DreamlandLividity
@DreamlandLividity@lemmy.world
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 9 hours ago:
I didn’t.
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 19 hours ago:
is not typically a good way to sell things.
Ah yes, telling the truth is not good for sales, therefore deception is ok.
Yeah, it seems we won’t agree here. Have a nice day.
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 1 day ago:
If you insist on being a fanboy than go ahead. But this is like arguing a bulletproof vest is useless because it does not cover your entire body.
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 1 day ago:
Well, even the mail is sometimes e2ee. Making the comparison without specifying is like marketing your safe as being used in Fort Knox and it turns out it is used for payroll documents like in every company. Technically true but misleading as hell. When you hear Fort Know, you think gold vault. If you hear proton mail, you think e2ee even if most mails are external.
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 1 day ago:
It is e2ee
It is not. Not in any meaningful way.
When you email someone outside Proton servers, doesn’t the same thing happen anyway?
Yes it does.
But the LLM is on Proton servers, so what’s the actual vulnerability?
Again, the issue is not the technology. Tge issue is deceptive marketing. Why doesn’t their site clearly say what you say? Why use confusing technical terms most people won’t understand and compare it to drive that is fully e2ee.
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 1 day ago:
The easiest is to explain the consequence.
We can’t access your chat history retroactively, but we can start wiretapping your future chats.
If that is too honest for you, then just explain the data is encrypted after the LLM reads them instead of using technical terms like zero access.
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 1 day ago:
What exactly is dishonest here? The language on their site is factually accurate, I’ve had to read it 7 times today because of you all.
I object to how it is written. Yes, technically it is not wrong. But it intentionally uses confusing language and rare technical terminology to imply it is as secure as e2ee. They compare it to proton mail and drive that are supposedly e2ee.
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 1 day ago:
You understand that, but try to read it from the point of view of an average user that knows next to nothing about cyber security and LLMs. It sounds like it’s e2ee that email and drive are famous for. To us, that’s obviously impossible but most people will interpret that marketing this way.
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 1 day ago:
A local LLM is one YOU run on YOUR machine.
Yes, that is exactly what I am saying. You seem to be confused by basic English.
Look, Proton can at any time MITM attack your email
They are not supposed to be able to and well designed e2ee services can’t be.
There is no such thing as e2ee LLMs. That’s not how any of this works.
I know, yet proton is happily advertising one. Just read their page.
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 1 day ago:
Zero-access encryption
Your chats are stored using our battle-tested zero-access encryption, so even we can’t read them, similar to other Proton services such as Proton Mail, Proton Drive, and Proton Pass.
from protons own website.
And why this is not true is explained in the article from the main post.
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 1 day ago:
Their AI is not local, so adding it to your email means breaking e2ee. That’s to some extent fine. You can make an informed decision about it.
But proton is not putting warning labels on this. They are trying to confuse people into thinking it is the same security as their e2ee mails. Just look at the “zero trust” bullshit on protons own page.
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 1 day ago:
Yes, indeed. Even so, just because there is a workaround, we should not ignore the issue (governments descending into fascism).
- Comment on Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source 1 day ago:
The worst part is that once again, proton is trying to convince its users that it’s more secure than it really is. You have to wonder what else their are lying or deceiving about.
- Comment on How it feels using TOR as a Brit rn 🤘 3 days ago:
I used a VPN yesterday to see how it looks in the UK. Seems a lot of porn sites don’t give a shit about UK and don’t require any verification. So one again, just the law abiding sites are punished while kids are pushed towards the lawless ones.
- Comment on Tea app leak worsens with second database exposing user chats 3 days ago:
Posted on an article about app encouraging different users to upload info about you without your consent.
- Comment on Proton releases a new app for two-factor authentication 3 days ago:
There are no very clear reasons to distrust proton, but is it just me that finds them releasing a 2FA app kinda disturbing? Like, why waste the resources? What could they do better than Aegis? If there is no reason, than I have to wonder if it is to get more data into their ecosystem.
- Comment on Tea app leak worsens with second database exposing user chats 3 days ago:
This has been the case for a long time, so suddenly you have apps like Tea that encourage you to upload info of other people. So now even the few that take care not to upload their info can be nicely monitored. And the Gestapo does not even need to pay their informants for it.
- Comment on Itch.io deindexes NSFW games after becoming the latest target of skittish credit card companies and anti-porn group Collective Shout, catching an award-winning indie and more in the crossfire 3 days ago:
Fuck. You are right, my apologies.
- Comment on Microsoft admits it would have to let Trump spy on EU data if demanded 6 days ago:
Until this abomination of a law, the US was different.
Press X to doubt.
- Comment on Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan 1 week ago:
- Comment on Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan 1 week ago:
Not legally, no they didn’t. Tea did. Under current laws, they have no obligation to report this or to not tell other people about it.
- Comment on Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan 1 week ago:
So it’s just about the drivers licenses? We should make a law to ban sharing drivers licenses?
What do you believe should be the law here.
- Comment on Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan 1 week ago:
From what I have seen, they initial guys shared a link to the database, not any content. The equivalent of telling people: “Look at this unlocked door I found.” They did not “steal” anything as far as I know.
Also, the analogy doesn’t work either. What if it really was intended to be public? Making a copy is not analogous to stealing something, it’s analogous to taking a picture.
- Comment on Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan 1 week ago:
They were looking through publicly accessible buckets on firebase. They literally did stumble upon this by accident while going through public data. Should they have disclosed it once they realized what it was instead of spreading it? Sure, morally speaking. But I don’t see how you could write a law to make this illegal without just trampling on free speech.
- Comment on Women are anonymously spilling tea about men in their cities on viral app 1 week ago:
You think a company paddling gossip under the guise of woman safety would care about protecting personal information? 🤣
- Comment on Itch.io deindexes NSFW games after becoming the latest target of skittish credit card companies and anti-porn group Collective Shout, catching an award-winning indie and more in the crossfire 1 week ago:
No one is saying they are blameless.
- Comment on Itch.io deindexes NSFW games after becoming the latest target of skittish credit card companies and anti-porn group Collective Shout, catching an award-winning indie and more in the crossfire 1 week ago:
A collective that defends Cuties…
- Comment on Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan 1 week ago:
At which step should it turn illegal? You accessing publicly available website? If I put PII on my website and send you a link, should you go to jail for opening the link? Or how do you make the distinction, when there is literally no security and its made publicly available?
- Comment on Rule34 blocked the UK entirely rather than comply due to the new law. 1 week ago:
If I had the money for lawyers, I would definitely add an “I confirm I am not in UK” button to access to sites to “help people mistakenly identified as being in the UK due to e.g. a VPN or a proxy”.
- Comment on 1 week ago:
I am yet to see a universal tool that is good at everything. Trying to cram all use-cases into one network results in mediocre results at best and usually even worse.
There is no reason to combine a person to person messenger like signal and community based one like discord into one network. That is why I like the Matrix approach of 1 backend and many frontends so you can have your pick of clients without messing up the protocol.