Proton is shifting as mainstream company. AI craps, false misleading advertising.
this post was submitted on 03 Aug 2025
549 points (93.4% liked)
Technology
73655 readers
4276 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
This is just wrong ans needs more nuance. https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305e
Welp, it's time to move the entirety of all of my accounts to another email provider. Again. Ugh.
Ditto. But I am taking my time. I am on the free tier; I cost him money. I'll move off eventually probably to Tutanota unless something better shows up
Again.
If you own your own domain name, this process is easier. Your email address can stay the same, even when moving to different email services.
How do you buy a domain name, reliably, in a way that you're not going to lose or be hijacked but without revealing your identity to the authorities ?
In other words, how can you own a DNS domain name anonymously ?
Will that mean paying a lot more for it ?
Will that mean using false identities (I think illegal ?)
Is it only possible with shady DNS supplies which might steal your domain, shut down or even impertonate you ?
I see I'm not the only one who is sceptical of that E2E "encryption"
How much longer until the AI bubbles pops? I'm tired of this.
It's when the coffers of Microsoft, Amazon, Meta and investment banks dry up. All of them are losing billions every month but it's all driven by fewer than 10 companies. Nvidia is lapping up the money of course, but once the AI companies stop buying GPUs on crazy numbers it's going to be a rocky ride down.
load more comments
(9 replies)
We're still in the "IT'S GETTING BILLIONS IN INVESTMENTS" part. Can't wait for this to run out too.
✨
Here's the thing, it kind of already has, the new AI push is related to smaller projects and AI agents like Claude Code and GitHub copilot integration. MCP's are also starting to pick up some steam as a way to refine prompt engineering. The basic AI "bubble" popped already, what we're seeing now is an odd arms race of smaller AI projects thanks to companies like Deepseek pushing the AI hosting costs so low that anyone can reasonably host and tweak their own LLMs without costing a fortune. It's really an interesting thing to watch, but honestly I don't think we're going to see the major gains that the tech industry is trying to push anytime soon. Take any claims of AGI and OpenAI "breakthroughs" with a mountain of salt, because they will do anything to keep the hype up and drive up their stock prices. Sam Altman is a con man and nothing more, don't believe what he says.
load more comments
(4 replies)
load more comments
(4 replies)
Okay but are any AI chatbots really open source? Isn't half the headache with LLMs the fact that there comes a point where it's basically impossible for even the authors to decode the tangled madness of their machine learning?
Yeah but you don't open source the LLM, you open source the training code and the weights and the specs/architecture
load more comments
(1 replies)
First of all...
Why does an email service need a chatbot, even for business? Is it an enhanced search over your emails or something? Like, what does it do that any old chatbot wouldn't?
EDIT: Apparently nothing. It's just a generic Open Web UI frontend with Proton branding, a no-logs (but not E2E) promise, and kinda old 12B-32B class models, possibly finetuned on Proton documentation (or maybe just a branded system prompt). But they don't use any kind of RAG as far as I can tell.
There are about a bajillion of these, and one could host the same thing inside docker in like 10 minutes.
...On the other hand, it has no access to email I think?
Why does an email service need a chatbot, even for business?
they are not only an email service, for quite some time now
There are about a bajillion of these, and one could host the same thing inside docker in like 10 minutes.
sure, with a thousand or two dollars worth of equipment and then computer knowledge. Anyone could do it really. but even if not, why don't they just rawdog deepseek? I don't get it either
...On the other hand, it has no access to email I think?
that's right. you can upload files though, or select some from your proton drive, and can do web search.
sure, with a thousand or two dollars worth of equipment and then computer knowledge. Anyone could do it really. but even if not, why don’t they just rawdog deepseek? I don’t get it either
What I mean is there are about 1000 different places to get 32B class models via Open Web UI with privacy guarantees.
With mail, vpn, (and some of their other services?) they have a great software stack and cross integration to differentiate them, but this is literally a carbon copy of any Open Web UI service… There is nothing different other than the color scheme and system prompt.
I’m not trying to sound condescending, but it really feels like a cloned “me too,” with the only value being the Proton brand and customer trust.
load more comments
(3 replies)
There's some good discussion about the security in the comments, so I'm just going to say that Lumo's Android app required the Play Store and GPlay Services. I uninstalled.
It's also quite censored. I gave Proton's cute chatbot a chance, but I'm not impressed.
load more comments
(9 replies)
The worst part is that once again, proton is trying to convince its users that it's more secure than it really is. You have to wonder what else they are lying or deceiving about.
Both your take, and the author, seem to not understand how LLMs work. At all.
At some point, yes, an LLM model has to process clear text tokens. There's no getting around that. Anyone who creates an LLM that can process 30 billion parameters while encrypted will become an overnight billionaire from military contracts alone. If you want absolute privacy, process locally. Lumo has limitations, but goes farther than duck.ai at respecting privacy. Your threat model and equipment mean YOU make a decision for YOUR needs. This is an option. This is not trying to be one size fits all. You don't HAVE to use it. It's not being forced down your throat like Gemini or CoPilot.
And their LLM. - it's Mistral, OpenHands and OLMO, all open source. It's in their documentation. So this article is straight up lies about that. Like.... Did Google write this article? It's simply propaganda.
Also, Proton does have some circumstances where it lets you decrypt your own email locally. Otherwise it's basically impossible to search your email for text in the email body. They already had that as an option, and if users want AI assistants, that's obviously their bridge. But it's not a default setup. It's an option you have to set up. It's not for everyone. Some users want that. It's not forced on everyone. Chill TF out.
Their AI is not local, so adding it to your email means breaking e2ee. That's to some extent fine. You can make an informed decision about it.
