The worst part is that once again, proton is trying to convince its users that it’s more secure than it really is. You have to wonder what else their are lying or deceiving about.
Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source
Submitted 3 weeks ago by Pro@programming.dev to technology@lemmy.world
https://pivot-to-ai.com/2025/08/02/protons-lumo-ai-chatbot-not-end-to-end-encrypted-not-open-source/
Comments
DreamlandLividity@lemmy.world 3 weeks ago
hansolo@lemmy.today 3 weeks ago
Both your take, and the author, seem to not understand how LLMs work. At all.
At some point, yes, an LLM model has to process clear text tokens. There’s no getting around that. Anyone who creates an LLM that can process 30 billion parameters while encrypted will become an overnight billionaire from military contracts alone. If you want absolute privacy, process locally. Lumo has limitations, but goes farther than duck.ai at respecting privacy. Your threat model and equipment mean YOU make a decision for YOUR needs. This is an option. This is not trying to be one size fits all. You don’t HAVE to use it. It’s not being forced down your throat like Gemini or CoPilot.
And their LLM. - it’s Mistral, OpenHands and OLMO, all open source. It’s in their documentation. So this article is straight up lies about that. Like… Did Google write this article? It’s simply propaganda.
Also, Proton does have some circumstances where it lets you decrypt your own email locally. Otherwise it’s basically impossible to search your email for text in the email body. They already had that as an option, and if users want AI assistants, that’s obviously their bridge. But it’s not a default setup. It’s an option you have to set up. It’s not for everyone. Some users want that. It’s not forced on everyone. Chill TF out.
DreamlandLividity@lemmy.world 3 weeks ago
Their AI is not local, so adding it to your email means breaking e2ee. That’s to some extent fine. You can make an informed decision about it.
But proton is not putting warning labels on this. They are trying to confuse people into thinking it is the same security as their e2ee mails. Just look at the “zero trust” bullshit on protons own page.
wewbull@feddit.uk 3 weeks ago
If an AI can work on encrypted data, it’s not encrypted.
ztwhixsemhwldvka@lemmy.world 3 weeks ago
Mullvad FTW
DreamlandLividity@lemmy.world 3 weeks ago
Yes, indeed. Even so, just because there is a workaround, we should not ignore the issue (governments descending into fascism).
ordnance_qf_17_pounder@reddthat.com 3 weeks ago
MullChad is the best for anyone who doesn’t require port forwarding
Vinstaal0@feddit.nl 2 weeks ago
We really need to audit Proton
sir_pronoun@lemmy.world 3 weeks ago
Sauce?
DreamlandLividity@lemmy.world 3 weeks ago
Zero-access encryption
Your chats are stored using our battle-tested zero-access encryption, so even we can’t read them, similar to other Proton services such as Proton Mail, Proton Drive, and Proton Pass.
from protons own website.
And why this is not true is explained in the article from the main post.
brucethemoose@lemmy.world 3 weeks ago
First of all…
Why does an email service need a chatbot. Even for business? Is it an enhanced search over your emails or something? Like, what does it do that any old chatbot wouldn’t?
WhyJiffie@sh.itjust.works 3 weeks ago
Why does an email service need a chatbot, even for business?
they are not only an email service, for quite some time now
There are about a bajillion of these, and one could host the same thing inside docker in like 10 minutes.
sure, with a thousand or two dollars worth of equipment and then computer knowledge. Anyone could do it really. but even if not, why don’t they just rawdog deepseek? I don’t get it either
…On the other hand, it has no access to email I think?
that’s right. you can upload files though, or select some from your proton drive, and can do web search.
brucethemoose@lemmy.world 3 weeks ago
sure, with a thousand or two dollars worth of equipment and then computer knowledge. Anyone could do it really. but even if not, why don’t they just rawdog deepseek? I don’t get it either
What I mean is there are about 1000 different places to get 32B class models via Open Web UI with privacy guarantees.
