we appear to be the first to write up the outrage coherently too. much thanks to the illustrious @self
Honestly I have to recommend against using Proton!
I’ve been unable to access some of my calendars lately, which are essential for my work. It doesn’t even display an error - I’ve just noticed that events are missing. If it was down for a few hours that’d be acceptable, but this isn’t.
I’ve also had numerous issues with their email, the worst being that it has pretended to send emails that it hasn’t, the consequences of which I had to bear. Again no error message.
And I keep hearing about them adding new features I don’t need. How about spending some of that money on proper QA?
Save yourself the headache and find another provider and consider carrying a paper agenda instead. I’d also recommend using different companies for different services, as any issues will only apply to one service. It’s best to have your own domain for your email so it doesn’t depend on anyone.
Apparently I am free next week:
Mistral isn’t trained on copy righted data. It’s based off selective databases that were open use. This article in general is full of false information. But I suppose most people only read the headlines.
was this incorrect? https://www.patronus.ai/blog/introducing-copyright-catcher
if you’re not gonna read the fucken thing then fuck off.
I did read the thing, then provided an article explaining why detecting copyrighted material / determining if something is written by AI is very inaccurate.
Perhaps take your own advice to “read the fucken thing” next time instead of making yourself look like an idiot. Though I doubt you’ve ever heard of “better to stay silent and let them think you the fool than to speak and remove all doubt”.
Btw, I even recall that Ars specifically covered the company you linked to in a separate article as well. I’d be glad to provide it once you’ve come to your senses and want to discuss things like an adult.
you’re conflating “detecting ai text” with “detecting an ai trained on copyrighted material”
send the relevant article or shut up
Ignoring the logical inconsistency you just spouted for a moment (can’t tell if it’s written by AI but knows it used copyrighted material? Do you not hear yourself?), you do realize Mistral is released under the Apache 2.0 license, a highly permissive scheme that has no restrictions on use or reproduction beyond attribution, right?
I think it’s clear you’re arguing in bad faith however with no intention of changing your misinformed opinion at this point. Perhaps you’d enjoy an echo chamber like the “fuckai” Lemmy instance.
wait a minute… there’s another “fuck ai” instance and they’ve already told you to go fuck yourself?
I wonder if they want to be friends
You are quite dumb.
holy shit you really are quite dumb. the fuck is wrong with you?
actually don’t answer that
Mistral’s Mixtral-8x7B-Instruct-v0.1 produced copyrighted content on 22% of the prompts.
did you know that a lesser-known side effect of the infinite monkeys approach is that they will produce whole sections of copyright content abso-dupo-lutely by accident? wild, I know! totes coinkeedink!
I’d be glad to provide it once you’ve come to your senses and want to discuss things like an adult
jesus fucking christ you must be a fucking terrible person to work with
I’ve seen toddlers throw more mature tantrums
she wrote harry potter with an llm, didn’t she?
I’m too old to discuss against bad faith arguments.
Especially with people who won’t read the information I provide them showing their initial information was wrong.
One is a company that has something to sell, the other an article with citations showing why it’s not easy to determine what percentage of a data set is infringing on copyright, or whether exact reproduction via “fishing expedition” prompting is a useful metric to determine if unauthorized copyright was used in training.
The dumbest take though is attacking Mistral of all LLMs, even though it’s on an Apache 2.0 license.
chatgpt gets it
I’ve read the article you’ve posted:. it does not refute the fucking datapoint provided, it literally DOES NOT EVEN MENTION MISTRAL AT ALL.
so all I can tell you is to take your pearlclutching tantrum bullshit and please fuck off already
https://huggingface.co/mistralai/Mistral-7B-v0.1/discussions/8#6527a6fca6eaf92e6c26fa59
Unfortunately we’re unable to share details about the training and the datasets (extracted from the open Web) due to the highly competitive nature of the field.
The “open web” is full of copyrighted material.
but it’s apache2 sega! tooooootes freebies!
