Right after this I spot the announcement post on my front page, in [email protected]. I'm surprised just how positive the comments are.
this post was submitted on 18 Jul 2024
1 points (100.0% liked)
TechTakes
1432 readers
16 users here now
Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.
This is not debate club. Unless it’s amusing debate.
For actually-good tech, you want our NotAwfulTech community
founded 1 year ago
MODERATORS
Same, tbh. I went on their subreddit expecting a shitstorm but the announcement sits at like 85% upvotes with mostly positive replies.
What kind of bizarro world have I stumbled into?
At least the top-level comments seem to be split.
between that thread’s activity pattern and how hard they tried to fudge the numbers on their own survey to make this feature look popular: boy there’s a lot of stank on this one
but hey here’s some worrying shit straight from the Proton team:
Our business audience was the most interested in a writing assistant, this is why we started gradually rolling it out starting with Business and Visionary plans. We will look into making it available to more users at a later date!
so there’s something utterly fucking obvious for the “it’s only for business users” posters to consider; they’re doing the same frog boiling shit that all LLM fuckheads do.
I’m tempted to crosspost David’s article and my mastodon thread to that community, since Proton hasn’t really replied otherwise, and they seem plenty active there answering softball questions and removing posts. I don’t look forward to the Kagi-level shitstorm in my inbox afterwards though
load more comments
(1 replies)
load more comments
(1 replies)
I went to Proton for the explicit reason I didn't want Google scanning all my docs. Glad I moved away from them now, hopefully Fastmail doesn't do the same.
It's a local model running in your browser though
Doesn't sound like it
Your prompt — that is, the email you’re writing — is kept in plain text on their server
Besides, I just don't want AI in general, is that too much to ask? I wonder how long it will be until there are companies actively promoting their lack of AI.
it can run locally, but Proton discourages it in their marketing, it has very high system requirements, and it requires you use a chromium-based browser (which is a non-starter for a solid chunk of Proton’s userbase). otherwise, it uses the cloud version of the feature, which works exactly like the quote describes, though Proton tries to pretend otherwise; it’s actually incredibly out of the ordinary that they pushed this feature at all without publishing anything about its threat model.
it’s unclear what happens if the feature’s enabled and set to local but you switch to a computer that can’t run the LLM. it’s also just fucked that there’s two identical versions of the same feature, but one of them exfiltrates your data.
Besides, I just don’t want AI in general, is that too much to ask?
you’re not alone. the other insulting part of this is that the vast majority of Proton’s userbase indicated they didn’t want this feature in responses to Proton’s 2024 survey, which was effectively constructed to make it impossible to say no to the LLM feature, since the feature portion of the survey was stack ranked. the blog post introducing Scribe even lies about the results of the survey — an LLM wasn’t even close to being the most requested feature.
load more comments
(1 replies)
read the fucking article before you multi-post your uninformed shit in this thread, thanks
Never rely on multi services products from a company. I know it’s more practical but you get the real benefits of having spread services.
Why is that an issue? I deploy local LLMs for work and none of the content they use or generate goes outside the encrypted active domain, so no security issues or privacy issues. The question is how contained the LLM is, that's all.
did you read the parts of the article that describe why the LLM is an issue?
load more comments
(26 replies)
Eamonn Maguire, author of the Proton Scribe announcement post, responded to my tweet with this: https://x.com/EamonnMagu14645/status/1814062340863651965
not sure how legit that account is, actually. It's not the one I @'ed - this one was created in Jan 2024 - either it's his low-key alt or a bot
perhaps his plausible deniability account.
do you get banned from twitter if you call him a fucking asshole?
