93
Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source (pivot-to-ai.com)
submitted 1 day ago by dgerard@awful.systems to c/techtakes@awful.systems
14 comments fedilink hide all child comments

https://pivottoai.libsyn.com/20250802-protons-lumo-ai-chatbot-not-end-to-end-not-open-source - podcast
https://www.youtube.com/watch?v=HDPZbUPUFyk&list=UU9rJrMVgcXTfa8xuMnbhAEA - video

top 14 comments
sorted by: hot top controversial new old
[-] taro_purple@sh.itjust.works 21 points 1 day ago

I used protonmail in its early days but stopped after they started putting resources to pursuing cryptocurrency when their mail service was still not totally complete and while they also had ambitious plans for a whole office ecosystem as an alternative to Google docs etc. Seeing the zeal for this cryptocurrency angle at the time evaporated any trust I had in their product decision-making.

That and I remember a lot of their marketing being around the fact that they had ex-CERN employees but IIRC they weren't working on anything cryptography or security related at CERN so it sounded like they were just assuming scientists are smart so people will just assume their product is safer, which was a bit sus.

This chatbot thing is totally in line with that so I guess they haven't really changed.

[-] Soyweiser@awful.systems 5 points 18 hours ago

Unrelated to protonmail, but related to getting the wrong guy for the job. The telegram CEO said that the cryptography of telegram was coded by his brother. (The CEO is also famously not a persona non grata in Russia which likely means the FSB has access to telegram (And if they have access, more people can have it))

[-] dgerard@awful.systems 6 points 16 hours ago

Nikolai Durov has two Ph.Ds in maths, and is convinced he is the smartest man in the world, and Telegram's cryptography follows directly

[-] Seminar2250@awful.systems 5 points 16 hours ago* (last edited 16 hours ago)

i made the stupid mistake of doing math, then cs

surrounded by

my narrow technical specialty + lack of experience or knowledge of other fields = i'm the smartest, here is a trivial solution to your problem

constantly

[-] o7___o7@awful.systems 47 points 1 day ago* (last edited 1 day ago)

Following proton's recent development has been like seeing a friend become way too interested in gas station drugs

[-] cypherpunks@lemmy.ml 2 points 17 hours ago

The cool trick they do is that not even Proton can decode your email. That’s because it never exists on their systems as plain text — it’s always encrypted! The most Proton can do if a government comes calling is give them the metadata — who you emailed and when — but not the text itself.

This is not actually true when using Proton's web mail interface, because the encryption and decryption is performed by javascript which is sent from Proton's server to the (signed-in, easy to identify) user every time they load the page. So, when the government comes calling, they can simply ask Proton to send certain users some slightly different javascript once which exfiltrates the targeted users' keys to them. sadtrombone.mp3

[-] self@awful.systems 8 points 16 hours ago

that’s utterly trivial for a sufficiently paranoid user’s browser to detect, and damning for proton if it is (not to mention, pushing hostile JavaScript doesn’t work for users on the imap bridge or using mobile apps they update via methods that can’t easily be tracked like Obtainium on Android)

the mechanisms proton uses to exfiltrate encrypted data and get their users arrested are far more subtle and deniable than that basic shit. specifically, they’ve been silently overcomplying with law enforcement data requests for years, which has led to documented arrests of activists, and all of their LLM features represent a significant data leak, as all of them are implemented in a way that sends cleartext to proton’s servers while maintaining the illusion that the feature is more secure than it is.

I wouldn’t be at all surprised if they were doing more evil shit than the above, but I would be very surprised if any of it were in the form of JavaScript that the user could, you know, deobfuscate and read

[-] cypherpunks@lemmy.ml 1 points 16 hours ago* (last edited 16 hours ago)

that’s utterly trivial for a sufficiently paranoid user’s browser to detect

How many of their users do you think are sufficiently paranoid?

