319
Proton is vibe coding some of its apps. (lemmy.dbzer0.com)
submitted 15 hours ago* (last edited 15 hours ago) by irelephant@lemmy.dbzer0.com to c/privacy@lemmy.dbzer0.com
75 comments fedilink hide all child comments

TranscriptA post by [object Object] (@zzt@mas.to) saying: courtesy of @davidgerard@circumstances.run, Proton is now the only privacy vendor I know of that vibe codes its apps: In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure! I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957

It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f

given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public

top 50 comments
sorted by: hot top controversial new old
[-] cy_narrator@discuss.tchncs.de 2 points 34 minutes ago

Its like complaining an accountant uses a calculator

[-] burgerpocalyse@lemmy.world 2 points 22 minutes ago

i would not trust an accountant who lacks traditional math skills and also that uses a calculator that occasionally returns random numbers

[-] favoredponcho@lemmy.zip 1 points 3 hours ago

I’ll hold my judgment given that this source of this is that massive asshole, David Gerard.

[-] daniskarma@lemmy.dbzer0.com 24 points 9 hours ago

Do you understand the difference between using AI assistance for coding and vibe code?

[-] ayyy@sh.itjust.works 10 points 9 hours ago

That’s literally the definition of “vibe coding”…

[-] Electricd@lemmybefree.net 19 points 10 hours ago

I don’t really care

[-] alsaaas@lemmy.dbzer0.com 14 points 10 hours ago

ok and? No other service offers as complete a package as Proton

[-] InFerNo@lemmy.ml 27 points 9 hours ago

This is the argument people use when discussing Microsoft products

[-] alsaaas@lemmy.dbzer0.com 9 points 8 hours ago* (last edited 7 hours ago)

Is M$ stuff provably e2ee? Is Proton a publicly traded company? Does M$ have even close as good a track record as Proton? Are most M$ clients OSS?

Edit: Proton isn't perfect, not by a long stretch. I'm not stanning them either way, but being alarmist and giving in to mob mentality is counterproductive.

For me they just offer the right balance of being partially OSS, strong privacy and strong security that I can pragmatically "overlook" things even as a leftist and free/libre "hardliner" (as I already mentioned: the pragmatic kind. I don't see a point in using Linux-Libre and am ok with proprietary blobs or "tainted" packages for codecs necessary for piracy if there is no alternative and if they don't cause active harm (as in "phoning home" or shit like that. Linux-libre is a detriment to your security BTW)

[-] Doomsider@lemmy.world 1 points 3 hours ago

Oh lookie here we got another Proton payer slash sucker who likes to rationalize giving money to corporations because "privacy".

I don't mean to sound alarmist, but you seem really naive while trying to lick Proton's boots.

[-] irelephant@lemmy.dbzer0.com 9 points 10 hours ago

Yeah, I'm hypocritical with proton, I use it myself, but I think people should just pay a bit more attention to what they're doing.

[-] alsaaas@lemmy.dbzer0.com 8 points 9 hours ago

I use it with the full knowledge that they will start to track me and share my IP with Europol if they come with a warrant. (They are unable to comply with anything further, thanks to their e2e architecture)

It is part of my threat model and I use it solely for private stuff.

I couldn't care less that the CEO had one slipup praising a Republican with a seemingly good track record (although I did not investigate that matter)

And being a Luddite about AI is really counterproductive, it has arrived in our society and if correctly utilised will be just another tool used to automate or autocomplete etc.

Basically what your IDE already does but on steroids

(Disclaimer: it's Friday and I'm tired so there is a real – if small – chance I'm being a contrarian armed with superficial knowledge. I can't rly tell myself 🙃)

[-] irelephant@lemmy.dbzer0.com 8 points 9 hours ago

I don't think using proton is a personal moral failure, I just think these things are worth discussing.

[-] Doomsider@lemmy.world 1 points 3 hours ago

Using a corporation to provide "privacy" is most certainly a logical and moral failing.

[-] alsaaas@lemmy.dbzer0.com 5 points 9 hours ago

I totally agree, but think that the toot you shared is a bit alarmist

load more comments (3 replies)
[-] galoisghost@aussie.zone 130 points 14 hours ago

Um, it’s a public repository. You can view the code that’s been added. Even if it IS AI generated, you can review it yourself.

I’m as anti-AI as anyone but this is misplaced AI-alarmism.

[-] oatscoop@midwest.social 8 points 4 hours ago* (last edited 4 hours ago)

can review it yourself.

You're a supervisor and you have 2 employees: Bill and Jim. As a supervisor your job is to ensure the work is being done correctly.

Bill is competent and rarely makes major mistakes. Jim does a decent job most of the time ... but he's also a savant at screwing up -- he regularly fucks up in ways that aren't immediately obvious but are guaranteed to cause serious problems days to weeks from the screw up.