With mail, vpn, (and some of their other services?) they have a great software stack and cross integration to differentiate them, but this is literally a carbon copy of any Open Web UI service…
I’m not trying to sound condescending, but it really feels like a cloned “me too,” with the only value being the Proton brand and customer trust.
DarkDarkHouse@lemmy.sdf.org 3 weeks ago
I guess the sell is easy access to Proton Drive for RAG here?
badelf@lemmy.dbzer0.com 3 weeks ago
Proton has my vote for fastest company ever to completely enshittify.
EncryptKeeper@lemmy.world 3 weeks ago
How have they enshittified? I haven’t noticed anything about their service get worse since they started.
stevedice@sh.itjust.works 3 weeks ago
Does it even counts as enshittifying if they were born that way?
badelf@lemmy.dbzer0.com 2 weeks ago
They Did have a good idea in the begining. Tutanova remains.
Gaja0@lemmy.zip 3 weeks ago
I’m just saying Andy sucking up to Trump is a red flag. I’m cancelling in 2026 🫠
BlameTheAntifa@lemmy.world 3 weeks ago
What are you considering as alternatives?
kokomo@lemmy.kokomo.cloud 3 weeks ago
I highly suggest Tuta, tuta.com, or other conventional mail boxes like mailbox.org/en/
A_norny_mousse@feddit.org 3 weeks ago
For a critical blog, the first few paragraphs sound a lot like they’re shilling for Proton.
I’m not sure if I’m supposed to be impressed by the author’s witty wording, but “the cool trick they do” is - full encryption.
Moving on.
But that’s misleading. The actual large language model is not open. The code for Proton’s bit of Lumo is not open source. The only open source bit that Proton’s made available is just some of Proton’s controls for the LLM. [GitHub]
In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure!
oof.
Over the years I’ve heard many people claim that proton’s servers being in Switzerland is more secure than other EU countries - well there’s also this now:
Proton is moving its servers out of Switzerland to another country in the EU they haven’t specified. The Lumo announcement is the first that Proton’s mentioned this.
No company is safe from enshittification - always look for, and base your choices on, the legally binding stuff, before you commit. Be wary of weasel wording. And always, always be ready to move* on when the enshittification starts despite your caution.
* regarding email, there’s redirection services a.k.a. eternal email addresses - in some cases run by venerable non-profits.
Tetsuo@jlai.lu 3 weeks ago
Regarding the fact that proton stops hosting in Switzerland : I thought it was because of new laws in Switzerland and that they hzf not much of a choice ?
DeathByBigSad@sh.itjust.works 3 weeks ago
The law isn’t a law yet, its a just a proposal. Proton is still in Switzerland, but they said they’re gonna move if the surveillance law actually becomes law.
loudwhisper@infosec.pub 3 weeks ago
Over the years I’ve heard many people claim that proton’s servers being in Switzerland is more secure than other EU countries
Things change. They are doing it because Switzerland is proposing legislation that would definitely make that claim untrue. Europe is no paradise, especially certain countries, but it still makes sense.
From the lumo announcement:
Lumo represents one of many investments Proton will be making before the end of the decade to ensure that Europe stays strong, independent, and technologically sovereign. Because of legal uncertainty around Swiss government proposals(new window) to introduce mass surveillance — proposals that have been outlawed in the EU — Proton is moving most of its physical infrastructure out of Switzerland. Lumo will be the first product to move.
This shift represents an investment of over €100 million into the EU proper. While we do not give up the fight for privacy in Switzerland (and will continue to fight proposals that we believe will be extremely damaging to the Swiss economy), Proton is also embracing Europe and helping to develop a sovereign EuroStack(new window) for the future of our home continent. Lumo is European, and proudly so, and here to serve everybody who cares about privacy and security worldwide.
