How much longer until the AI bubbles pops? I’m tired of this.
✨
We’re still in the “IT’S GETTING BILLIONS IN INVESTMENTS” part. Can’t wait for this to run out too.
Here’s the thing, it kind of already has, the new AI push is related to smaller projects and AI agents like Claude Code and GitHub copilot integration. MCP’s are also starting to pick up some steam as a way to refine prompt engineering. The basic AI “bubble” popped already, what we’re seeing now is an odd arms race of smaller AI projects thanks to companies like Deepseek pushing the AI hosting costs so low that anyone can reasonably host and tweak their own LLMs without costing a fortune. It’s really an interesting thing to watch, but honestly I don’t think we’re going to see the major gains that the tech industry is trying to push anytime soon. Take any claims of AGI and OpenAI “breakthroughs” with a mountain of salt, because they will do anything to keep the hype up and drive up their stock prices. Sam Altman is a con man and nothing more, don’t believe what he says.
You’re saying th AI bubble has popped because even more smaller companies and individuals are getting in on the action?
Thats kind of the definition of a bubble actually. When more and more people start trying to make money on a trend that doesn’t have that much real value in it. This happened with the dotcom bubble nearly the same. It wasn’t that the web/tech wasn’t valuable, it’s now the most valuable sector of the world economy, but at the time the bubble expanded more was being invested than it was worth because no one wanted to miss out and it was accessible enough almost anyone could try it out.
I literally said exactly what you’re explaining. I’m not sure what you’re trying to accomplish here…
depends on what and with whom. based on my current jobs with smaller companies and start ups? soon. they can’t afford the tech debt they’ve brought onto themselves. big companies? who knows.
Time to face the facts, this utter shit is here to stay, just like every other bit of enshitification we get exposed to.
as long as certain jobs and tasks can be done easier, and searches can be done faster, its gonna stay. not a fad like nft. the bubble here is the energy and water consumption part.
as long as certain jobs and tasks can be done easier, and searches can be done faster
I’m still waiting for somebody to prove any of these statements are true. And I say that as somebody working in a company that demands that several employees use AI - all I see is that they now take extra time manually fixing whatever bad output the LLM produced, and slowly losing their ability to communicate without first consulting ChatGPT, which is both slow and concerning.
The worst part is that once again, proton is trying to convince its users that it’s more secure than it really is. You have to wonder what else they are lying or deceiving about.
Mullvad FTW
Yes, indeed. Even so, just because there is a workaround, we should not ignore the issue (governments descending into fascism).
Very true
Sauce?
Zero-access encryption
Your chats are stored using our battle-tested zero-access encryption, so even we can’t read them, similar to other Proton services such as Proton Mail, Proton Drive, and Proton Pass.
from protons own website.
And why this is not true is explained in the article from the main post as well as easily figured out with a little common sense (AI can’t respond to messages it can’t understand, so the AI must decrypt them).
First of all…
Why does an email service need a chatbot, even for business? Is it an enhanced search over your emails or something? Like, what does it do that any old chatbot wouldn’t?
EDIT: Apparently nothing. It’s just a generic Open Web UI frontend with Proton branding, a no-logs (but not E2E) promise, and kinda old 12B-32B class models, possibly finetuned on Proton documentation (or maybe just a branded system prompt). But they don’t use any kind of RAG as far as I can tell.
There are about a bajillion of these, and one could host the same thing inside docker in like 10 minutes.
…On the other hand, it has no access to email I think?
OK, so I just checked the page:
Looks like a generic Open Web UI instance, much like Qwen’s: https://openwebui.com/
Based on this support page, they are using open models and possibly finetuning them:
https://proton.me/support/lumo-privacy
The models we’re using currently are Nemo, OpenHands 32B, OLMO 2 32B, and Mistral Small 3
But this information is hard to find, and they aren’t particularly smart models, even for 32B-class ones.
Still… the author is incorrect, they specify how long requests are kept:
When you chat with Lumo, your questions are sent to our servers using TLS encryption. After Lumo processes your query and generates a response, the data is erased. The only record of the conversation is on your device if you’re using a Free or Plus plan. If you’re using Lumo as a Guest, your conversation is erased at the end of each session. Our no-logs policy ensures wekeep no logs of what you ask, or what Lumo replies. Your chats can’t be seen, shared, or used to profile you.
But it also mentions that, as is a necessity now, they are decrypted on the GPU servers for processing. Theoretically they could hack the input/output layers and the tokenizer into a pseudo E2E encryption scheme, but I haven’t heard of anyone doing this yet… And it would probably be incompatible with their serving framework (likely vllm) without some crack CUDA and Rust engineers (as you’d need to scramble the text and tokenize/detokenize it uniquely for scrambled LLM outer layers for each request).
They are right about one thing: Proton all but advertise Luma as E2E when that is a lie. Per its usual protocol, Open Web UI will send the chat history for that particular chat to the server for each requests, where it is decoded and tokenized. If the GPU server were to be hacked, it could absolutely be logged and intercepted.
For a critical blog, the first few paragraphs sound a lot like they’re shilling for Proton.
I’m not sure if I’m supposed to be impressed by the author’s witty wording, but “the cool trick they do” is - full encryption.
Moving on.
But that’s misleading. The actual large language model is not open. The code for Proton’s bit of Lumo is not open source. The only open source bit that Proton’s made available is just some of Proton’s controls for the LLM. [GitHub]
In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure!
oof.
