317

we appear to be the first to write up the outrage coherently too. much thanks to the illustrious @self

top 50 comments
sorted by: hot top controversial new old
[-] uhmbah@lemmy.ca 92 points 4 months ago

Well, I was contemplating Protonmail...

I'm in the process of degoogling and dewindowing. I'll be dammed if I'm going towards ANYthing even related to"artificial intelligence" if I can help it.

Feckin bullshit.

[-] Cris_Color@lemmy.world 32 points 4 months ago

I'm pretty happy with Tutanota all things considered. There are some tradeoffs back and forth between the two, but I think it's neat they run on renewable energy. And they're very focussed on being open source which I also appreciate.

Maybe an option worth looking into. They're also encrypted (though I wish either them or proton had an option not to be) and have a free tier)

Hope you find what you're looking for!

load more comments (11 replies)
load more comments (10 replies)
[-] fasterandworse@awful.systems 50 points 4 months ago* (last edited 4 months ago)

Eamonn Maguire, author of the Proton Scribe announcement post, responded to my tweet with this: https://x.com/EamonnMagu14645/status/1814062340863651965

We built this as an opt-in alternative to the non-privacy centric options on the market.

Our goal is always privacy by default, we want to make that possible in the GenAI world too given the number of businesses already using it, and the privacy risks other options pose.

We built this as an opt-in alternative to the non-privacy centric options on the market. Our goal is always privacy by default, we want to make that possible in the GenAI world too given the number of businesses already using it, and the privacy risks other options pose.

[-] fasterandworse@awful.systems 22 points 4 months ago* (last edited 4 months ago)

not sure how legit that account is, actually. It's not the one I @'ed - this one was created in Jan 2024 - either it's his low-key alt or a bot

perhaps his plausible deniability account.

[-] self@awful.systems 19 points 4 months ago

do you get banned from twitter if you call him a fucking asshole?

I’m working on a more detailed reply on mastodon but to be honest, I’m pretty sure he didn’t read the original post

[-] fasterandworse@awful.systems 18 points 4 months ago

it all stinks so much. He calls it "opt-in" but the official description of that opt-in is:

If you try to use Proton Scribe, you will be prompted to chose between local and server-side. So, technically, it's not active until you decide how, and if, you want to use it.

as you can see here: https://mastodon.social/@protonprivacy/112807462045101580

there is opt-in and then there is dangling an expired hotdog

[-] self@awful.systems 13 points 4 months ago

holy fuck that’s worse than I thought

so going back to not being able to recommend Proton to anyone again: there’s now a button (and associated “tutorial” advertising modals trying to get the user to click the button, don’t pretend there won’t be) that when clicked gives the user a confusing choice between an option that might not work and one that exfiltrates their data and claims it doesn’t (if they even get this choice on a computer that doesn’t support the local LLM), and if they interact with that it just opts them into the feature in a state that may or may not (but by default does) expose the plaintext of their messages to Proton’s servers

and I’m supposed to recommend this horseshit to non-technical users? what’s that sound like, I wonder? “oh it’s a great privacy-oriented mail service you should pay for — but not for your business because you might fuck up and exfiltrate your data, and also there’s a chance they’ll enable the same feature for regular users at some unspecified time in the future so look out for that. oh and don’t get visionary either.” yeah fuck that

[-] fasterandworse@awful.systems 44 points 4 months ago

the usefulness of any feature should be measured in how deep you can bury its "opt-in" option in the settings pages without hurting its adoption

[-] MBM@lemmings.world 32 points 4 months ago

Right after this I spot the announcement post on my front page, in !protonprivacy@lemmy.world. I'm surprised just how positive the comments are.

[-] mii@awful.systems 31 points 4 months ago

Same, tbh. I went on their subreddit expecting a shitstorm but the announcement sits at like 85% upvotes with mostly positive replies.

What kind of bizarro world have I stumbled into?

At least the top-level comments seem to be split.

[-] self@awful.systems 33 points 4 months ago

between that thread’s activity pattern and how hard they tried to fudge the numbers on their own survey to make this feature look popular: boy there’s a lot of stank on this one

but hey here’s some worrying shit straight from the Proton team:

Our business audience was the most interested in a writing assistant, this is why we started gradually rolling it out starting with Business and Visionary plans. We will look into making it available to more users at a later date!

so there’s something utterly fucking obvious for the “it’s only for business users” posters to consider; they’re doing the same frog boiling shit that all LLM fuckheads do.

I’m tempted to crosspost David’s article and my mastodon thread to that community, since Proton hasn’t really replied otherwise, and they seem plenty active there answering softball questions and removing posts. I don’t look forward to the Kagi-level shitstorm in my inbox afterwards though

[-] fasterandworse@awful.systems 22 points 4 months ago

the thing about this is a "writing assistant" doesn't have to be integrated into the email product. It could be a product in itself. If the "business audience(?) was the most interested in a writing assistant" you've got a fucken great standalone product opportunity on your hands. A Proton-certified LLM writing assistant that is magically better and more secure than anything else out there is not something you coyly slip into the email client and nudge everyone to use.

It doesn't matter what reasons they have for doing this. Their method of deployment says more than enough to me. They know it's off-script and they know they want their fucken "audience" to do the marketing for them.

[-] gencha@lemm.ee 15 points 4 months ago

Reddit content is paid/generated content. It is literally part of their commercial offering to customers that they can expertly deceive their users. It is an advertising platform and you use it to try and force a public image.