ItsComplicated@sh.itjust.works 3 weeks ago
Switzerland has a surveillance law in the works that will force VPNs, messaging apps, and online platforms to log users’ identities, IP addresses, and metadata for government access
hansolo@lemmy.today 3 weeks ago
Really? This article reads like it’s AI slop reproducing Proton copy then pivoting to undermine them with straight up incorrect info.
You know how Microsoft manages to make LibreOffice pulls errors on Windows 11? You really didn’t stop to think that Google might contract out some slop farms to shit on Proton?
cley_faye@lemmy.world 3 weeks ago
Any business putting “privacy first” thing that works only on their server, and requires full access to plaintext data to operate, should be seen as lying.
I’ve been annoyed by proton for a long while; they do (did?) provide a seemingly adequate service, but claims like “your mails are safe” when they obviously had to have them in plaintext on their server, even if only for compatibility with current standards, kept me away from them.
EncryptKeeper@lemmy.world 3 weeks ago
they obviously had to have them in plaintext on their server, even if only for compatibility with current standards
I don’t think that’s obvious at all. On the contrary, that’s a pretty bold claim to make, do you have any evidence that they’re doing this?
DeathByBigSad@sh.itjust.works 3 weeks ago
Incoming Emails that aren’t from proton, or PGP encrypted (which are like 99% of emails), arrives at Proton Servers via TLS which they decrypt and then have the full plaintext. This is not some conspiracy, this is just how email works.
Now, Proton and various other “encrypted email” services then take that plaintext and encypt it with your public key, then they’re supposed to discard the plaintext, so that in case of a future court order, they wouldn’t have the plaintext anymore.
But you can’t be certain if they are lying, since they do necessarily have to have access to the plaintext for email to function. So “we can’t read your emails” comes with a huge asterisk, it onlu applies to those sent between Proton accounts or other PGP encrypted emails, your average bank statement and tax forms are all accessible by Proton (you’re only relying on their promise to not read it).
cley_faye@lemmy.world 3 weeks ago
Yes. They support IMAP. Which means, IMAP client can read your mails from the server. IMAP protocol does not support encryption, so any mail that does not add another layer of encryption (like GPG with encryption) implies that your mail is available in plaintext through IMAP, and as such, on the server.
If that’s not enough, when you send a mail to a third party that just use plain, old regular mail, it is sent from their (proton’s) SMTP server, in plaintext. Again, unless you add a layer of encryption (assuming the recipient understands it, too), it’s plaintext. On the servers.
Receiving is the same; if someone sends a mail to your proton address, is shows up in full plaintext on their SMTP server. Whatever they do after that (and we’ve established it’s not client-controlled encryption), they have access to it.
In the case of GPG with encryption (not only for signature), then the message is encrypted everywhere (assuming your “sent” folder is configured properly). But that requires both you and the other party to support that, which have nothing to do with proton; you could as well do that over gmail.
So, no, not a bold claim. The very basic of how emails standards works requires it.
Now, I’m not saying that Proton have nefarious plans or anything. It is very possible that they act in good faith when they say they “don’t snoop”, and maybe they even have some proper monitoring so that admin have a somewhat hard time to check in the data without leaving a trace, but it’s 100% in clear up there as long as you’re not adding your own layer of encryption on top of it, and as such, you, as the user, have to be aware of that. It might be fully encrypted at rest to prevent a third party from fetching a drive and getting data, logs might be excessively scrubbed to remove all trace of from/to addresses (something very common in logs, for maintenance purpose), they might have built-in encryption in their own clients that implement gpg or anything between their users, and they might even do it properly with full client-side controlled keypairs, but the mail content? Have to be available, or the service could not operate.
pcrazee@feddit.org 3 weeks ago
Proton has always been shitty. They don’t even give you the encryption keys. Always been a red flag for me.
Not your keys, not your encryption.
Vinstaal0@feddit.nl 2 weeks ago
For most people, having access to their own encryption keys will cause for data loss.