Over the years I’ve heard many people claim that proton’s servers being in Switzerland is more secure than other EU countries - well there’s also this now:
Proton is moving its servers out of Switzerland to another country in the EU they haven’t specified. The Lumo announcement is the first that Proton’s mentioned this.
No company is safe from enshittification - always look for, and base your choices on, the legally binding stuff, before you commit. Be wary of weasel wording. And always, always be ready to move* on when the enshittification starts despite your caution.
* regarding email, there’s redirection services a.k.a. eternal email addresses - in some cases run by venerable non-profits.
deleted by creator
Any business putting “privacy first” thing that works only on their server, and requires full access to plaintext data to operate, should be seen as lying.
I’ve been annoyed by proton for a long while; they do (did?) provide a seemingly adequate service, but claims like “your mails are safe” when they obviously had to have them in plaintext on their server, even if only for compatibility with current standards, kept me away from them.
they obviously had to have them in plaintext on their server, even if only for compatibility with current standards
I don’t think that’s obvious at all. On the contrary, that’s a pretty bold claim to make, do you have any evidence that they’re doing this?
Yes. They support IMAP. Which means, IMAP client can read your mails from the server. IMAP protocol does not support encryption, so any mail that does not add another layer of encryption (like GPG with encryption) implies that your mail is available in plaintext through IMAP, and as such, on the server.
If that’s not enough, when you send a mail to a third party that just use plain, old regular mail, it is sent from their (proton’s) SMTP server, in plaintext. Again, unless you add a layer of encryption (assuming the recipient understands it, too), it’s plaintext. On the servers.
Receiving is the same; if someone sends a mail to your proton address, is shows up in full plaintext on their SMTP server. Whatever they do after that (and we’ve established it’s not client-controlled encryption), they have access to it.
In the case of GPG with encryption (not only for signature), then the message is encrypted everywhere (assuming your “sent” folder is configured properly). But that requires both you and the other party to support that, which have nothing to do with proton; you could as well do that over gmail.
So, no, not a bold claim. The very basic of how emails standards works requires it.
Now, I’m not saying that Proton have nefarious plans or anything. It is very possible that they act in good faith when they say they “don’t snoop”, and maybe they even have some proper monitoring so that admin have a somewhat hard time to check in the data without leaving a trace, but it’s 100% in clear up there as long as you’re not adding your own layer of encryption on top of it, and as such, you, as the user, have to be aware of that. It might be fully encrypted at rest to prevent a third party from fetching a drive and getting data, logs might be excessively scrubbed to remove all trace of from/to addresses (something very common in logs, for maintenance purpose), they might have built-in encryption in their own clients that implement gpg or anything between their users, and they might even do it properly with full client-side controlled keypairs, but the mail content? Have to be available, or the service could not operate.
They support IMAP. Which means, IMAP client can read your mails from the server.
Proton mail does not support IMAP. Because your emails are encrypted on the server.
Again, unless you add a layer of encryption (assuming the recipient understands it, too), it’s plaintext. On the servers.
Protonmail doesn’t claim that non-protonmail email is end to end encrypted. Any emails sent to a regular email without third party encryption will be plain text through the SMTP server, but they don’t store it. So in this case they are still not storing your emails in plaintext. Your recipient will, but that’s out of Protonmail’s control.
shows up in full plaintext on their SMTP server. Whatever they do after that (and we’ve established it’s not client-controlled encryption), they have access to it.
You’ve not established that at all. Protonmail stores that message with client side encryption and they have no access to it. Nothing you’ve brought up here suggests that anything is stored in plaintext on Protonmail servers.
I’ll just repost the same message here, for completion sake.
Well, I’ve been had. There is no IMAP support indeed, during my quick lookup around it, I ended up on a website that does look a lot like a real documentation that claim it does. My bad.
The point about sending and receiving messages in cleartext stands, as SMTP works that way, but at rest it is possible they’re keeping them encrypted.
Well, I’ve been had. There is no IMAP support indeed, during my quick lookup around it, I ended up on a website that does look a lot like a real documentation that claim it does. My bad.
The point about sending and receiving messages in cleartext stands, as SMTP works that way, but at rest it is possible they’re keeping them encrypted.
Proton has always been shitty. They don’t even give you the encryption keys. Always been a red flag for me.
Not your keys, not your encryption.
There’s some good discussion about the security in the comments, so I’m just going to say that Lumo’s Android app required the Play Store and GPlay Services. I uninstalled.
It’s also quite censored. I gave Proton’s cute chatbot a chance, but I’m not impressed.
Okay but are any AI chatbots really open source? Isn’t half the headache with LLMs the fact that there comes a point where it’s basically impossible for even the authors to decode the tangled madness of their machine learning?
Yeah but you don’t open source the LLM, you open source the training code and the weights and the specs/architecture
what do you think an LLM is? once you’ve opened the weights, IMO it’s pretty open. Once they open the training data, that’s pretty damn open. What do you want a gitian reproducible build?
Yes, several are fully open source. I like Mistral
deleted by creator
deleted by creator
I see I’m not the only one who is sceptical of that E2E “encryption”
This was it for me, cancelled my account. Fuck this Andy moron
Who Proton??? Nooo come on… who could ever seen this coming? 🐸🍲
