Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source

<- View Parent
DeathByBigSad@sh.itjust.works ⁨1⁩ ⁨day⁩ ago

Incoming Emails that aren’t from proton, or PGP encrypted (which are like 99% of emails), arrives at Proton Servers via TLS which they decrypt and then have the full plaintext. This is not some conspiracy, this is just how email works.

Now, Proton and various other “encrypted email” services then take that plaintext and encypt it with your public key, then they’re supposed to discard the plaintext, so that in case of a future court order, they wouldn’t have the plaintext anymore.

But you can’t be certain if they are lying, since they do necessarily have to have access to the plaintext for email to function. So “we can’t read your emails” comes with a huge asterisk, it onlu applies to those sent between Proton accounts or other PGP encrypted emails, your average bank statement and tax forms are all accessible by Proton (you’re only relying on their promise to not read it).

source
Sort:hotnewtop