this post was submitted on 03 Aug 2025
371 points (92.8% liked)

Technology

73567 readers
3490 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
371
Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source (pivot-to-ai.com)
submitted 19 hours ago by Pro@programming.dev to c/technology@lemmy.world
89 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] brucethemoose@lemmy.world 22 points 5 hours ago* (last edited 3 hours ago) (1 children)

First of all...

Why does an email service need a chatbot, even for business? Is it an enhanced search over your emails or something? Like, what does it do that any old chatbot wouldn't?

EDIT: Apparently nothing. It's just a generic Open Web UI frontend with Proton branding, a no-logs (but not E2E) promise, and kinda old 12B-32B class models, possibly finetuned on Proton documentation (or maybe just a branded system prompt). But they don't use any kind of RAG as far as I can tell.

There are about a bajillion of these, and one could host the same thing inside docker in like 10 minutes.

...On the other hand, it has no access to email I think?

[–] WhyJiffie@sh.itjust.works 2 points 3 hours ago (2 children)

Why does an email service need a chatbot, even for business?

they are not only an email service, for quite some time now

There are about a bajillion of these, and one could host the same thing inside docker in like 10 minutes.

sure, with a thousand or two dollars worth of equipment and then computer knowledge. Anyone could do it really. but even if not, why don't they just rawdog deepseek? I don't get it either

...On the other hand, it has no access to email I think?

that's right. you can upload files though, or select some from your proton drive, and can do web search.

[–] brucethemoose@lemmy.world 4 points 3 hours ago* (last edited 3 hours ago)

sure, with a thousand or two dollars worth of equipment and then computer knowledge. Anyone could do it really. but even if not, why don’t they just rawdog deepseek? I don’t get it either

What I mean is there are about 1000 different places to get 32B class models via Open Web UI with privacy guarantees.

With mail, vpn, (and some of their other services?) they have a great software stack and cross integration to differentiate them, but this is literally a carbon copy of any Open Web UI service… There is nothing different other than the color scheme and system prompt.

I’m not trying to sound condescending, but it really feels like a cloned “me too,” with the only value being the Proton brand and customer trust.

[–] DarkDarkHouse@lemmy.sdf.org 1 points 3 hours ago (1 children)

I guess the sell is easy access to Proton Drive for RAG here?

[–] WhyJiffie@sh.itjust.works 2 points 2 hours ago (1 children)

what is RAG?

[–] DarkDarkHouse@lemmy.sdf.org 1 points 18 minutes ago

Retrieval-augmented generation (RAG) is a technique that enables large language models (LLMs) to retrieve and incorporate new information. With RAG, LLMs do not respond to user queries until they refer to a specified set of documents. These documents supplement information from the LLM's pre-existing training data. This allows LLMs to use domain-specific and/or updated information that is not available in the training data. For example, this helps LLM-based chatbots access internal company data or generate responses based on authoritative sources.

From Retrieval-augmented generation.

Specifically here, I imagine the idea is to talk to the chatbot about what's in your documents.

[–] brucethemoose@lemmy.world 9 points 5 hours ago* (last edited 5 hours ago)

OK, so I just checked the page:

https://lumo.proton.me/guest

Looks like a generic Open Web UI instance, much like Qwen's: https://openwebui.com/

Based on this support page, they are using open models and possibly finetuning them:

https://proton.me/support/lumo-privacy

The models we’re using currently are Nemo, OpenHands 32B, OLMO 2 32B, and Mistral Small 3

But this information is hard to find, and they aren't particularly smart models, even for 32B-class ones.

Still... the author is incorrect, they specify how long requests are kept:

When you chat with Lumo, your questions are sent to our servers using TLS encryption. After Lumo processes your query and generates a response, the data is erased. The only record of the conversation is on your device if you’re using a Free or Plus plan. If you’re using Lumo as a Guest, your conversation is erased at the end of each session. Our no-logs policy ensures wekeep no logs of what you ask, or what Lumo replies. Your chats can’t be seen, shared, or used to profile you.

