we appear to be the first to write up the outrage coherently too. much thanks to the illustrious @self

  • uhmbah@lemmy.ca
    link
    fedilink
    English
    arrow-up
    43
    ·
    4 months ago

    Well, I was contemplating Protonmail…

    I’m in the process of degoogling and dewindowing. I’ll be dammed if I’m going towards ANYthing even related to"artificial intelligence" if I can help it.

    Feckin bullshit.

    • Cris@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      4 months ago

      I’m pretty happy with Tutanota all things considered. There are some tradeoffs back and forth between the two, but I think it’s neat they run on renewable energy. And they’re very focussed on being open source which I also appreciate.

      Maybe an option worth looking into. They’re also encrypted (though I wish either them or proton had an option not to be) and have a free tier)

      Hope you find what you’re looking for!

            • superkret@feddit.org
              link
              fedilink
              English
              arrow-up
              0
              ·
              4 months ago

              Not sure why that’s relevant. There are domains that have been in use by the same owner for 39 years now.
              That’s longer than anything I’ve ever owned.

            • radivojevic@discuss.online
              link
              fedilink
              English
              arrow-up
              0
              ·
              4 months ago

              I don’t know anyone who has “lost” a domain (besides incompetence). You can be pedantic if you like, but domain ownership allows you to transfer everything to wherever and no one in a realistic example can take it away from you.

              • flere-imsaho@awful.systems
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 months ago

                sure. tell that to people who used the .af domains; or learn more about shenanigans with the various oceanian TLDs, or who owns the .io domain, and why.

                the fact is that you don’t own the domain name, and it’s always one missed card payment (or registrar changing hands and losing your card data) from being lost, and then your best chance is arbitrage.

                it’s one of these things that you have to understand when you start self-hosting anything.

                • froztbyte@awful.systems
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  4 months ago

                  or registrar changing hands

                  or registrar “forgetting” renewal settings… conveniently soon after they introduced new at-checkout products

              • self@awful.systems
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 months ago

                you’ve never heard of a single example of anyone losing a domain due to legal maneuvering, trusting the wrong TLD (ie a bunch of lgbt folks losing their domains when the TLD’s administrating country decided not to give them service), or a plain ol registrar fuckup?

                you’re far too inexperienced to be opining on self-hosting email, then

    • alansuspect@aussie.zone
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      I’ll mention I went to Fastmail (mainly because they’re an Aus company as well as the privacy stuff), so far so good.

          • Banshee@midwest.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            4 months ago

            I ended up settling on Infomaniak’s kSuite after looking around. They’re a mid-sized registrar and hosting company.

            They’re partially employee owned (and I believe in the process of becoming fully owned by employees). I’ll grant their privacy policy is just standard EU/Swiss boilerplate, though (stuff like no sharing your data, etc., that you always find in EU paid services like this). GDPR compliance was all I was looking for.

            The web client looks nice and kDrive is affordably priced if you need a Google docs/photos/drive alternative.

            Edits: clarity and me refreshing my memory on their privacy policy

            • BrowseMan@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              Was hesitating between Proton and Ksuite.

              I was already pouting toward them, but you finished to convince me to go to Infomaniak, thanks!

              • Banshee@midwest.social
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 months ago

                I’ve been using them for my domain and email for almost a year now and I have no complaints. I had to talk to customer support twice to fix a couple things that came up and they got back to me right away. Can’t say the same for the last service I used lol

                I think it’s fair to point out they’re not designed around encryption like proton is. It’s not a factor in my threat model because I treat email as non-private communication, but it’s something you should know if you’re wanting proton for that reason.

                kDrive is a heavily customized Nextcloud/OnlyOffice implementation with a pretty new and well-regarded file sync algorithm they implemented last year. I would recommend cryptomator to client side encrypt anything you want to protect. It’s at rest encrypted, but not end-to-end because there’s nothing client side.Here’s a list of WebDAV urls from the Cryptomator community to help you set it up. KDrive is on there.

                Anyway, hope it works out for you!

                • BrowseMan@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  4 months ago

                  It’s mostly for private/family matters so that seems perfect for my need.

                  Thanks a lot for taking the time to explain like you did, really appreciate it :)

    • Evotech@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      It’s not even in the consumer version. Also it’s a optional local LLM running in your browser for basic stuff

      • self@awful.systems
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        though to be honest, the fact that you think this is local-only and only affects business accounts perfectly demonstrates how fucking dangerous Proton’s marketing and design around this feature is

  • Steve@awful.systems
    link
    fedilink
    English
    arrow-up
    20
    ·
    edit-2
    4 months ago

    Eamonn Maguire, author of the Proton Scribe announcement post, responded to my tweet with this: https://x.com/EamonnMagu14645/status/1814062340863651965

    We built this as an opt-in alternative to the non-privacy centric options on the market.

