DreamlandLividity

@DreamlandLividity@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨9⁩ ⁨hours⁩ ago⁩:
I didn’t.
⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨19⁩ ⁨hours⁩ ago⁩:

is not typically a good way to sell things.

Ah yes, telling the truth is not good for sales, therefore deception is ok.

Yeah, it seems we won’t agree here. Have a nice day.
⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
If you insist on being a fanboy than go ahead. But this is like arguing a bulletproof vest is useless because it does not cover your entire body.
⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
Well, even the mail is sometimes e2ee. Making the comparison without specifying is like marketing your safe as being used in Fort Knox and it turns out it is used for payroll documents like in every company. Technically true but misleading as hell. When you hear Fort Know, you think gold vault. If you hear proton mail, you think e2ee even if most mails are external.
⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

It is e2ee

It is not. Not in any meaningful way.

When you email someone outside Proton servers, doesn’t the same thing happen anyway?

Yes it does.

But the LLM is on Proton servers, so what’s the actual vulnerability?

Again, the issue is not the technology. Tge issue is deceptive marketing. Why doesn’t their site clearly say what you say? Why use confusing technical terms most people won’t understand and compare it to drive that is fully e2ee.
⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
The easiest is to explain the consequence.

We can’t access your chat history retroactively, but we can start wiretapping your future chats.

If that is too honest for you, then just explain the data is encrypted after the LLM reads them instead of using technical terms like zero access.
⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

What exactly is dishonest here? The language on their site is factually accurate, I’ve had to read it 7 times today because of you all.

I object to how it is written. Yes, technically it is not wrong. But it intentionally uses confusing language and rare technical terminology to imply it is as secure as e2ee. They compare it to proton mail and drive that are supposedly e2ee.
⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
You understand that, but try to read it from the point of view of an average user that knows next to nothing about cyber security and LLMs. It sounds like it’s e2ee that email and drive are famous for. To us, that’s obviously impossible but most people will interpret that marketing this way.
⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

A local LLM is one YOU run on YOUR machine.

Yes, that is exactly what I am saying. You seem to be confused by basic English.

Look, Proton can at any time MITM attack your email

They are not supposed to be able to and well designed e2ee services can’t be.

There is no such thing as e2ee LLMs. That’s not how any of this works.

I know, yet proton is happily advertising one. Just read their page.
⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

Zero-access encryption

Your chats are stored using our battle-tested zero-access encryption, so even we can’t read them, similar to other Proton services such as Proton Mail, Proton Drive, and Proton Pass.

from protons own website.

And why this is not true is explained in the article from the main post.
⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
Their AI is not local, so adding it to your email means breaking e2ee. That’s to some extent fine. You can make an informed decision about it.

But proton is not putting warning labels on this. They are trying to confuse people into thinking it is the same security as their e2ee mails. Just look at the “zero trust” bullshit on protons own page.
⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
Yes, indeed. Even so, just because there is a workaround, we should not ignore the issue (governments descending into fascism).
⁨Comment⁩ on ⁨Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
The worst part is that once again, proton is trying to convince its users that it’s more secure than it really is. You have to wonder what else their are lying or deceiving about.
⁨Comment⁩ on ⁨How it feels using TOR as a Brit rn 🤘⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
I used a VPN yesterday to see how it looks in the UK. Seems a lot of porn sites don’t give a shit about UK and don’t require any verification. So one again, just the law abiding sites are punished while kids are pushed towards the lawless ones.
⁨Comment⁩ on ⁨Tea app leak worsens with second database exposing user chats⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Posted on an article about app encouraging different users to upload info about you without your consent.
⁨Comment⁩ on ⁨Proton releases a new app for two-factor authentication⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
There are no very clear reasons to distrust proton, but is it just me that finds them releasing a 2FA app kinda disturbing? Like, why waste the resources? What could they do better than Aegis? If there is no reason, than I have to wonder if it is to get more data into their ecosystem.
⁨Comment⁩ on ⁨Tea app leak worsens with second database exposing user chats⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
This has been the case for a long time, so suddenly you have apps like Tea that encourage you to upload info of other people. So now even the few that take care not to upload their info can be nicely monitored. And the Gestapo does not even need to pay their informants for it.
⁨Comment⁩ on ⁨Itch.io deindexes NSFW games after becoming the latest target of skittish credit card companies and anti-porn group Collective Shout, catching an award-winning indie and more in the crossfire⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Fuck. You are right, my apologies.
⁨Comment⁩ on ⁨Microsoft admits it would have to let Trump spy on EU data if demanded⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:

Until this abomination of a law, the US was different.

Press X to doubt.
⁨Comment⁩ on ⁨Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
jacksonlewis.com/…/supreme-court-adopts-narrow-in…
⁨Comment⁩ on ⁨Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Not legally, no they didn’t. Tea did. Under current laws, they have no obligation to report this or to not tell other people about it.
⁨Comment⁩ on ⁨Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
So it’s just about the drivers licenses? We should make a law to ban sharing drivers licenses?

What do you believe should be the law here.
⁨Comment⁩ on ⁨Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
From what I have seen, they initial guys shared a link to the database, not any content. The equivalent of telling people: “Look at this unlocked door I found.” They did not “steal” anything as far as I know.

Also, the analogy doesn’t work either. What if it really was intended to be public? Making a copy is not analogous to stealing something, it’s analogous to taking a picture.
⁨Comment⁩ on ⁨Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
They were looking through publicly accessible buckets on firebase. They literally did stumble upon this by accident while going through public data. Should they have disclosed it once they realized what it was instead of spreading it? Sure, morally speaking. But I don’t see how you could write a law to make this illegal without just trampling on free speech.
⁨Comment⁩ on ⁨Women are anonymously spilling tea about men in their cities on viral app⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
You think a company paddling gossip under the guise of woman safety would care about protecting personal information? 🤣
⁨Comment⁩ on ⁨Itch.io deindexes NSFW games after becoming the latest target of skittish credit card companies and anti-porn group Collective Shout, catching an award-winning indie and more in the crossfire⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
No one is saying they are blameless.
⁨Comment⁩ on ⁨Itch.io deindexes NSFW games after becoming the latest target of skittish credit card companies and anti-porn group Collective Shout, catching an award-winning indie and more in the crossfire⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
A collective that defends Cuties…
⁨Comment⁩ on ⁨Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
At which step should it turn illegal? You accessing publicly available website? If I put PII on my website and send you a link, should you go to jail for opening the link? Or how do you make the distinction, when there is literally no security and its made publicly available?
⁨Comment⁩ on ⁨Rule34 blocked the UK entirely rather than comply due to the new law.⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
If I had the money for lawyers, I would definitely add an “I confirm I am not in UK” button to access to sites to “help people mistakenly identified as being in the UK due to e.g. a VPN or a proxy”.
⁨Comment⁩ on ⁨⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I am yet to see a universal tool that is good at everything. Trying to cram all use-cases into one network results in mediocre results at best and usually even worse.

There is no reason to combine a person to person messenger like signal and community based one like discord into one network. That is why I like the Matrix approach of 1 backend and many frontends so you can have your pick of clients without messing up the protocol.