[-] BlueMonday1984@awful.systems 31 points 4 months ago

The good news is I barely use Protonmail (or email at all, for that matter).

The bad news is I have a fucking Proton account. Fuck.

[-] dgerard@awful.systems 33 points 4 months ago

they're still least worst, but "oh the fuck no" is the correct reaction

[-] ssm@lemmy.sdf.org 27 points 4 months ago* (last edited 4 months ago)

"Pro privacy" company that cucked to the state to get a climate activist arrested (against their privacy policy that they sneakily change after the fact) are actually a bunch of typical corporate grifters that sell out their userbase to promote shitty llm garbage? Nawwwwwww. Say it ain't so! It's like every week or month after I argue about these shitty fake privacy companies with idiots in c/privacy I recieve massive vindication. Maybe this is my sign to become a man of faith.

[-] Banshee@midwest.social 27 points 4 months ago* (last edited 4 months ago)

I'm also sick of hearing about Swiss privacy laws. Their intelligence service got busted covering for a US and German spy front operation in Switzerland. If it happened once, I promise it has happened before and since.

Edit for those who can't click: a front company in Switzerland sold fake encrypted communications services around the world for years, possibly decades, with the assistance of Swiss intelligence agencies.

[-] skillissuer@discuss.tchncs.de 24 points 4 months ago

it's as if swiss privacy laws are only useful for big time, pre-crypto, old school money laundering

[-] gerikson@awful.systems 14 points 4 months ago* (last edited 4 months ago)

"Swiss privacy" for online services is a bit like "Swiss made" for expensive watches - a marketing term.

[-] barsquid@lemmy.world 12 points 4 months ago

What's your alternative to the fake privacy company? I'm assuming the correct thing would be: if your threat model does not include governments, self hosted email, or if it does include governments, probably don't use email.

[-] Banshee@midwest.social 20 points 4 months ago

Self hosted email is its own can of worms. I wouldn't recommend it to anyone outside of experienced IT people. You'll end up blacklisted before you send your first email if you do anything wrong (and there's a lot that can go wrong), and it doesn't solve any security problems email has.

Anything sent over email just isn't private. That goes for Proton customers when they send or receive anything from a non-Proton address too. The one thing privacy email providers can actually do is keep your inbox from being scanned by LLMs and advertisers. That doesn't prevent the inboxes and outboxes of your contacts from being scanned, though.

If you use email, the best thing you can do is be mindful of what kinds of information you send through it. Use aliases via services like simple login or anonaddy when possible. Having a leaked email is a security vulnerability. Once bad actors have your email, they now have half of what they need to breach multiple accounts.

[-] dgerard@awful.systems 18 points 4 months ago* (last edited 4 months ago)

have been that sysadmin setting up a company email server. postfix is trivial to set up, absolutely the easiest experience. following that, though, was weeks of supplicant emails to MS to beg them please not to block us. My recommendation was never do this again, use a third-party outgoing email vendor, email is lost.

load more comments (9 replies)
load more comments (11 replies)
load more comments (5 replies)
[-] AcausalRobotGod@awful.systems 23 points 4 months ago

Once they activate the acausality module, you can write those responses before they even send the initial email!

load more comments (2 replies)
[-] alansuspect@aussie.zone 22 points 4 months ago

I went to Proton for the explicit reason I didn't want Google scanning all my docs. Glad I moved away from them now, hopefully Fastmail doesn't do the same.

load more comments (5 replies)
[-] Strayce@lemmy.sdf.org 18 points 4 months ago

Oh for fucks sake. I don't use their email but I don't want to have to switch VPN service AGAIN.

[-] geography082@lemm.ee 18 points 4 months ago

Never rely on multi services products from a company. I know it’s more practical but you get the real benefits of having spread services.

[-] barkingspiders@infosec.pub 17 points 4 months ago

tbf it's only in the business plans and some of the legacy lifer type plans, but yeah, wildin

[-] self@awful.systems 24 points 4 months ago

just a little violation of my trust for the company I pay for privacy and encryption services. as a treat.

[-] ChrisMcMillan@lemmy.world 15 points 4 months ago

Why is that an issue? I deploy local LLMs for work and none of the content they use or generate goes outside the encrypted active domain, so no security issues or privacy issues. The question is how contained the LLM is, that's all.

[-] self@awful.systems 16 points 4 months ago

did you read the parts of the article that describe why the LLM is an issue?

load more comments (26 replies)
[-] Diurnambule@jlai.lu 15 points 4 months ago

Rhaa fk, enshitification... I don't want to host my emails...

[-] Beaver@lemmy.ca 12 points 4 months ago

It should be an option that is turned off

[-] dgerard@awful.systems 34 points 4 months ago

it was acausally enabled before you clicked on it, for your comfort and convenience, like the new ad tracker built into Firefox 128

[-] self@awful.systems 22 points 4 months ago

alternatively, if the only version of this that doesn’t break Proton’s e2e security model is the local-only version, maybe don’t ship the cloud hosted version of the feature under any circumstances

I’d still hate the feature because the LLM model’s derived from plagiarized work and the labor of exploited workers from the global south, but this didn’t have to be a fucking privacy catastrophe

load more comments
view more: next ›
this post was submitted on 18 Jul 2024
317 points (100.0% liked)

TechTakes

1435 readers
64 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 1 year ago
MODERATORS