we appear to be the first to write up the outrage coherently too. much thanks to the illustrious @self

  • self@awful.systems
    link
    fedilink
    English
    arrow-up
    8
    ·
    4 months ago

    it’s an article about a poorly-designed feature that doesn’t accomplish any of its marketed goals and was hoisted upon Proton’s users in spite of their objections

    this is an article about AI

    • froztbyte@awful.systems
      link
      fedilink
      English
      arrow-up
      8
      ·
      4 months ago

      “unencrypted text prompts”

      can’t tell if this is because bond movies or marvel movies or fatf movies or heist movies or … but good god some people just have no fucking idea whatsoever

      the model execution environment can quickly solve FHE in an afternoon, for a treat. after that it has to get back to piano practice tho!

        • self@awful.systems
          link
          fedilink
          English
          arrow-up
          9
          ·
          4 months ago

          god, the pure fucking dark pattern of the option that leaks plaintext being the default, with a description that’s only its upsides, while the local option sounds quite a bit shit in comparison

          also, I keep meaning to ask: does this “free for 14 days” trial auto-renew? cause that’s a real shitty dark pattern too if interacting with the feature starts your subscription. in fact, isn’t that illegal in some jurisdictions?

          • Steve@awful.systems
            link
            fedilink
            English
            arrow-up
            6
            ·
            edit-2
            4 months ago

            does this “free for 14 days” trial auto-renew?

            Proton Scribe is a writing assistant built into Proton Mail that helps you compose emails and improve your drafts. It is available as a paid add-on from $2.99 per user monthly for anyone on our business plans, and you can try it for free for 14 days. It’s also included for free with Proton Visionary and Lifetime plans.

            You can use Proton Scribe with a Proton Mail business plan: Mail Essentials, Mail Professional, and Proton Business Suite. It is available as a paid add-on to be paid monthly, per user. Proton Scribe is also included for free with the Proton Visionary and Lifetime legacy plans. Organization admins and members get access to a free trial of Proton Scribe for 14 days. The trial starts as soon as you click the pencil icon in the composer. If you’d like to purchase Proton Scribe after your trial, you can do so from your account dashboard.

            It doesn’t sound like it, but the wording is a little strange in that it is $2.99 per user per month but does that mean that an admin has to tell each employee whether they can do the trial or not? It doesn’t seem manageable to have a free trial that is activated by the individual user but then the switch to paid subscription has to be handled (I assume) by the designated admin.

            Also, if we’re talking about paid accounts they have the billing info already, so maybe they figure it’s better to provide it in this difficult to manage way so that the automatic rollover appears easier?

            Now I’m talking out of my ass based on their promo material but it doesn’t change the fact that their standard response is “75% of the survey respondents said they want this” but they release it with this limp-ass “free trial” bullshit

            • self@awful.systems
              link
              fedilink
              English
              arrow-up
              7
              ·
              4 months ago

              Now I’m talking out of my ass based on their promo material but it doesn’t change the fact that their standard response is “75% of the survey respondents said they want this” but they release it with this limp-ass “free trial” bullshit

              the exact same energy as the parking lot of a vacant mall filled with unbought or broken Cybertrucks and other supposedly luxury Tesla vehicles

    • TheDorkfromYork@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      The trouble is that Proton has announced and implemented Scribe in a manner that sends up huge red flags for their privacy-focused techie base.

      Proton Mail’s privacy-focused users are worried about the Scribe announcement because they’ve never seen Proton be so vague and nonspecific about security and threat models.

      Up to now, Proton has been serious about privacy

      It’s not about AI. It’s about privacy and communication.