We had a social contract!
Great, just as I’ve decided to switch some services to Proton (mail and VPN).
Now I’ll have to reconsider this decision.
The fact that you never realized that you should’ve self hosted since all corporations will inevitably follow the money, and that politics will always be tied to money, therefore all corporations will make political decisions against your interests makes me lose hope in common sense.
it’s time for you to fuck off back to your self-hosted services that surely aren’t just a stack of constantly broken docker containers running on an old Dell in your closet
but wait, what’s this?
@BaroqueInMind@lemmy.one
oh you poor fucking baby, you couldn’t figure out how to self-host lemmy! and it’s so easy compared with mail too! so much for common sense!
*looks at collection of automation and infrastructure for personal and business services, built with going on 20y of knowledge*boy it sure is easy to diyolo some qemu vms myself and not have to pay aws! I’m going to tell everyone else they’re doing it wrong!!!(I mean, it legitimately is fairly easy to do a lot of this, but gotta grok the shit and not having the grok is ofc alllll up in aws’ product suite)
they go to react conferences, too
they go to re:invent or whatever the one is where Amazon replaces your brain with a cloud, and they’re pretty sure Amplify is self-hosting because the guy with the headset on stage might have screamed it at them
have any of your coworkers come back from re:invent with the all of the symptoms of severe head trauma? you may be entitled to compensation
you may be entitled to promotion
back to your self-hosted services that surely aren’t just a stack of constantly broken docker containers running on an old Dell in your closet
I feel personally attacked
the closet Dell hosting your services is a fine system (but do fix those broken docker containers, or see about going native). under no circumstances should it be your mail host, though.
I rescued an office spec HP desktop from a trash heap and upgraded it with second hand components from https://computerstoreberlin.de/?lang=eng. Its running Ubuntu server and I use it as a wordpress dev server and also my yt-dlp machine which dumps the files into a samba share. I’m very proud of it
yeah, you can get quite damn far with something like that. best other advice I can give you is to make sure your provisioning and backups are solid (because something will break sometime), and to keep an eye on power draw
not everything needs to be 902834098234 cores and distributed systems shit
the backups is good advice. I need to put in a second drive and work out how to make it keep a backup. I’m learning all that as I go.
As for power draw, I only turn it on when I need it and it’s not connected to a display - just ssh-ing into it, so hopefully not wasting too much juice.
ur not my reel dad! [launches cyrus+qmail on a pi]
Hey, it’s on a table in my office and it currently isn’t running shit because that hobby has been de-prioritized until the yard and shed have been dealt with!
@BaroqueInMind @cordlesslamp You unironically use words like “windoze” don’t you?
don’t shame people for not having the capacity to run their own infra, jeez
Why?
because no-one likes a confidently wrong smug prick
(but seriously, “why?” - you really don’t get why? maybe go have a good think on it. on why people might not be in a position to do the thing you suggest them to do. you may become enlightened.)
what are you?
A meat Popsicle.
the usefulness of any feature should be measured in how deep you can bury its “opt-in” option in the settings pages without hurting its adoption
“Pro privacy” company that cucked to the state to get a climate activist arrested (against their privacy policy that they sneakily change after the fact) are actually a bunch of typical corporate grifters that sell out their userbase to promote shitty llm garbage? Nawwwwwww. Say it ain’t so! It’s like every week or month after I argue about these shitty fake privacy companies with idiots in c/privacy I recieve massive vindication. Maybe this is my sign to become a man of faith.
I’m also sick of hearing about Swiss privacy laws. Their intelligence service got busted covering for a US and German spy front operation in Switzerland. If it happened once, I promise it has happened before and since.
Edit for those who can’t click: a front company in Switzerland sold fake encrypted communications services around the world for years, possibly decades, with the assistance of Swiss intelligence agencies.
it’s as if swiss privacy laws are only useful for big time, pre-crypto, old school money laundering
“Swiss privacy” for online services is a bit like “Swiss made” for expensive watches - a marketing term.