But it also mentions that, as is a necessity now, they are decrypted on the GPU servers for processing. Theoretically they could hack the input/output layers and the tokenizer into a pseudo E2E encryption scheme, but I haven't heard of anyone doing this yet... And it would probably be incompatible with their serving framework (likely vllm) without some crack CUDA and Rust engineers (as you'd need to scramble the text and tokenize/detokenize it uniquely for scrambled LLM outer layers for each request).

They are right about one thing: Proton all but advertise Luma as E2E when that is a lie. Per its usual protocol, Open Web UI will send the chat history for that particular chat to the server for each requests, where it is decoded and tokenized. If the GPU server were to be hacked, it could absolutely be logged and intercepted.

[–] cley_faye@lemmy.world 11 points 8 hours ago (2 children)

Any business putting "privacy first" thing that works only on their server, and requires full access to plaintext data to operate, should be seen as lying.

I've been annoyed by proton for a long while; they do (did?) provide a seemingly adequate service, but claims like "your mails are safe" when they obviously had to have them in plaintext on their server, even if only for compatibility with current standards, kept me away from them.

[–] pcrazee@feddit.org 1 points 1 hour ago

Proton has always been shitty. They don't even give you the encryption keys. Always been a red flag for me.

Not your keys, not your encryption.

[–] EncryptKeeper@lemmy.world 10 points 7 hours ago (2 children)

they obviously had to have them in plaintext on their server, even if only for compatibility with current standards

I don’t think that’s obvious at all. On the contrary, that’s a pretty bold claim to make, do you have any evidence that they’re doing this?

[–] DeathByBigSad@sh.itjust.works 7 points 7 hours ago* (last edited 7 hours ago) (2 children)

Incoming Emails that aren't from proton, or PGP encrypted (which are like 99% of emails), arrives at Proton Servers via TLS which they decrypt and then have the full plaintext. This is not some conspiracy, this is just how email works.

Now, Proton and various other "encrypted email" services then take that plaintext and encypt it with your public key, then store the ciphertext on their servers, and then they're supposed to discard the plaintext, so that in case of a future court order, they wouldn't have the plaintext anymore.

But you can't be certain if they are lying, since they do necessarily have to have access to the plaintext for email to function. So "we can't read your emails" comes with a huge asterisk, it onlu applies to those sent between Proton accounts or other PGP encrypted emails, your average bank statement and tax forms are all accessible by Proton (you're only relying on their promise to not read it).

[–] EncryptKeeper@lemmy.world 11 points 7 hours ago* (last edited 7 hours ago) (1 children)

Ok yeah thats a far cry from Proton actually “Having your unencrypted emails on their servers” as if they’re not encrypted at rest.

There’s the standard layer of trust you need to have in a third party when you’re not self hosting. Proton has proven so far that they do in fact encrypt your emails and haven’t given any up to authorities when ordered to so I’m not sure where the issue is. I thought they were caught not encrypting them or something.

[–] cley_faye@lemmy.world -2 points 4 hours ago (1 children)

Ok yeah thats a far cry from Proton actually “Having your unencrypted emails on their servers” as if they’re not encrypted at rest.

See my other reply. There is no way to retrieve your mail using IMAP on a regular client if they're encrypted on the server. And Gmail can retrieve your mails from proton using IMAP. It's even in their own (proton's) documentation.

[–] EncryptKeeper@lemmy.world 4 points 4 hours ago

There is no way to retrieve your mail using IMAP on a regular client if they're encrypted on the server.

That is probably why you can’t retrieve your emails using IMAP from a regular client.

And Gmail can retrieve your mails from proton using IMAP. It's even in their own (proton's) documentation.

I don’t think it can. Where in the documentation did you find that?