I’m working on a more detailed reply on mastodon but to be honest, I’m pretty sure he didn’t read the original post
it all stinks so much. He calls it "opt-in" but the official description of that opt-in is:
If you try to use Proton Scribe, you will be prompted to chose between local and server-side. So, technically, it's not active until you decide how, and if, you want to use it.
as you can see here: https://mastodon.social/@protonprivacy/112807462045101580
there is opt-in and then there is dangling an expired hotdog
holy fuck that’s worse than I thought
so going back to not being able to recommend Proton to anyone again: there’s now a button (and associated “tutorial” advertising modals trying to get the user to click the button, don’t pretend there won’t be) that when clicked gives the user a confusing choice between an option that might not work and one that exfiltrates their data and claims it doesn’t (if they even get this choice on a computer that doesn’t support the local LLM), and if they interact with that it just opts them into the feature in a state that may or may not (but by default does) expose the plaintext of their messages to Proton’s servers
and I’m supposed to recommend this horseshit to non-technical users? what’s that sound like, I wonder? “oh it’s a great privacy-oriented mail service you should pay for — but not for your business because you might fuck up and exfiltrate your data, and also there’s a chance they’ll enable the same feature for regular users at some unspecified time in the future so look out for that. oh and don’t get visionary either.” yeah fuck that
Glad I stuck with mailbox.org.
I'm not familiar with them. What makes them more privacy focused?
It's encrypted and based out of Germany (so, outside of five eyes). The ui is shit but if you use an app for email it's great. They also offer anonymous payment methods if you're into that.
they’re not end-to-end encrypted; their security model involves giving their server both your GPG private key and its passphrase, which makes your inbox and other data trivially able to be subpoenaed by German authorities.
I don’t think this is a replacement for Proton or Tutanota at all.
It's encrypted and based out of Germany (so, outside of five eyes).
[...] your inbox and other data trivially able to be subpoenaed by German authorities
Germany is a member of the Fourteen Eyes alliance and shares data with 9 and 5 eyes members.
I just wanted to put that out there after @[email protected] suggested that the five eyes are the only eyes. They share with Germany and vice versa.
Well, I was contemplating Protonmail...
I'm in the process of degoogling and dewindowing. I'll be dammed if I'm going towards ANYthing even related to"artificial intelligence" if I can help it.
Feckin bullshit.
I'll mention I went to Fastmail (mainly because they're an Aus company as well as the privacy stuff), so far so good.
load more comments
(7 replies)
It's not even in the consumer version. Also it's a optional local LLM running in your browser for basic stuff
though to be honest, the fact that you think this is local-only and only affects business accounts perfectly demonstrates how fucking dangerous Proton’s marketing and design around this feature is
I'm pretty happy with Tutanota all things considered. There are some tradeoffs back and forth between the two, but I think it's neat they run on renewable energy. And they're very focussed on being open source which I also appreciate.
Maybe an option worth looking into. They're also encrypted (though I wish either them or proton had an option not to be) and have a free tier)
Hope you find what you're looking for!
I’ve been using Mailbox.org. I tried Tutanota but the domain name was just awful.
Well it is just tuta now so there is that
I recommend you get your own domain, then you can’t ever lose your email.
load more comments
(7 replies)
Thanks
It should be an option that is turned off
alternatively, if the only version of this that doesn’t break Proton’s e2e security model is the local-only version, maybe don’t ship the cloud hosted version of the feature under any circumstances
I’d still hate the feature because the LLM model’s derived from plagiarized work and the labor of exploited workers from the global south, but this didn’t have to be a fucking privacy catastrophe
it was acausally enabled before you clicked on it, for your comfort and convenience, like the new ad tracker built into Firefox 128
The good news is I barely use Protonmail (or email at all, for that matter).
The bad news is I have a fucking Proton account. Fuck.
they're still least worst, but "oh the fuck no" is the correct reaction
Once they activate the acausality module, you can write those responses before they even send the initial email!
Alright Eschaton
load more comments
(1 replies)
tbf it's only in the business plans and some of the legacy lifer type plans, but yeah, wildin
just a little violation of my trust for the company I pay for privacy and encryption services. as a treat.