Transcript
A post by [object Object] (@zzt@mas.to) saying:
courtesy of @davidgerard@circumstances.run, Proton is now the only privacy vendor I know of that vibe codes its apps:
In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure!
I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957
It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f
given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public
Um, it’s a public repository. You can view the code that’s been added. Even if it IS AI generated, you can review it yourself.
I’m as anti-AI as anyone but this is misplaced AI-alarmism.
You're a supervisor and you have 2 employees: Bill and Jim. As a supervisor your job is to ensure the work is being done correctly.
Bill is competent and rarely makes major mistakes. Jim does a decent job most of the time ... but he's also a savant at screwing up -- he regularly fucks up in ways that aren't immediately obvious but are guaranteed to cause serious problems days to weeks from the screw up.
You can glance over Bill's work and be fairly certain it's fine. You need to go over every single piece Jim's work to check for problems, and even then some are probably going to slip through.
AI is currently Jim, and Jim has no business writing code for anything privacy or security focused.
Does anyone here actually review code?
Only my own code and so far most of it has been unacceptable.
Pure, unabashed honesty. I love it. 🫶
Yes, and it's one of the most important things I do. Given the AI codegen boom we're seeing, it's also the skill I have that is increasing the fastest in value.
yes as a consultant/freelancer THIS is where the majority of my work is coming from now. if you're good at this SERIOUSLY consider consulting and freelancing for various companies that are now desperately trying to fix their AI tech debt. It's the ONE thing that is completely in demand right now due to the sheer incompetence of all these places that decided vibe coding and AI was the way to go.
you have no idea how much money you can potentially be making right now doing this. I'm booked solid for the rest of the year purely because of this.
Does anyone here realize that one person using Cursor doesnt mean "tHeY'rE vIbE cOdInG aCrOsS tHe wHoLe pLaCe!"
Then why didn’t they just say that instead of being shady and rewriting history?
Because it's also not a great idea to expose your rules files, and tell people first "oh shit, we mentioned rules files. Please don't look!" before
I'll be honest here, I've had less dogmatic conversations with conspiracy theorists about COVID. If you just need to make this a huge problem that later turns out to be a nothingburger and you'll never look back and grow as a human, then hey, you do you. But know that you'll look like a fool to anyone that isn't a goldfish and remembers more than 3 months at a time. Because you clearly don't know what's a big deal and what's not, and this is a Grade A waste of all our time to pitch a fit about.
Uh yeah? You’d be stupid not to review code, whether written by an AI or a human. I don’t trust either.
I'm guessing OP means code you use rather than code you write, in other words auditing. Likely very few of us do that with any thoroughness. IIRC proton does have some independent auditing.
That’s what I mean too. Y’all don’t just copy-paste from stack overflow praying it works do you?
That obviously not what they meant. They mean, do you review the code for every open source application you use? Do you review every library you utilize? I'm willing to be it's a no for both of these, because no one has time for that.
No, like proton mail app. Have you reviewed it? Or Signal or Veracrypt or TheNewHotness.
That is pretty immaterial to the issue. The issue is that when it comes to security, it's extremely poor form to rely on unintelligent mimicry.
Probably anti-Proton. I'm no conspiracy theorist, but the amount of pro BlueSky, anti Proton, anti Signal people I see on Lemmy make me wonder sometimes.
It really reminds me of the Mastodon mob mentality that caused so much trouble for fosstodon :/
Genuinely most of the people against bluesky/atproto haven't looked into it further than the blogpost by Christine lemmer-webber, and just want to be eliteist about being on the fediverse.