    Our goal is always privacy by default, we want to make that possible in the GenAI world too given the number of businesses already using it, and the privacy risks other options pose.

    We built this as an opt-in alternative to the non-privacy centric options on the market. Our goal is always privacy by default, we want to make that possible in the GenAI world too given the number of businesses already using it, and the privacy risks other options pose.

    • Steve@awful.systems
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      4 months ago

      not sure how legit that account is, actually. It’s not the one I @'ed - this one was created in Jan 2024 - either it’s his low-key alt or a bot

      perhaps his plausible deniability account.

      • self@awful.systems
        link
        fedilink
        English
        arrow-up
        5
        ·
        4 months ago

        do you get banned from twitter if you call him a fucking asshole?

        I’m working on a more detailed reply on mastodon but to be honest, I’m pretty sure he didn’t read the original post

        • Steve@awful.systems
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          it all stinks so much. He calls it “opt-in” but the official description of that opt-in is:

          If you try to use Proton Scribe, you will be prompted to chose between local and server-side. So, technically, it’s not active until you decide how, and if, you want to use it.

          as you can see here: https://mastodon.social/@protonprivacy/112807462045101580

          there is opt-in and then there is dangling an expired hotdog

          • self@awful.systems
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            holy fuck that’s worse than I thought

            so going back to not being able to recommend Proton to anyone again: there’s now a button (and associated “tutorial” advertising modals trying to get the user to click the button, don’t pretend there won’t be) that when clicked gives the user a confusing choice between an option that might not work and one that exfiltrates their data and claims it doesn’t (if they even get this choice on a computer that doesn’t support the local LLM), and if they interact with that it just opts them into the feature in a state that may or may not (but by default does) expose the plaintext of their messages to Proton’s servers

            and I’m supposed to recommend this horseshit to non-technical users? what’s that sound like, I wonder? “oh it’s a great privacy-oriented mail service you should pay for — but not for your business because you might fuck up and exfiltrate your data, and also there’s a chance they’ll enable the same feature for regular users at some unspecified time in the future so look out for that. oh and don’t get visionary either.” yeah fuck that

  • BlueMonday1984@awful.systems
    link
    fedilink
    English
    arrow-up
    17
    ·
    4 months ago

    The good news is I barely use Protonmail (or email at all, for that matter).

    The bad news is I have a fucking Proton account. Fuck.

    • self@awful.systems
      link
      fedilink
      English
      arrow-up
      8
      ·
      4 months ago

      just a little violation of my trust for the company I pay for privacy and encryption services. as a treat.

    • David Gerard@awful.systemsOPM
      link
      fedilink
      English
      arrow-up
      20
      ·
      4 months ago

      it was acausally enabled before you clicked on it, for your comfort and convenience, like the new ad tracker built into Firefox 128

    • self@awful.systems
      link
      fedilink
      English
      arrow-up
      12
      ·
      4 months ago

      alternatively, if the only version of this that doesn’t break Proton’s e2e security model is the local-only version, maybe don’t ship the cloud hosted version of the feature under any circumstances

      I’d still hate the feature because the LLM model’s derived from plagiarized work and the labor of exploited workers from the global south, but this didn’t have to be a fucking privacy catastrophe

  • geography082@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    ·
    4 months ago

    Never rely on multi services products from a company. I know it’s more practical but you get the real benefits of having spread services.

      • czech@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        4 months ago

        It’s encrypted and based out of Germany (so, outside of five eyes). The ui is shit but if you use an app for email it’s great. They also offer anonymous payment methods if you’re into that.

        • self@awful.systems
          link
          fedilink
          English
          arrow-up
          5
          ·
          4 months ago

          they’re not end-to-end encrypted; their security model involves giving their server both your GPG private key and its passphrase, which makes your inbox and other data trivially able to be subpoenaed by German authorities.

          I don’t think this is a replacement for Proton or Tutanota at all.

          • irreticent@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            It’s encrypted and based out of Germany (so, outside of five eyes).

            […] your inbox and other data trivially able to be subpoenaed by German authorities

            Germany is a member of the Fourteen Eyes alliance and shares data with 9 and 5 eyes members.

            I just wanted to put that out there after @czech@lemm.ee suggested that the five eyes are the only eyes. They share with Germany and vice versa.

  • alansuspect@aussie.zone
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 months ago

    I went to Proton for the explicit reason I didn’t want Google scanning all my docs. Glad I moved away from them now, hopefully Fastmail doesn’t do the same.

      • alansuspect@aussie.zone
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        4 months ago

        Doesn’t sound like it

        Your prompt — that is, the email you’re writing — is kept in plain text on their server

        Besides, I just don’t want AI in general, is that too much to ask? I wonder how long it will be until there are companies actively promoting their lack of AI.

