Um, it’s a public repository. You can view the code that’s been added. Even if it IS AI generated, you can review it yourself.
I’m as anti-AI as anyone but this is misplaced AI-alarmism.
this post was submitted on 08 Aug 2025
403 points (85.2% liked)
Privacy
3546 readers
80 users here now
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be civil and no prejudice
- Don't promote big-tech software
- No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
- No reposting of news that was already posted
- No crypto, blockchain, NFTs
- No Xitter links (if absolutely necessary, use xcancel)
Related communities:
Some of these are only vaguely related, but great communities.
- !opensource@programming.dev
- !selfhosting@slrpnk.net / !selfhosted@lemmy.world
- !piracy@lemmy.dbzer0.com
- !drm@lemmy.dbzer0.com
founded 9 months ago
MODERATORS
Does anyone here actually review code?
Only my own code and so far most of it has been unacceptable.
Pure, unabashed honesty. I love it. 🫶
load more comments
(1 replies)
Uh yeah? You’d be stupid not to review code, whether written by an AI or a human. I don’t trust either.
I'm guessing OP means code you use rather than code you write, in other words auditing. Likely very few of us do that with any thoroughness. IIRC proton does have some independent auditing.
load more comments
(3 replies)
load more comments
(8 replies)
can review it yourself.
You're a supervisor and you have 2 employees: Bill and Jim. As a supervisor your job is to ensure the work is being done correctly.
Bill is competent and rarely makes major mistakes. Jim does a decent job most of the time ... but he's also a savant at screwing up -- he regularly fucks up in ways that aren't immediately obvious but are guaranteed to cause serious problems days to weeks from the screw up.
You can glance over Bill's work and be fairly certain it's fine. You need to go over every single piece Jim's work to check for problems, and even then some are probably going to slip through.
AI is currently Jim, and Jim has no business writing code for anything privacy or security focused.
load more comments
(5 replies)
That is pretty immaterial to the issue. The issue is that when it comes to security, it's extremely poor form to rely on unintelligent mimicry.
Probably anti-Proton. I'm no conspiracy theorist, but the amount of pro BlueSky, anti Proton, anti Signal people I see on Lemmy make me wonder sometimes.
Proton CEO did it to the company...
Signal requires a phone number... If you don't see an issue with that... Then you live in a better place than the rest of us. I am happy for you.
Signal is the sad compromise for the people I hold dearest because I refuse to use Messenger anymore and SMS is a joke with how glaringly unencrypted/de-facto wiretapped it is.
I’d love to get everyone on SimpleX but they already look at me like a wacko over Signal. The convenience tax is just non-negotiable for them and I have no idea how to bypass it.
I used to be a big proponent of simplex even if I dont use it with anyone, but I was told that the main developer supports tr*mp and m*sk... If you go to their github, they only link twitter as their social media and if you check their account...
https://github.com/epoberezkin (dunno if were allowed to share twitter links)
Talks about "far-left radicals", says that nazis were socialist etc. etc. .... Really yikes
load more comments
(3 replies)
load more comments
(1 replies)
load more comments
(13 replies)
load more comments
(2 replies)
I’d bet they just added it to their global .gitignore where it should be, then removed it because they didn’t want their private dot files committed to a public repo.
I don’t think this user knows much about git works. I don’t think this is nefarious or “vibe coding” as it’s colloquially known to be. It’s a bit much to describe all LLM use blindly as vibe coding, when vibe coding usually means just blanket accepting AI content.
load more comments
(10 replies)
How is this proof of vibecoding?
Cursor is an AI-powered code editor that understands your codebase and helps you code faster through natural language. Just describe what you want to build or change and Cursor will generate the code for you.
Using cursor doesn't mean you're vibe coding.
I use ai all day at work for development, none of it is vibe coding.
load more comments
(1 replies)
Sure, but even VS code has been pushing Copilot pretty hard and from the screenshots the setups look fairly similar. It's a recently released code editor with their own personal AI built in vs. VS Code which has the AI as an extension (or built in, I don't know what the default install is like these days).
