this post was submitted on 03 Aug 2025
549 points (93.4% liked)

Technology

73655 readers
4276 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
549
Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source (pivot-to-ai.com)
submitted 3 days ago by Pro@programming.dev to c/technology@lemmy.world
139 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] brucethemoose@lemmy.world 20 points 2 days ago* (last edited 2 days ago)

OK, so I just checked the page:

https://lumo.proton.me/guest

Looks like a generic Open Web UI instance, much like Qwen's: https://openwebui.com/

Based on this support page, they are using open models and possibly finetuning them:

https://proton.me/support/lumo-privacy

The models we’re using currently are Nemo, OpenHands 32B, OLMO 2 32B, and Mistral Small 3

But this information is hard to find, and they aren't particularly smart models, even for 32B-class ones.

Still... the author is incorrect, they specify how long requests are kept:

When you chat with Lumo, your questions are sent to our servers using TLS encryption. After Lumo processes your query and generates a response, the data is erased. The only record of the conversation is on your device if you’re using a Free or Plus plan. If you’re using Lumo as a Guest, your conversation is erased at the end of each session. Our no-logs policy ensures wekeep no logs of what you ask, or what Lumo replies. Your chats can’t be seen, shared, or used to profile you.

But it also mentions that, as is a necessity now, they are decrypted on the GPU servers for processing. Theoretically they could hack the input/output layers and the tokenizer into a pseudo E2E encryption scheme, but I haven't heard of anyone doing this yet... And it would probably be incompatible with their serving framework (likely vllm) without some crack CUDA and Rust engineers (as you'd need to scramble the text and tokenize/detokenize it uniquely for scrambled LLM outer layers for each request).

They are right about one thing: Proton all but advertise Luma as E2E when that is a lie. Per its usual protocol, Open Web UI will send the chat history for that particular chat to the server for each requests, where it is decoded and tokenized. If the GPU server were to be hacked, it could absolutely be logged and intercepted.