      • self@awful.systems
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        read the fucking article before you multi-post your uninformed shit in this thread, thanks

    • Mii@awful.systems
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      Same, tbh. I went on their subreddit expecting a shitstorm but the announcement sits at like 85% upvotes with mostly positive replies.

      What kind of bizarro world have I stumbled into?

      At least the top-level comments seem to be split.

      • self@awful.systems
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        between that thread’s activity pattern and how hard they tried to fudge the numbers on their own survey to make this feature look popular: boy there’s a lot of stank on this one

        but hey here’s some worrying shit straight from the Proton team:

        Our business audience was the most interested in a writing assistant, this is why we started gradually rolling it out starting with Business and Visionary plans. We will look into making it available to more users at a later date!

        so there’s something utterly fucking obvious for the “it’s only for business users” posters to consider; they’re doing the same frog boiling shit that all LLM fuckheads do.

        I’m tempted to crosspost David’s article and my mastodon thread to that community, since Proton hasn’t really replied otherwise, and they seem plenty active there answering softball questions and removing posts. I don’t look forward to the Kagi-level shitstorm in my inbox afterwards though

        • Steve@awful.systems
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          the thing about this is a “writing assistant” doesn’t have to be integrated into the email product. It could be a product in itself. If the “business audience(?) was the most interested in a writing assistant” you’ve got a fucken great standalone product opportunity on your hands. A Proton-certified LLM writing assistant that is magically better and more secure than anything else out there is not something you coyly slip into the email client and nudge everyone to use.

          It doesn’t matter what reasons they have for doing this. Their method of deployment says more than enough to me. They know it’s off-script and they know they want their fucken “audience” to do the marketing for them.

      • gencha@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Reddit content is paid/generated content. It is literally part of their commercial offering to customers that they can expertly deceive their users. It is an advertising platform and you use it to try and force a public image.

  • cordlesslamp@lemmy.today
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Great, just as I’ve decided to switch some services to Proton (mail and VPN).

    Now I’ll have to reconsider this decision.

    • BaroqueInMind@lemmy.one
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      4 months ago

      The fact that you never realized that you should’ve self hosted since all corporations will inevitably follow the money, and that politics will always be tied to money, therefore all corporations will make political decisions against your interests makes me lose hope in common sense.

      • self@awful.systems
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        it’s time for you to fuck off back to your self-hosted services that surely aren’t just a stack of constantly broken docker containers running on an old Dell in your closet

        but wait, what’s this?

        @BaroqueInMind@lemmy.one

        oh you poor fucking baby, you couldn’t figure out how to self-host lemmy! and it’s so easy compared with mail too! so much for common sense!

        • pishadoot@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          back to your self-hosted services that surely aren’t just a stack of constantly broken docker containers running on an old Dell in your closet

          I feel personally attacked

          • KinglyWeevil@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Hey, it’s on a table in my office and it currently isn’t running shit because that hobby has been de-prioritized until the yard and shed have been dealt with!

          • self@awful.systems
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            the closet Dell hosting your services is a fine system (but do fix those broken docker containers, or see about going native). under no circumstances should it be your mail host, though.

            • Steve@awful.systems
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              I rescued an office spec HP desktop from a trash heap and upgraded it with second hand components from https://computerstoreberlin.de/?lang=eng. Its running Ubuntu server and I use it as a wordpress dev server and also my yt-dlp machine which dumps the files into a samba share. I’m very proud of it

              • froztbyte@awful.systems
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 months ago

                yeah, you can get quite damn far with something like that. best other advice I can give you is to make sure your provisioning and backups are solid (because something will break sometime), and to keep an eye on power draw

                not everything needs to be 902834098234 cores and distributed systems shit

                • Steve@awful.systems
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  4 months ago

                  the backups is good advice. I need to put in a second drive and work out how to make it keep a backup. I’m learning all that as I go.

                  As for power draw, I only turn it on when I need it and it’s not connected to a display - just ssh-ing into it, so hopefully not wasting too much juice.

          • self@awful.systems
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            they go to re:invent or whatever the one is where Amazon replaces your brain with a cloud, and they’re pretty sure Amplify is self-hosting because the guy with the headset on stage might have screamed it at them

        • froztbyte@awful.systems
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          *looks at collection of automation and infrastructure for personal and business services, built with going on 20y of knowledge* boy it sure is easy to diyolo some qemu vms myself and not have to pay aws! I’m going to tell everyone else they’re doing it wrong!!!

          (I mean, it legitimately is fairly easy to do a lot of this, but gotta grok the shit and not having the grok is ofc alllll up in aws’ product suite)

  • Rookwood@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    With Skiff going down at the end of the month and Proton gearing up to start data mining, there are very limited options for private email hosting. Basically Tuta and a few others now.