Now Proton’s gone harder into AI with a chatbot: Lumo! This isn’t local, it runs on Proton’s systems. [Proton] Proton promises your chats with Lumo are “confidential” and “no logs kept and every chat encrypted.” What does that mean in detail? Proton says your chats are stored with the same zero-access encryption as your email. That’s great! But their wording is: “end-to-end encryption in your chat history.” What are the ends in this scenario? And why not just say “end-to-end encryption in your chat”? Well, obviously, because they can’t say that. If you’re using a remote chatbot like Lumo, the chat has to exist as plain text for the chatbot to see it, for some unspecified length of time. Same if you dump files into the chatbot from your end-to-end-encrypted Proton Drive — their version of Google Drive. That’s how most web services work, and it might not sound like a big deal — but Proton’s email famously does not work like that. There is never plain text at rest. So Proton is trying to handwave on their past reputation and say, well, parts of it are totally secure. Just not the rest. Proton also used to publish complete cryptographic threat models for its products. They didn’t for the AI email assistant and they haven’t for Lumo. It’s a glaring absence. So can we look at the code? Well, no. Proton hasn’t opened any of Lumo. They just say the word “open” a lot — “Lumo is based upon open-source language models and operates from Proton’s European datacenters.” But that’s misleading. The actual large language model is not open. The code for Proton’s bit of Lumo is not open source. The only open source bit that Proton’s made available is just some of Proton’s controls for the LLM.
Hmm, why does a Swiss army company, renowned for prioritizing privacy, feel the need to develop a LLM in the first place? It seems like Proton is gradually shifting towards a more mainstream approach which raises concerns about potentially misleading marketing tactics.
Atleast put some effort into why you think that way. They are just trying to be a complete suite of products. I dont agree with their approach because some of their products are half baked. Linux doesn’t have native drive and other glaring issues. Another example is standard note lying dead after acquisition. I am still however subscribed to them on the visionary plan for a few years now. They are still one of the nicer, complete privacy packaged solution. I self host most of my things but I dont mind my emails and files with proton.
Why hate proton. If proton seems expensive, there are other options. Also, businesses are always for profit. If it is free, then it is not a business.
I think it’s the Indian mentality that everything should be free. Our political leaders have shaped that thought by giving freebies. Jio made internet free in the initial days. Every companies in India offer free gifts, or big reductions in price.
Now, proton has a free plan which is more than enough for regular users. Proton vpn even allows guest sign in and free servers. All these costs are borne by the people who pays for the service.
We misused teamdrives, hoarded TBs of data. We misused edu suites. Even telegram is being used as a personal storage server.
All these shaped our identity - people outside India feels that Indians are cheap OR Indians are scammers. I got rejected from some foreign companies just because I was Indian and they can only offer an ‘Indian salary’. In client meetings, others make fun of our Indian accent, whereas korean, Philippines accents are considered cute.
We need to change. The world took so much from India and now considers India as trash, and Indians as scammers. Change is inevitable. Let it start from educated people like us.
Why you think that when i am mentioning it as expensive i want it for free? I am saying the Proton is over advertised and expensive compare to the similar or better services and they do indeed is not privacy friendly. just check their history.
Also, i always paid for things and never took any freebies, not even the jio sim in those days. I am not exploiting the loopholes. so throwing the tantrum of someone or a large group over me is not acceptable.
I am in tech from a long time, have tested and reviewed hundreds of email hosting, vpns and open source projects. I even pay for fonts, graphics and license everything i can afford.
If you want to give gyan, please do in in separate thread.
Well, it’s good that Proton has implemented User-to-Lumo (U2L) encryption, utilizing bidirectional asymmetric encryption instead of full end-to-end encryption.
It seems fancy to hate on Proton because of the privacy focus and higher costs, a bit like Apple’s marketing, because it goes against the mainstream.
If you look at the market as a whole, it is better to have an option that goes some way to addressing some concerns than submitting to free data mining options, that most people don’t give a second thought to.
hi, could you confirm if a prontonmail user send email from proton to Gmail, outlook, rediff, yahoo or other provider is secure? the mail encryption should be from both side. do you send encrypted emails everytime? why companies like Tuta.com , Mailbox.org can’t be used?
what makes protonmail unique? they even install scripts in system, requires bridge for emails.
Exactly. Proton has been pretty transparent. It is even developing proton sheets as an alternative to Google sheet. I regularly watch proton’s YouTube videos on privacy too. If you are interested checkout simplex chat too. It’s a better alternative to signal
You seem quite passionate about this topic. Would love to know what you would recommend as a better alternative from your experience in these categories (VPN, Email etc.).
I have used most of the privacy enabled email and no log vpns. I had an issue where proton was running unwelcome scripts for the email bridge, vpn and was very slow. Proton also miss many emails that are not encrypted so it can’t be used for professional email like i was not able to receive WordPress emails that had no custom SMTP. This is also the case with fastmail but they are lot better although they are within surveillance eye.
the privacy starts from the basic no leak dns like using controld, adguarddns, nextdns. you can’t get wrong with surfshark and nordvpn. tuta and mailbox for basic solution while the spam or missing emails can be common from indian gov portal sites.
there are sites like privacytools.io offers better alternatives.
As of September 25th 2022 we are seeing BurungHantu’s overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally recommended by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs.
PrivacyTools has become exactly the type of site we warned against on the PrivacyTools blog in 2019. We’ve tried to keep our distance from PrivacyTools since the transition, but their continued harassment towards our project and now their absurd abuse of the credibility their brand gained over 6 years of open-source contributions is extremely troubling to us. Those of us actually fighting for privacy are not fighting against each other, and are not getting our advice from the highest bidder.
None of the real privacy communities would recommend NordVPN when you have better options like Proton and Mullvad. Also, stay away from PrivacyTools.io they still list Surfshark VPN as a top choice in VPN, other sections because it’s sponsored. I’d rather recommend: PrivacyGuides, TheNewOil.org, and Techlore.tech.