If they're using it to auto complete lines of code or fill out boilerplate then I don't see the problem. If they're typing "make me a password manager" into the prompt window, hitting enter, and accepting it blindly, that's a problem. Also the code is (at least in this case) open source, so there should be better evidence of bad vibe coded code than the presence of a config file
I think there are better things to criticise Proton for, and unless there is more to the vibe coding than using the Cursor, citing this as a reason will get those other criticisms ignored in the noise.
load more comments
(14 replies)
Do you understand the difference between using AI assistance for coding and vibe code?
load more comments
(12 replies)
And still no drive client for Linux..Fuck those guys :)
Their Linux VPN client might as well not exist. No kill switch and it randomly disconnects/crashes. Sometimes it completely borks networking necessitating a reboot, which I guess can be better than just leaking your IP?
load more comments
(8 replies)
load more comments
(1 replies)
I’m annoyed because I had to go find a tree that actually had the cursor files. If there’s a smoking gun, you gotta fucking link it when you call someone out.
The irony of Proton attempting to remove it this way is that GitHub trees are permanently available. The only way to remove something once a link has been created is to delete the repo. I’d expect a security-minded company to understand that. To me that’s much more egg-on-face than vibe-coding secure applications. Neither is good; only one very explicitly highlights you don’t know shit about security.
AFAIK, unless that tree has signed commits in the history after the commit introducing the cursor files (or it's otherwise verifiable, like having been linked by a member of their team), that's not a smoking gun.
I remember a meme that was shared a while ago, where somebody forked the Linux kernel on GitHub, made a joke commit under Linus's details (which are NOT verified by design), and posted them around. I can't find an instance of that right now, but here's a somewhat similar example, where somebody put a fake backdoor in their fork and changed the url to the original repo, which lets them pretend the commit came from the original repo.
I'd love to see a smoking gun to confirm those claims, but commiting as somebody else, with a fake time, and editing history aren't that difficult - if they could remove the file from history, somebody else could add it to history.
load more comments
(3 replies)
so if nobody likes proton what do you guys do? i am getting tired of the email shuffle.
I feel like every email post is a "don't use platform x" and there are very few (if any?) universally well received services out there. In which case the community will probably just give up and go back to Google.
We probably need a tier chart or something to add perspective. Proton have made dumb decisions recently but they're still better than Google/Microsoft
load more comments
(8 replies)
How far have the mighty fallen.
Thinking of moving my main e-mail address to tuta. Alas, haven't been able to find a good provider that uses tried-and-true protocols like IMAP.
Hold your horses buddy it ain't that bad, but if you want an alternative, Try Disroot
load more comments
(1 replies)
I would very much consider doing some actual research on tuta. Last I checked, they put a LOT of effort into preventing you from controlling your own inbox (Proton have their god awful sync program but it works). And their support forums were basically nothing but constant complaints of downtimes and outages.
My current approach, that I am slowly migrating everything toward (from gmail), is my own domain that I own and addresses at that. I then use (paid) services to manage the email server and just change my DNS settings so that said emails get routed to the right service. I keep a local copy of all my emails on my desktop (working on a solution to my NAS). So if the company goes to shit? I can migrate my entire existence to a new one within 24 hours (usually less because Cloudflare is really good...).
Currently I use Proton (and hate their sync program). I've seen a LOT of good word on Fastmail and like that they don't have any special sync program at all. Main issue is that Proton still have the best VPN for torrenting (linux ISOs only, obviously) and I need to math out what it would cost to switch to just ProtonVPN and then Fastmail. But (Not That) Will Smith wrote up a really good blog post a few months back where he went into why he likes Fastmail and he (and Brad Shoemaker) tend to be my kind of "Yes, I am making my life harder but for a reason maybe".
load more comments
(4 replies)
load more comments
(2 replies)
view more: next ›