Most countries have systems in place that you can do proper audits on companies which you can trust. You can audit companies for securities or financial reports which are the most common once, but you can also audit a VPN if they keep logs or not (Pure VPN has done this) and you can audit them if they have access to your encryption keys or not.
We really need to normalise that kind of control to keep companies in check.
brucethemoose@lemmy.world 3 weeks ago
OK, so I just checked the page:
Looks like a generic Open Web UI instance, much like Qwen’s: openwebui.com
Based on this support mage, they are using open models and possibly finetuning them:
proton.me/support/lumo-privacy
The models we’re using currently are Nemo, OpenHands 32B, OLMO 2 32B, and Mistral Small 3
But this information is hard to find, and they aren’t particularly smart models, even for 32B-class ones.
Still… the author is incorrect, they specify how long requests are kept:
When you chat with Lumo, your questions are sent to our servers using TLS encryption. After Lumo processes your query and generates a response, the data is erased. The only record of the conversation is on your device if you’re using a Free or Plus plan. If you’re using Lumo as a Guest, your conversation is erased at the end of each session. Our no-logs policy ensures wekeep no logs of what you ask, or what Lumo replies. Your chats can’t be seen, shared, or used to profile you.
But it also mentions that, as is a necessity now, they are decrypted on the GPU servers for processing. Theoretically they could hack the input/output layers and the tokenizer into some kind of “more” E2E encryption scheme, but I haven’t heard of anyone doing this yet…
lIlIlIlIlIlIl@lemmy.world 3 weeks ago
This was it for me, cancelled my account. Fuck this Andy moron
jjlinux@lemmy.zip 3 weeks ago
Well, I’m keeping mine. I’m actually very happy with it. This article is full slop, with loads of disinformation, and an evident lack of research. It looks like it was made with some Ai bullshit and the writer didn’t even check what that thing vomited.
stevedice@sh.itjust.works 3 weeks ago
It was Snowball! He wrote the article! Must have been!
brucethemoose@lemmy.world 3 weeks ago
+1, it appears they didn’t check the support page:
archchan@lemmy.ml 3 weeks ago
There’s some good discussion about the security in the comments, so I’m just going to say that Lumo’s Android app required the Play Store and GPlay Services.
It’s also quite censored.
Trihilis@ani.social 2 weeks ago
I’m not impressed by Proton at all tbh. There are plenty of reasons to dislike them. Here is a nice article about it:
マリウス.com/i-do-not-recommend-proton-mail/
Disclaimer: always do your own research as well.
EncryptKeeper@lemmy.world 2 weeks ago
No chance anyone’s clicking on that link
Harry_h0udini@lemmy.dbzer0.com 2 weeks ago
Proton is shifting as mainstream company. AI craps, false misleading advertising.
nymnympseudonym@lemmy.world 2 weeks ago
And a MAGA CEO
drspawndisaster@sh.itjust.works 2 weeks ago
Welp, it’s time to move the entirety of all of my accounts to another email provider. Again. Ugh.
inso@lemmy.sdf.org 2 weeks ago
This is just wrong ans needs more nuance. medium.com/…/does-proton-really-support-trump-a-d…
Red_October@lemmy.world 2 weeks ago
Okay but are any AI chatbots really open source? Isn’t half the headache with LLMs the fact that there comes a point where it’s basically impossible for even the authors to decode the tangled madness of their machine learning?
lefixxx@lemmy.world 2 weeks ago
Yeah but you don’t open source the LLM, you open source the training code and the weights
nymnympseudonym@lemmy.world 2 weeks ago
what do you think an LLM is? once you’ve opened the weights, IMO it’s pretty open. Once they open the training data, that’s pretty damn open. What do you want a gitian reproducible build?
nymnympseudonym@lemmy.world 2 weeks ago
DesolateMood@lemmy.zip 3 weeks ago
It can’t be that stupid, you must be prompting it wrong
Eat shit
NeatNit@discuss.tchncs.de 3 weeks ago
This is an anti-AI blog, that tagline is a joke.
