Transcript
A post by [object Object] (@zzt@mas.to) saying:
courtesy of @davidgerard@circumstances.run, Proton is now the only privacy vendor I know of that vibe codes its apps:
In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure!
I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957
It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f
given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public
Yeah, I'm hypocritical with proton, I use it myself, but I think people should just pay a bit more attention to what they're doing.
I use it with the full knowledge that they will start to track me and share my IP with Europol if they come with a warrant. (They are unable to comply with anything further, thanks to their e2e architecture)
It is part of my threat model and I use it solely for private stuff.
I couldn't care less that the CEO had one slipup praising a Republican with a seemingly good track record (although I did not investigate that matter)
And being a Luddite about AI is really counterproductive, it has arrived in our society and if correctly utilised will be just another tool used to automate or autocomplete etc.
Basically what your IDE already does but on steroids
(Disclaimer: it's Friday and I'm tired so there is a real – if small – chance I'm being a contrarian armed with superficial knowledge. I can't rly tell myself 🙃)
I don't think using proton is a personal moral failure, I just think these things are worth discussing.
I totally agree, but think that the toot you shared is a bit alarmist
Using a corporation to provide "privacy" is most certainly a logical and moral failing.
How do you know some crappy generated code isn’t doing some kind of stupid logging?
TBH this isn't a great argument for open source code. You know it's not doing something stupid in the exact same way you know a human written application isn't doing something stupid.
1- You review it yourself to double check OR
2- You hope that the community is reviewing it and that you would be made aware of problems OR
3- You just don't know.
Because I know how software development works IRL LOL