They are not supposed to be able to and well designed e2ee services can’t be. That’s the whole point of e2ee.
You’re using their client. You get a fresh copy every time it changes.
Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source
DreamlandLividity@lemmy.world 3 weeks agoA local LLM is one YOU run on YOUR machine.
Yes, that is exactly what I am saying. You seem to be confused by basic English.
Look, Proton can at any time MITM attack your email
They are not supposed to be able to and well designed e2ee services can’t be.
There is no such thing as e2ee LLMs. That’s not how any of this works.
I know, yet proton is happily advertising one. Just read their page.
jerkface@lemmy.ca 3 weeks ago
DreamlandLividity@lemmy.world 3 weeks ago
If you insist on being a fanboy than go ahead. But this is like arguing a bulletproof vest is useless because it does not cover your entire body.
null@lemmy.nullspace.lol 3 weeks ago
Or because the bulletproof vest company might sell you a faulty one as part of a conspiracy to kill you.
hansolo@lemmy.today 3 weeks ago
So then you object to the premise any LLM setup that isn’t local can ever be “secure” and can’t seem to articulate that.
What exactly is dishonest here? The language on their site is factually accurate, I’ve had to read it 7 times today because of you all. You just object to the premise of non-local LLMs and are, IMO, disingenuously making that a “brand issue” because…why? It sounds like a very emotional argument as it’s not backed by any technical discussion beyond “local only secure, nothing else.”
Beyond the fact that
So then you trust that their system is well-designed already? What is this cognitive dissonance that they can secure the relatively insecure format of email, but can’t figure out TLS and flushing logs for an LLM on their own servers? If anything, it’s not even a complicated setup. TLS to the context window, don’t keep logs, flush the data. How do you think no-log VPNs work? This isn’t exactly all that far off from that.
DreamlandLividity@lemmy.world 3 weeks ago
I object to how it is written. Yes, technically it is not wrong. But it intentionally uses confusing language and rare technical terminology to imply it is as secure as e2ee. They compare it to proton mail and drive that are supposedly e2ee.
loudwhisper@infosec.pub 3 weeks ago
Only drive is. Email is not always e2ee, it uses zero-access encryption which I believe is the same exact mechanism used by this chatbot, so the comparison is quite fair tbh.
DreamlandLividity@lemmy.world 3 weeks ago
Well, even the mail is sometimes e2ee. Making the comparison without specifying is like marketing your safe as being used in Fort Knox and it turns out it is used for payroll documents like in every company. Technically true but misleading as hell. When you hear Fort Know, you think gold vault. If you hear proton mail, you think e2ee even if most mails are external.
hansolo@lemmy.today 3 weeks ago
It is e2ee – with the LLM context window!
When you email someone outside Proton servers, doesn’t the same thing happen anyway? But the LLM is on Proton servers, so what’s the actual vulnerability?
DreamlandLividity@lemmy.world 3 weeks ago
It is not. Not in any meaningful way.
Yes it does.
Again, the issue is not the technology. Tge issue is deceptive marketing. Why doesn’t their site clearly say what you say? Why use confusing technical terms most people won’t understand and compare it to drive that is fully e2ee.