But proton is not putting warning labels on this. They are trying to confuse people into thinking it is the same security as their e2ee mails. Just look at the "zero trust" bullshit on protons own page.
Where does it say "zero trust" 'on Protons own page'? It does not say "zero-trust" anywhere, it says "zero-access". The data is encrypted at rest, so it is not e2ee. They never mention end-to-end encryption for Lumo, except for ghost mode, and they are talking about the chat once it's complete and you choose to leave it there to use later, not about the prompts you send in.
Zero-access encryption
Your chats are stored using our battle-tested zero-access encryption, so even we can’t read them, similar to other Proton services such as Proton Mail, Proton Drive, and Proton Pass. Our encryption is open source and trusted by over 100 million people to secure their data.
Which means that they are not advertising anything they are not doing or cannot do.
By posting this disinformation all you're achieving is getting people to pedal back to all the shit services out there for "free" because many will start believing that privacy is way harder than it actually is so 'what's the point' or, even worse, no alternative will help me be more private so I might as well just stop trying.
load more comments
(18 replies)
load more comments
(5 replies)
load more comments
(12 replies)
OK, so I just checked the page:
Looks like a generic Open Web UI instance, much like Qwen's: https://openwebui.com/
Based on this support page, they are using open models and possibly finetuning them:
https://proton.me/support/lumo-privacy
The models we’re using currently are Nemo, OpenHands 32B, OLMO 2 32B, and Mistral Small 3
But this information is hard to find, and they aren't particularly smart models, even for 32B-class ones.
Still... the author is incorrect, they specify how long requests are kept:
When you chat with Lumo, your questions are sent to our servers using TLS encryption. After Lumo processes your query and generates a response, the data is erased. The only record of the conversation is on your device if you’re using a Free or Plus plan. If you’re using Lumo as a Guest, your conversation is erased at the end of each session. Our no-logs policy ensures wekeep no logs of what you ask, or what Lumo replies. Your chats can’t be seen, shared, or used to profile you.
But it also mentions that, as is a necessity now, they are decrypted on the GPU servers for processing. Theoretically they could hack the input/output layers and the tokenizer into a pseudo E2E encryption scheme, but I haven't heard of anyone doing this yet... And it would probably be incompatible with their serving framework (likely vllm) without some crack CUDA and Rust engineers (as you'd need to scramble the text and tokenize/detokenize it uniquely for scrambled LLM outer layers for each request).
They are right about one thing: Proton all but advertise Luma as E2E when that is a lie. Per its usual protocol, Open Web UI will send the chat history for that particular chat to the server for each requests, where it is decoded and tokenized. If the GPU server were to be hacked, it could absolutely be logged and intercepted.
Any business putting "privacy first" thing that works only on their server, and requires full access to plaintext data to operate, should be seen as lying.
I've been annoyed by proton for a long while; they do (did?) provide a seemingly adequate service, but claims like "your mails are safe" when they obviously had to have them in plaintext on their server, even if only for compatibility with current standards, kept me away from them.
they obviously had to have them in plaintext on their server, even if only for compatibility with current standards
I don’t think that’s obvious at all. On the contrary, that’s a pretty bold claim to make, do you have any evidence that they’re doing this?
load more comments
(18 replies)
load more comments
(2 replies)
I'm just saying Andy sucking up to Trump is a red flag. I'm cancelling in 2026 🫠
load more comments
(2 replies)
I knew I made the right decision when I picked tutanota over proton.
For a critical blog, the first few paragraphs sound a lot like they're shilling for Proton.
I'm not sure if I'm supposed to be impressed by the author's witty wording, but "the cool trick they do" is - full encryption.
Moving on.
But that’s misleading. The actual large language model is not open. The code for Proton’s bit of Lumo is not open source. The only open source bit that Proton’s made available is just some of Proton’s controls for the LLM. [GitHub]
In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure!
oof.
Over the years I've heard many people claim that proton's servers being in Switzerland is more secure than other EU countries - well there's also this now:
Proton is moving its servers out of Switzerland to another country in the EU they haven’t specified. The Lumo announcement is the first that Proton’s mentioned this.
No company is safe from enshittification - always look for, and base your choices on, the legally binding stuff, before you commit. Be wary of weasel wording. And always, always be ready to move* on when the enshittification starts despite your caution.
* regarding email, there's redirection services a.k.a. eternal email addresses - in some cases run by venerable non-profits.
Regarding the fact that proton stops hosting in Switzerland : I thought it was because of new laws in Switzerland and that they hzf not much of a choice ?
load more comments
(1 replies)
Over the years I've heard many people claim that proton's servers being in Switzerland is more secure than other EU countries
Things change. They are doing it because Switzerland is proposing legislation that would definitely make that claim untrue. Europe is no paradise, especially certain countries, but it still makes sense.
From the lumo announcement:
Lumo represents one of many investments Proton will be making before the end of the decade to ensure that Europe stays strong, independent, and technologically sovereign. Because of legal uncertainty around Swiss government proposals(new window) to introduce mass surveillance — proposals that have been outlawed in the EU — Proton is moving most of its physical infrastructure out of Switzerland. Lumo will be the first product to move.
This shift represents an investment of over €100 million into the EU proper. While we do not give up the fight for privacy in Switzerland (and will continue to fight proposals that we believe will be extremely damaging to the Swiss economy), Proton is also embracing Europe and helping to develop a sovereign EuroStack(new window) for the future of our home continent. Lumo is European, and proudly so, and here to serve everybody who cares about privacy and security worldwide.
load more comments
(3 replies)
Proton has my vote for fastest company ever to completely enshittify.
How have they enshittified? I haven’t noticed anything about their service get worse since they started.
load more comments
(2 replies)
view more: next ›