is handled via JS—all it would take is a few small changes to get the information needed to decrypt your data.
There are some alternative open-source bridges for Proton that solve some of these issues, but most people using Proton are just using the stock apps. If you use Proton then you’re prob. doing a lot more to protect your privacy from advertisers, but if you think it’ll protect you from the government spying if they have a reason, then you might want to think again.
I’m so glad I’m letting my Proton subscription lapse when it runs out. I want away from that ridiculous mess of enshittification.
I recently switched to their VPN for torrenting because Mullvad doesn’t support port forwarding but the company as a whole really rubs me the wrong way for so many reasons.
I’ll probably just say fuck it and go back to Mullvad when the subscription expires, now that I built the bulk of my local library I can deal with losing port forwarding.
Are you on their VPN? What service will you go for if so?
No, I’m not. I was mostly just using them for email.
Mullvad vpn is prob the next closest.
Iirc it might also be the only and last decent one left around, but I’m not really keeping up with news. My Proton subscription will also lapse in a couple months so I might have to ask for Lemmy’s advice on the matter again.
They really don’t help themselves. Their target customer is not the same as Gmail users.
It is tho. It is exactly that. People that have no clue about security and open source, but want to get away from google stuff.