[–] cley_faye@lemmy.world 0 points 4 hours ago

Now, Proton and various other “encrypted email” services then take that plaintext and encypt it with your public key, then store the ciphertext on their servers, and then they’re supposed to discard the plaintext, so that in case of a future court order, they wouldn’t have the plaintext anymore.

You would not be able to retrieve your mails using IMAP from a regular mail client if they were doing that. You can even retrieve them from Gmail, which is unlikely to support any kind of "bring your own private key to decrypt mails from IMAP".

[–] cley_faye@lemmy.world -3 points 4 hours ago (2 children)

Yes. They support IMAP. Which means, IMAP client can read your mails from the server. IMAP protocol does not support encryption, so any mail that does not add another layer of encryption (like GPG with encryption) implies that your mail is available in plaintext through IMAP, and as such, on the server.

If that's not enough, when you send a mail to a third party that just use plain, old regular mail, it is sent from their (proton's) SMTP server, in plaintext. Again, unless you add a layer of encryption (assuming the recipient understands it, too), it's plaintext. On the servers.

Receiving is the same; if someone sends a mail to your proton address, is shows up in full plaintext on their SMTP server. Whatever they do after that (and we've established it's not client-controlled encryption), they have access to it.

In the case of GPG with encryption (not only for signature), then the message is encrypted everywhere (assuming your "sent" folder is configured properly). But that requires both you and the other party to support that, which have nothing to do with proton; you could as well do that over gmail.

So, no, not a bold claim. The very basic of how emails standards works requires it.

Now, I'm not saying that Proton have nefarious plans or anything. It is very possible that they act in good faith when they say they "don't snoop", and maybe they even have some proper monitoring so that admin have a somewhat hard time to check in the data without leaving a trace, but it's 100% in clear up there as long as you're not adding your own layer of encryption on top of it, and as such, you, as the user, have to be aware of that. It might be fully encrypted at rest to prevent a third party from fetching a drive and getting data, logs might be excessively scrubbed to remove all trace of from/to addresses (something very common in logs, for maintenance purpose), they might have built-in encryption in their own clients that implement gpg or anything between their users, and they might even do it properly with full client-side controlled keypairs, but the mail content? Have to be available, or the service could not operate.

[–] DeathByBigSad@sh.itjust.works 4 points 3 hours ago

Protonmail does not support IMAP, what they have is a program called Proton Bridge that locally decrypts you email then you can set it up so that your IMAP client then reads from Proton Bridge, giving you a seamless experience with one email client having access to all your email accounts.

[–] EncryptKeeper@lemmy.world 5 points 4 hours ago* (last edited 4 hours ago)

They support IMAP. Which means, IMAP client can read your mails from the server.

Proton mail does not support IMAP. Because your emails are encrypted on the server.

Again, unless you add a layer of encryption (assuming the recipient understands it, too), it's plaintext. On the servers.

Protonmail doesn’t claim that non-protonmail email is end to end encrypted. Any emails sent to a regular email without third party encryption will be plain text through the SMTP server, but they don’t store it. So in this case they are still not storing your emails in plaintext. Your recipient will, but that’s out of Protonmail’s control.

shows up in full plaintext on their SMTP server. Whatever they do after that (and we've established it's not client-controlled encryption), they have access to it.

You’ve not established that at all. Protonmail stores that message with client side encryption and they have no access to it. Nothing you’ve brought up here suggests that anything is stored in plaintext on Protonmail servers.

[–] digger@lemmy.ca 160 points 16 hours ago (6 children)

How much longer until the AI bubbles pops? I'm tired of this.

[–] cley_faye@lemmy.world 13 points 8 hours ago

We're still in the "IT'S GETTING BILLIONS IN INVESTMENTS" part. Can't wait for this to run out too.

[–] wewbull@feddit.uk 25 points 10 hours ago (1 children)

It's when the coffers of Microsoft, Amazon, Meta and investment banks dry up. All of them are losing billions every month but it's all driven by fewer than 10 companies. Nvidia is lapping up the money of course, but once the AI companies stop buying GPUs on crazy numbers it's going to be a rocky ride down.

