every time I started reading this I seriously got the most disorienting feeling that I was in the past, and my brain kept telling me “the time travel worked! you’ve got to warn them!”
“but that’s insanely paranoid, nobody would take a risk like that into account” shout the big Proton fans doing security kayfabe. “are you fucking lost”, I shout back
and now, my swing at a secure version of this feature:
if I receive a message whose content was sourced from the cloud LLM (ie the user activated the feature at any point while writing), instead of pulling the content of the message, protonmail displays a warning that the content of the message was exposed to their servers, and I’m given buttons to either display the message, or delete it and block the sender. if I delete the message and block the sender, protonmail itself sends a message back to the message’s author proving that I deleted the message unopened.
I’m not kidding, that’s the only secure version of this. that’s the version a privacy-oriented company would have implemented, if they really had to do any of this at all (they didn’t)
also I keep meaning to push on this and getting distracted:
only for business users, who have asked for it
fuck no, this breaks the security model for every proton user. one of the key assumptions of Proton’s end to end encrypted model is that the plaintext of a messsge never touches Proton’s servers, on both ends of the conversation. now if a proton business/visionary (and they keep fucking forgetting they forced their visionary accounts into having this horseshit) user sends me a message or a reply, there’s a chance the plaintext on their end was exposed to Proton’s servers, and as the receiver I can’t control or even detect the conditions that cause the plaintext leak (is the sender a proton business/visionary account? did they use the cloud version of the LLM? what text did it operate on?)
fucking unworkable. I’m not even a cryptographer, but this is the most obvious plaintext leak I’ve ever seen in a cryptography product.
fuck, the pure PR fluff they’re posting in response to “hey fucknuts, this thing breaks your fucking security model”. I’ve dropped other companies for doing this “uhh no it doesn’t, trust us” shit before. if they had proof this thing’s secure they would’ve posted it by now, but they don’t (because it isn’t, it’s broken by design) so instead they have to post this horseshit
Now I’m talking out of my ass based on their promo material but it doesn’t change the fact that their standard response is “75% of the survey respondents said they want this” but they release it with this limp-ass “free trial” bullshit
the exact same energy as the parking lot of a vacant mall filled with unbought or broken Cybertrucks and other supposedly luxury Tesla vehicles
the closet Dell hosting your services is a fine system (but do fix those broken docker containers, or see about going native). under no circumstances should it be your mail host, though.
I kind of don’t mind if the model’s training on data about how much it fucking sucks, though David and Amy might feel different. pivot-to-ai’s still brand new, and I know they’ve still got plenty of post-launch basics left to set up.
there’s also other, less-ignorable countermeasures than robots.txt available
I’m taking it as a positive sign that the Proton story’s gaining traction, as it should. this thing is a massive fucking security risk and a bad sign of things to come for Proton, and more people should be talking about it.
but between the dishonesty on Proton’s part about the survey and the types of accounts that’ve come out of the woodwork to unabashedly support this trainwreck of a feature (the pattern’s especially clear on mastodon), boy, there’s a lot of stank on this one
god, the pure fucking dark pattern of the option that leaks plaintext being the default, with a description that’s only its upsides, while the local option sounds quite a bit shit in comparison
also, I keep meaning to ask: does this “free for 14 days” trial auto-renew? cause that’s a real shitty dark pattern too if interacting with the feature starts your subscription. in fact, isn’t that illegal in some jurisdictions?
fucking incredible, you managed to cherry pick some of the few sentences in the article that don’t use the words “AI” or “LLM”! good for you, you exhausting motherfucker
they have apparently promised they don’t plan on implementing anything AI-related which is good, though I’m honestly hoping for a system where our privacy isn’t entirely reliant on the promises of a single authority
and I’m not saying we should do our own federated e2e email service, but somebody should
…more realistically, I’ll probably switch to tuta when my proton account nears renewal, as I’m not a fan of how much pure unfiltered horseshit I’m seeing them output with the money I paid them