ai

I hate poor security/AI writing

Jason Kratz

Jason Kratz

3 min read

This post...where to start...

Gerard is wrong in the first paragraph (emphasis mine):

Proton Mail is famous for its privacy and security. The cool trick they do is that not even Proton can decode your email. That’s because it never exists on their systems as plain text — it’s always encrypted!

That is only for Proton-to-Proton email. If it's from anywhere else of course it exists as plain text on their systems for some amount of time. This is exactly the reason why I have never understood the popularity of Proton among the "privacy-aware" set. We can't possibly know what happens on Proton's servers.

This worried a lot of the security-minded users — it completely breaks the security model where nothing is in plain-text at rest. But the business users might pay money, so.

Gerard now has switched from "never exists as plain text on their systems" to "nothing exists as plain text at rest". These are very different scenarios and the first one just isn't true as I said above.

Per Proton, chat history for Lumo is zero-access encryption. Gerard mentions that:

Proton says your chats are stored with the same zero-access encryption as your email. That’s great! But their wording is: “end-to-end encryption in your chat history.”
What are the ends in this scenario? And why not just say “end-to-end encryption in your chat”? Well, obviously, because they can’t say that.

So he's upset that they're being transparent and being specific to chat history being the thing with zero-access encryption? Very odd.

If you’re using a remote chatbot like Lumo, the chat has to exist as plain text for the chatbot to see it, for some unspecified length of time. Same if you dump files into the chatbot from your end-to-end-encrypted Proton Drive — their version of Google Drive.

The same situation if you get any email from outside of ProtonMail.

That’s how most web services work, and it might not sound like a big deal — but Proton’s email famously does not work like that. There is never plain text at rest. So Proton is trying to handwave on their past reputation and say, well, parts of it are totally secure. Just not the rest.

Gerard doesn't like the way Proton writes and then makes the same mistakes himself. "There is never plain text at rest". Nope, but there is plain text at some point in transit for the majority of email you receive at a ProtonMail account. There is never plain text at rest for my Gmail or Fastmail account either. It's all encrypted at rest. The difference is in the Gmail/Fastmail cases it's not zero-access encryption. They hold the encryption key.

In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure!

I expect they're not vibe coding at all and I don't see how using AI coding tools makes something less secure. Good programmers are good programmers, AI tools or not. Seems like a lot of biased assumptions (he clearly doesn't like AI tools). Maybe Gerard has information we don't.

Proton is moving its servers out of Switzerland to another country in the EU they haven’t specified. The Lumo announcement is the first that Proton’s mentioned this.

Proton hasn't used exclusively-Swiss servers for quite a long time at this point. They have servers in Germany for example. It most certainly is not the first time Proton has mentioned servers in other EU countries, it's literally in a reddit post 🤣

For most people this‘ll be, so what? — they still trust Google and Microsoft with all their stuff.

It should be "so what?". There is no reason to not trust Google or Microsoft with your stuff. Businesses trust their intellectual property to those companies for a reason.

Proton’s Lumo chatbot is a pile of openwashing and securitywashing using Proton Mail’s previously solid reputation to sell you something where the security is: cross your fingers and trust us.

Previously solid? It's still solid except to the tiny cabal of the Always Online who are constantly looking for something to be outraged over. There has always been a "trust us" component to using ProtonMail as I noted above. That is the case for any company. For smaller companies it would be suicide for them not to follow through on their promises just the same as for the big players like Google. It makes no business sense to lie.

Read more