[–] astanix@lemmy.world 5 points 10 hours ago (4 children)

Is it like crypto where cpus were good and then gpus and then FPGAs then ASICs? Or is this different?

[–] brucethemoose@lemmy.world 3 points 3 hours ago* (last edited 3 hours ago)

If bitnet or some other technical innovation pans out? Straight to ASICs, yeah.

Future smartphone will probably be pretty good at running them.

[–] wewbull@feddit.uk 6 points 6 hours ago (1 children)

I think it's different. The fundamental operation of all these models is multiplying big matrices of numbers together. GPUs are already optimised for this. Crypto was trying to make the algorithm fit the GPU rather than it being a natural fit.

With FPGAs you take a 10x loss in clock speed but can have precisely the algorithm you want. ASICs then give you the clock speed back.

GPUs are already ASICS that implement the ideal operation for ML/AI, so FPGAs would be a backwards step.

[–] astanix@lemmy.world 1 points 2 hours ago

Thank you for the explanation!

load more comments (2 replies)
[–] Defaced@lemmy.world 11 points 11 hours ago (3 children)

Here's the thing, it kind of already has, the new AI push is related to smaller projects and AI agents like Claude Code and GitHub copilot integration. MCP's are also starting to pick up some steam as a way to refine prompt engineering. The basic AI "bubble" popped already, what we're seeing now is an odd arms race of smaller AI projects thanks to companies like Deepseek pushing the AI hosting costs so low that anyone can reasonably host and tweak their own LLMs without costing a fortune. It's really an interesting thing to watch, but honestly I don't think we're going to see the major gains that the tech industry is trying to push anytime soon. Take any claims of AGI and OpenAI "breakthroughs" with a mountain of salt, because they will do anything to keep the hype up and drive up their stock prices. Sam Altman is a con man and nothing more, don't believe what he says.

load more comments (3 replies)
load more comments (2 replies)
[–] badelf@lemmy.dbzer0.com 14 points 11 hours ago (2 children)

Proton has my vote for fastest company ever to completely enshittify.

[–] EncryptKeeper@lemmy.world 15 points 7 hours ago

How have they enshittified? I haven’t noticed anything about their service get worse since they started.

load more comments (1 replies)
[–] DreamlandLividity@lemmy.world 74 points 17 hours ago* (last edited 14 hours ago) (12 children)

The worst part is that once again, proton is trying to convince its users that it's more secure than it really is. You have to wonder what else they are lying or deceiving about.

[–] hansolo@lemmy.today 68 points 15 hours ago (20 children)

Both your take, and the author, seem to not understand how LLMs work. At all.

At some point, yes, an LLM model has to process clear text tokens. There's no getting around that. Anyone who creates an LLM that can process 30 billion parameters while encrypted will become an overnight billionaire from military contracts alone. If you want absolute privacy, process locally. Lumo has limitations, but goes farther than duck.ai at respecting privacy. Your threat model and equipment mean YOU make a decision for YOUR needs. This is an option. This is not trying to be one size fits all. You don't HAVE to use it. It's not being forced down your throat like Gemini or CoPilot.

And their LLM. - it's Mistral, OpenHands and OLMO, all open source. It's in their documentation. So this article is straight up lies about that. Like.... Did Google write this article? It's simply propaganda.

Also, Proton does have some circumstances where it lets you decrypt your own email locally. Otherwise it's basically impossible to search your email for text in the email body. They already had that as an option, and if users want AI assistants, that's obviously their bridge. But it's not a default setup. It's an option you have to set up. It's not for everyone. Some users want that. It's not forced on everyone. Chill TF out.

load more comments (20 replies)
load more comments (11 replies)
[–] Gaja0@lemmy.zip 14 points 13 hours ago (2 children)

I'm just saying Andy sucking up to Trump is a red flag. I'm cancelling in 2026 🫠

load more comments (2 replies)
load more comments
view more: next ›