432
submitted 1 day ago* (last edited 1 day ago) by irelephant@lemmy.dbzer0.com to c/privacy@lemmy.dbzer0.com

TranscriptA post by [object Object] (@zzt@mas.to) saying: courtesy of @davidgerard@circumstances.run, Proton is now the only privacy vendor I know of that vibe codes its apps: In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure! I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957

It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f

given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public

you are viewing a single comment's thread
view the rest of the comments
[-] alsaaas@lemmy.dbzer0.com 9 points 1 day ago

I use it with the full knowledge that they will start to track me and share my IP with Europol if they come with a warrant. (They are unable to comply with anything further, thanks to their e2e architecture)

It is part of my threat model and I use it solely for private stuff.

I couldn't care less that the CEO had one slipup praising a Republican with a seemingly good track record (although I did not investigate that matter)

And being a Luddite about AI is really counterproductive, it has arrived in our society and if correctly utilised will be just another tool used to automate or autocomplete etc.

Basically what your IDE already does but on steroids

(Disclaimer: it's Friday and I'm tired so there is a real – if small – chance I'm being a contrarian armed with superficial knowledge. I can't rly tell myself 🙃)

[-] irelephant@lemmy.dbzer0.com 9 points 1 day ago

I don't think using proton is a personal moral failure, I just think these things are worth discussing.

[-] alsaaas@lemmy.dbzer0.com 6 points 1 day ago

I totally agree, but think that the toot you shared is a bit alarmist

[-] Doomsider@lemmy.world 1 points 21 hours ago

Using a corporation to provide "privacy" is most certainly a logical and moral failing.

[-] ayyy@sh.itjust.works 2 points 1 day ago

They are unable to comply with anything further, thanks to their e2e architecture

How do you know some crappy generated code isn’t doing some kind of stupid logging?

[-] psivchaz@reddthat.com 2 points 1 day ago

TBH this isn't a great argument for open source code. You know it's not doing something stupid in the exact same way you know a human written application isn't doing something stupid.

1- You review it yourself to double check OR

2- You hope that the community is reviewing it and that you would be made aware of problems OR

3- You just don't know.

[-] alsaaas@lemmy.dbzer0.com 2 points 1 day ago* (last edited 1 day ago)

Because I know how software development works IRL LOL

this post was submitted on 08 Aug 2025
432 points (100.0% liked)

Privacy

3450 readers
388 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 9 months ago
MODERATORS