Skyline@lemmy.cafe 3 weeks ago
I’m not familiar with this blog, so I can’t comment on their general stance, but this particular article seems balanced and fair. They point out questionable implementation practices on Proton’s side rather than criticising the AI itself.
HootinNHollerin@lemmy.dbzer0.com 3 weeks ago
He’s being sarcastic
DesolateMood@lemmy.zip 3 weeks ago
Yeah I got there eventually
PastaCannon@lemmy.ml 3 weeks ago
Who Proton??? Nooo come on… who could ever seen this coming? 🐸🍲
matmarspace@programming.dev 2 weeks ago
I see I’m not the only one who is sceptical of that E2E “encryption”
hornedfiend@discuss.tchncs.de 2 weeks ago
I knew I made the right decision when I picked tutanota over proton.
digger@lemmy.ca 3 weeks ago
How much longer until the AI bubbles pops? I’m tired of this.
wewbull@feddit.uk 3 weeks ago
It’s when the coffers of Microsoft, Amazon, Meta and investment banks dry up. All of them are losing billions every month but it’s all driven by fewer than 10 companies. Nvidia is lapping up the money of course, but once the AI companies stop buying GPUs on crazy numbers it’s going to be a rocky ride down.
astanix@lemmy.world 3 weeks ago
Is it like crypto where cpus were good and then gpus and then FPGAs then ASICs? Or is this different?
ztwhixsemhwldvka@lemmy.world 3 weeks ago
✨
cley_faye@lemmy.world 3 weeks ago
We’re still in the “IT’S GETTING BILLIONS IN INVESTMENTS” part. Can’t wait for this to run out too.
Defaced@lemmy.world 3 weeks ago
Here’s the thing, it kind of already has, the new AI push is related to smaller projects and AI agents like Claude Code and GitHub copilot integration. MCP’s are also starting to pick up some steam as a way to refine prompt engineering. The basic AI “bubble” popped already, what we’re seeing now is an odd arms race of smaller AI projects thanks to companies like Deepseek pushing the AI hosting costs so low that anyone can reasonably host and tweak their own LLMs without costing a fortune. It’s really an interesting thing to watch, but honestly I don’t think we’re going to see the major gains that the tech industry is trying to push anytime soon. Take any claims of AGI and OpenAI “breakthroughs” with a mountain of salt, because they will do anything to keep the hype up and drive up their stock prices. Sam Altman is a con man and nothing more, don’t believe what he says.
hobovision@mander.xyz 3 weeks ago
You’re saying th AI bubble hasn’t popped because even more smaller companies and individuals are getting in on the action?
Thats kind of the definition of a bubble actually. When more and more people start trying to make money on a trend that doesn’t have that much real value in it. This happened with the dotcom bubble nearly the same. It wasn’t that the web/tech wasn’t valuable, it’s now the most valuable sector of the world economy, but at the time the bubble expanded more was being invested than it was worth because no one wanted to miss out and it was accessible enough almost anyone could try it out.
rozodru@lemmy.world 3 weeks ago
depends on what and with whom. based on my current jobs with smaller companies and start ups? soon. they can’t afford the tech debt they’ve brought onto themselves. big companies? who knows.
systemglitch@lemmy.world 3 weeks ago
Time to face the facts, this utter shit is here to stay, just like every other bit of enshitification we get exposed to.
kepix@lemmy.world 2 weeks ago
as long as certain jobs and tasks can be done easier, and searches can be done faster, its gonna stay. not a fad like nft. the bubble here is the energy and water consumption part.
kadup@lemmy.world 2 weeks ago
I’m still waiting for somebody to prove any of these statements are true. And I say that as somebody working in a company that demands that several employees use AI - all I see is that they now take extra time manually fixing whatever bad output the LLM produced, and slowly losing their ability to communicate without first consulting ChatGPT, which is both slow and concerning.