And if it is utterly trivial, I am curious how you think a sufficiently paranoid user actually would go about detecting such an attack, much less detecting it prior to running the malicious javascript and having their keys exfiltrated. For detecting it after the code has already run, ok, I know how to use mitm proxy to record the javascript being sent to my browser. (Which is the first step of detecting an attack... the next steps involve analyzing the legitimate changes to the code and discerning them from malicious changes.)

I could also imagine a variety of ways (using mitm proxy, or a browser extension) to try to avoid running new javascript before seeing it and having a chance to analyze it - but all of the ways I can imagine would require a substantial amount of work, including writing new software.

Do you know of any existing browser extension or other software which sufficiently paranoid protonmail users can/should/do use to detect and/or actually prevent the type of targeted attack I'm describing?

doesn’t work for users on the imap bridge

Yes that is why i said "when using Proton's web mail interface" - which I expect 100% of users of other interfaces also sometimes log in to.

[-] self@awful.systems 6 points 15 hours ago

How many of their users do you think are sufficiently paranoid?

for fucking Proton of all things? come the fuck off it.

the rest of your post is wrong, but in a really boring way? like, you get that there’s a bunch of ways to catch this shit but want me to do the labor of proving that it’s possible for some reason? no, fuck off, go cosplay as a privacy expert elsewhere.

[-] self@awful.systems 5 points 15 hours ago* (last edited 15 hours ago)

and for the users at home playing the drinking game: of course this weird fuck’s been giving dangerously bad advice on privacy lemmy, why wouldn’t he be

I ain’t gonna dig any deeper to find out if privacy Typhoid Mary over here has a uniquely bad gpg setup he loves but if anyone does: that’s another shot

e: also lol @ coming into TechTakes with an account named after the fucking cypherpunks mailing list

[-] Seminar2250@awful.systems 3 points 14 hours ago

weird fuck's post reads to me as the mistake of thinking web/js is uniquely capable of dynamic code loading

what is stopping a desktop or mobile client from running new/different code? the only solution im aware of (we're in halting problem territory here, probably, though grapheneos has "prevent DCL from storage/memory" toggles so idk) is to inspect the code to make sure it does what they say and then cryptographically sign it

[-] self@awful.systems 5 points 13 hours ago

exactly, it’s not a problem that’s unique to the web. I’d argue that as an execution environment, the browser has properties that make it slightly easier to catch this class of attack (though as you said, we’re in halting problem territory so there’s no universal check for this kind of thing):

  • there’s browser plugins (for Firefox at least, I don’t care about chrome) that alert you if the JavaScript you’ve been sent has changed and provide some tools to evaluate what specifically changed
  • you can examine JS memory in depth with a variety of tools, all of which come with the browser
  • you get a running log of network requests
  • as our intrepid cypherpunk visitor noted, you can mitmproxy it if you really want to? they seem to think it’ll be too late to do anything by then but like, losing your keys to an SLA doesn’t instantly dissolve you in a vat of acid or anything. they’ve still left forensic evidence of an attack in your browser’s cache and the potential for you to catch it and make a terrible lot of noise about it, and they really didn’t need to — Proton’s security is compromised enough by entirely silent server-side cleartext leaks, metadata logging (they turn it on silently on law enforcement requests; their no-logs policy is a legal no-op), and other evil fuckery

and I do have to emphasize that last bit. I’m not here to praise Proton, I’m here to bury it correctly. if the worst thing you’ve got to say about proton is that an SLA could request a custom JS exploit be sent to your browser, then it’s probably still a perfectly fine service to use if you’re just chatting with your grandma and your drug dealer, depending on your threat model. I’d argue that Proton isn’t suitable for anybody, because the class of attacks they’ve enabled allow for quiet mass surveillance, rather than the motivated (and loud) targeted kind.

[-] SadSadSatellite@lemmy.dbzer0.com 17 points 1 day ago

Fuck

[-] the_q@lemmy.zip 9 points 1 day ago

Introduce money into a system guarantees that system will degrade.

this post was submitted on 02 Aug 2025
93 points (100.0% liked)

TechTakes

2097 readers
155 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 2 years ago
MODERATORS
dgerard@awful.systems