Proton Mail goes AI, security-focused userbase goes ‘what on earth’ - eviltoast

we appear to be the first to write up the outrage coherently too. much thanks to the illustrious @self

  • Steve@awful.systems
    link
    fedilink
    English
    arrow-up
    50
    ·
    edit-2
    5 months ago

    Eamonn Maguire, author of the Proton Scribe announcement post, responded to my tweet with this: https://x.com/EamonnMagu14645/status/1814062340863651965

    We built this as an opt-in alternative to the non-privacy centric options on the market.

    Our goal is always privacy by default, we want to make that possible in the GenAI world too given the number of businesses already using it, and the privacy risks other options pose.

    We built this as an opt-in alternative to the non-privacy centric options on the market. Our goal is always privacy by default, we want to make that possible in the GenAI world too given the number of businesses already using it, and the privacy risks other options pose.

    • Steve@awful.systems
      link
      fedilink
      English
      arrow-up
      23
      ·
      edit-2
      5 months ago

      not sure how legit that account is, actually. It’s not the one I @'ed - this one was created in Jan 2024 - either it’s his low-key alt or a bot

      perhaps his plausible deniability account.

      • self@awful.systems
        link
        fedilink
        English
        arrow-up
        19
        ·
        5 months ago

        do you get banned from twitter if you call him a fucking asshole?

        I’m working on a more detailed reply on mastodon but to be honest, I’m pretty sure he didn’t read the original post

        • Steve@awful.systems
          link
          fedilink
          English
          arrow-up
          18
          ·
          5 months ago

          it all stinks so much. He calls it “opt-in” but the official description of that opt-in is:

          If you try to use Proton Scribe, you will be prompted to chose between local and server-side. So, technically, it’s not active until you decide how, and if, you want to use it.

          as you can see here: https://mastodon.social/@protonprivacy/112807462045101580

          there is opt-in and then there is dangling an expired hotdog

          • self@awful.systems
            link
            fedilink
            English
            arrow-up
            13
            ·
            5 months ago

            holy fuck that’s worse than I thought

            so going back to not being able to recommend Proton to anyone again: there’s now a button (and associated “tutorial” advertising modals trying to get the user to click the button, don’t pretend there won’t be) that when clicked gives the user a confusing choice between an option that might not work and one that exfiltrates their data and claims it doesn’t (if they even get this choice on a computer that doesn’t support the local LLM), and if they interact with that it just opts them into the feature in a state that may or may not (but by default does) expose the plaintext of their messages to Proton’s servers

            and I’m supposed to recommend this horseshit to non-technical users? what’s that sound like, I wonder? “oh it’s a great privacy-oriented mail service you should pay for — but not for your business because you might fuck up and exfiltrate your data, and also there’s a chance they’ll enable the same feature for regular users at some unspecified time in the future so look out for that. oh and don’t get visionary either.” yeah fuck that