      • self@awful.systems
        link
        fedilink
        English
        arrow-up
        9
        ·
        4 months ago

        fucking incredible, you managed to cherry pick some of the few sentences in the article that don’t use the words “AI” or “LLM”! good for you, you exhausting motherfucker

          • self@awful.systems
            link
            fedilink
            English
            arrow-up
            8
            ·
            4 months ago

            I’m taking it as a positive sign that the Proton story’s gaining traction, as it should. this thing is a massive fucking security risk and a bad sign of things to come for Proton, and more people should be talking about it.

            but between the dishonesty on Proton’s part about the survey and the types of accounts that’ve come out of the woodwork to unabashedly support this trainwreck of a feature (the pattern’s especially clear on mastodon), boy, there’s a lot of stank on this one

            • Steve@awful.systems
              link
              fedilink
              English
              arrow-up
              10
              ·
              edit-2
              4 months ago

              you can see they are actively monitoring the masto discourse and responding whenever they think their justification list has any merit https://hci.social/@protonprivacy@mastodon.social/with_replies

              but they are already saying stuff out of sync with their promotional material so damage control does appear to be in action

              e.g.

              Thanks for the feedback everyone. Just to be clear, Proton Scribe is:

              • only for business users, who have asked for it

              https://mastodon.social/@protonprivacy/112814751983760603

              but their site says

              Who can use Proton Scribe? We are currently rolling out Scribe to eligible users. If you’re on a Proton Business plan, including Mail Essentials, Mail Professional, and Proton > Business Suite, you can try Proton Scribe for free for 14 days. If you’re on our Visionary plan, it’s included with your plan.

              https://web.archive.org/web/20240719203115/https://proton.me/support/proton-scribe-writing-assistant

              • self@awful.systems
                link
                fedilink
                English
                arrow-up
                8
                ·
                4 months ago

                fuck, the pure PR fluff they’re posting in response to “hey fucknuts, this thing breaks your fucking security model”. I’ve dropped other companies for doing this “uhh no it doesn’t, trust us” shit before. if they had proof this thing’s secure they would’ve posted it by now, but they don’t (because it isn’t, it’s broken by design) so instead they have to post this horseshit

                • Steve@awful.systems
                  link
                  fedilink
                  English
                  arrow-up
                  8
                  ·
                  edit-2
                  4 months ago

                  I highlighted another nice dig by weizenbaum this afternoon which your “broken by design” reminded me of:

                  “These gigantic computer systems have usually been put together (one cannot always use the word designed) by teams of programmers, whose work is often spread over many years. By the time these systems come into use, most of the original programmers have left or turned their attention to other pursuits. It is precisely when such systems begin to be used that their inner workings can no longer be understood by any single person or by a small team of individuals.”

                  • froztbyte@awful.systems
                    link
                    fedilink
                    English
                    arrow-up
                    7
                    ·
                    4 months ago

                    I think that sequence of events happens sometimes but not all the times. the generational-departed programmer thing happens more in bigger orgs or teams with a bit of a more established presence/footprint. and I don’t really get the impression proton is that big yet

                    this one smells more like the other kind of ratfuckery I’ve seen in shartups: some particular bugbear/feature-idea “driven” by a C-level/owner/teamlead (where “driven”, n.: “someone said go do it”), enabled by complicit PM/POs doing some goalwashing, with devs either just keeping their head down, or actively participating in creation

              • froztbyte@awful.systems
                link
                fedilink
                English
                arrow-up
                8
                ·
                4 months ago

                bit of a whoopsie walkback after caught pants down

                totes normal. everyone has this all the time, amirite?!

                  • self@awful.systems
                    link
                    fedilink
                    English
                    arrow-up
                    9
                    ·
                    4 months ago

                    also I keep meaning to push on this and getting distracted:

                    only for business users, who have asked for it

                    fuck no, this breaks the security model for every proton user. one of the key assumptions of Proton’s end to end encrypted model is that the plaintext of a messsge never touches Proton’s servers, on both ends of the conversation. now if a proton business/visionary (and they keep fucking forgetting they forced their visionary accounts into having this horseshit) user sends me a message or a reply, there’s a chance the plaintext on their end was exposed to Proton’s servers, and as the receiver I can’t control or even detect the conditions that cause the plaintext leak (is the sender a proton business/visionary account? did they use the cloud version of the LLM? what text did it operate on?)

                    fucking unworkable. I’m not even a cryptographer, but this is the most obvious plaintext leak I’ve ever seen in a cryptography product.