You can glance over Bill's work and be fairly certain it's fine. You need to go over every single piece Jim's work to check for problems, and even then some are probably going to slip through.

AI is currently Jim, and Jim has no business writing code for anything privacy or security focused.

[-] expr@programming.dev 13 points 10 hours ago

That is pretty immaterial to the issue. The issue is that when it comes to security, it's extremely poor form to rely on unintelligent mimicry.

[-] homesweethomeMrL@lemmy.world 65 points 14 hours ago

Does anyone here actually review code?

[-] CrazyHorse@lemmy.cafe 169 points 14 hours ago

Only my own code and so far most of it has been unacceptable.

[-] HakunaHafada@lemmy.dbzer0.com 29 points 13 hours ago

Pure, unabashed honesty. I love it. 🫶

[-] GissaMittJobb@lemmy.ml 10 points 12 hours ago

Yes, and it's one of the most important things I do. Given the AI codegen boom we're seeing, it's also the skill I have that is increasing the fastest in value.

[-] hansolo@lemmy.today 12 points 13 hours ago

Does anyone here realize that one person using Cursor doesnt mean "tHeY'rE vIbE cOdInG aCrOsS tHe wHoLe pLaCe!"

[-] ayyy@sh.itjust.works 9 points 9 hours ago* (last edited 9 hours ago)

Then why didn’t they just say that instead of being shady and rewriting history?

[-] hansolo@lemmy.today 2 points 8 hours ago

Because it's also not a great idea to expose your rules files, and tell people first "oh shit, we mentioned rules files. Please don't look!" before

I'll be honest here, I've had less dogmatic conversations with conspiracy theorists about COVID. If you just need to make this a huge problem that later turns out to be a nothingburger and you'll never look back and grow as a human, then hey, you do you. But know that you'll look like a fool to anyone that isn't a goldfish and remembers more than 3 months at a time. Because you clearly don't know what's a big deal and what's not, and this is a Grade A waste of all our time to pitch a fit about.

load more comments (5 replies)
[-] Kirk@startrek.website 24 points 13 hours ago

Probably anti-Proton. I'm no conspiracy theorist, but the amount of pro BlueSky, anti Proton, anti Signal people I see on Lemmy make me wonder sometimes.

[-] alsaaas@lemmy.dbzer0.com 4 points 10 hours ago

It really reminds me of the Mastodon mob mentality that caused so much trouble for fosstodon :/

load more comments (1 replies)
[-] hanrahan@slrpnk.net 27 points 11 hours ago

And still no drive client for Linux..Fuck those guys :)

[-] downhomechunk@lemmy.dbzer0.com 1 points 5 hours ago

Rclone foo!

[-] Taldan@lemmy.world 6 points 9 hours ago

Their Linux VPN client might as well not exist. No kill switch and it randomly disconnects/crashes. Sometimes it completely borks networking necessitating a reboot, which I guess can be better than just leaking your IP?

[-] lambalicious@lemmy.sdf.org 2 points 3 hours ago

Isolating the VPN into docker + gluetun should (should) solve that particular issue.

[-] redxef@feddit.org 1 points 6 hours ago

I just use plain old openvpn configs. Once my credit runs out ill switch to mullvad. They were the best option for a time, but that changes.

[-] panda_abyss@lemmy.ca 82 points 15 hours ago

I’d bet they just added it to their global .gitignore where it should be, then removed it because they didn’t want their private dot files committed to a public repo.

I don’t think this user knows much about git works. I don’t think this is nefarious or “vibe coding” as it’s colloquially known to be. It’s a bit much to describe all LLM use blindly as vibe coding, when vibe coding usually means just blanket accepting AI content.

[-] docd@lemmy.world 1 points 2 hours ago

Pretty on point, the .gitignore in the repo has a CLAUDE.md

https://github.com/ProtonMail/WebClients/blob/main/.gitignore

[-] taco@piefed.social 20 points 14 hours ago

I don't think the concern is as much with the purity of their vibe coding, but rather that they're using an AI-first editor. This will almost certainly mean everything they're coding is being shared with AI provider(s) during the process, which some would view as at odds with Proton's stated emphasis on privacy.

[-] Egonallanon@feddit.uk 41 points 14 hours ago* (last edited 14 hours ago)

Is the privacy of their code that much of an issue in this case given its a public repo? Its going to get scraped by the bots regardless.

load more comments (1 replies)
load more comments (4 replies)
[-] SlartyBartFast@sh.itjust.works 15 points 13 hours ago

This guy seems somewhat biased against this Proton feller

load more comments
view more: next ›
this post was submitted on 08 Aug 2025
319 points (100.0% liked)

Privacy

3436 readers
692 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 9 months ago
MODERATORS
fxomt@lemmy.dbzer0.com
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
fxomt@piefed.social