this post was submitted on 18 Jul 2024
326 points (99.7% liked)

TechTakes

1437 readers
84 users here now

Big brain tech dude got yet another clueless take over at HackerNews etc? Here's the place to vent. Orange site, VC foolishness, all welcome.

This is not debate club. Unless it’s amusing debate.

For actually-good tech, you want our NotAwfulTech community

founded 1 year ago
MODERATORS
dgerard@awful.systems
326
Proton Mail goes AI, security-focused userbase goes ‘what on earth’ (pivot-to-ai.com)
submitted 4 months ago by dgerard@awful.systems to c/techtakes@awful.systems
184 comments fedilink hide all child comments
 

we appear to be the first to write up the outrage coherently too. much thanks to the illustrious @self

you are viewing a single comment's thread
view the rest of the comments
[–] froztbyte@awful.systems 8 points 4 months ago (5 children)

bit of a whoopsie walkback after caught pants down

totes normal. everyone has this all the time, amirite?!

[–] fasterandworse@awful.systems 8 points 4 months ago (4 children)

let's see how many steps they take back

[–] self@awful.systems 9 points 4 months ago (3 children)

also I keep meaning to push on this and getting distracted:

only for business users, who have asked for it

fuck no, this breaks the security model for every proton user. one of the key assumptions of Proton’s end to end encrypted model is that the plaintext of a messsge never touches Proton’s servers, on both ends of the conversation. now if a proton business/visionary (and they keep fucking forgetting they forced their visionary accounts into having this horseshit) user sends me a message or a reply, there’s a chance the plaintext on their end was exposed to Proton’s servers, and as the receiver I can’t control or even detect the conditions that cause the plaintext leak (is the sender a proton business/visionary account? did they use the cloud version of the LLM? what text did it operate on?)

fucking unworkable. I’m not even a cryptographer, but this is the most obvious plaintext leak I’ve ever seen in a cryptography product.

[–] froztbyte@awful.systems 9 points 4 months ago (1 children)

also the other one, where this feature gets lacklustre uptake but not enough to kill it, and then it just gets sorta shoved into a side panel, and then every so often it's turned on by default again because someone updated the config/prefs code or some other banal-but-instantly-effective reason (presuming it's not even intentionally turned on again by adding new default-on settings for "different" uses-that-to-build features)

[–] self@awful.systems 7 points 4 months ago

“but that’s insanely paranoid, nobody would take a risk like that into account” shout the big Proton fans doing security kayfabe. “are you fucking lost”, I shout back

load more comments (1 replies)
load more comments (1 replies)
load more comments (1 replies)