I must have missed the climate activist getting arrested because of protonmail. Any link or a name to search from?
Well that’s disappointing as hell…
Thanks.
as we said in the article, they can’t ignore subpoenas
What’s your alternative to the fake privacy company? I’m assuming the correct thing would be: if your threat model does not include governments, self hosted email, or if it does include governments, probably don’t use email.
Self hosting on a bulletproof vps like buyvm is my preferred solution. I used this guide (it’s not perfect and a bit dated but it’s an okay starting point. I didn’t bother setting up rspamd).
that’s…extremely off the beaten path, and incredibly very not how most people use / experience email
for the viewers at home: treat this as extremely niche through outright bad advice to follow if you ever want to try set up your own mail
(e: there are more than a few parts of it that are also laughably insufficient for what it aims to do, but this isn’t the place and it’s saturday on top; free tech support comes on other days)
smtpd.conf(5), pf.conf(5), and openssl(1) manpages and friends are your best resources for setting this up, I just provided that guide as examples as setting all this up can be daunting with just the manuals and no other context. The short guide provided in that blog is not going to teach you firewalling, filtering your maildir; and there’s definitely stuff missing, like restarting daemons after certs expire, and setting up your outbound dkimsign filter (was not available at the time of writing)
just stop posting
I’ll eat as many downvotes as I’d like, though I don’t really know what I said that attracted so much ire.
let me repeat something i wrote in another thread: bringing up the smtp daemon in basic configuration (and, by the way, my preferred one is exim) is trivial. managing working and usable mail service is not.
it’s a process! you need to reserve time for that! you need to understand basic networking, you need to intimately know how dns works. you need to know how to use swaks. you need to know your RFCs, and the subtle breakages of the protocol that you need to introduce in order to reduce the amount of spam you’re receiving. you need to understand why everything that SPF promises is a lie, but you’ll be using it anyway. you need to know how DKIM works, and what is the true meaning of DMARC. you will learn that google wants you to use experimental features in order to be able to deliver your fucking mail to them. you need to understand that the anti-spam blacklists are managed by fucking racketeers, and that you can’t avoid them. you need to understand the difference between sending mail and receiving it, and why a correctly configured MX record does absolutely nothing to improve the ability to deliver remote mail. you need to have time to deal with petty tyrants on a mission, and with oblivious bureaucracy of large providers, and learn to be happy if you can reach a human person on the other side at all.
and that’s just the SMTP part.
you’re the type of reply guy who rattles off man page names when you’re out of your depth, and you’re reply guying about administrating email to people who professionally administrate email
I don’t expect you to have caught onto that last bit, mainly because you never fucking shut up long enough to catch onto anything at all
oh my fucking god
you have defnitely never been the guy on the hook professionally for email working
Self hosted email is its own can of worms. I wouldn’t recommend it to anyone outside of experienced IT people. You’ll end up blacklisted before you send your first email if you do anything wrong (and there’s a lot that can go wrong), and it doesn’t solve any security problems email has.
Anything sent over email just isn’t private. That goes for Proton customers when they send or receive anything from a non-Proton address too. The one thing privacy email providers can actually do is keep your inbox from being scanned by LLMs and advertisers. That doesn’t prevent the inboxes and outboxes of your contacts from being scanned, though.
If you use email, the best thing you can do is be mindful of what kinds of information you send through it. Use aliases via services like simple login or anonaddy when possible. Having a leaked email is a security vulnerability. Once bad actors have your email, they now have half of what they need to breach multiple accounts.
have been that sysadmin setting up a company email server. postfix is trivial to set up, absolutely the easiest experience. following that, though, was weeks of supplicant emails to MS to beg them please not to block us. My recommendation was never do this again, use a third-party outgoing email vendor, email is lost.
MS will send your mail straight to spam if you do not set up your domain keys and DMARC in DNS correctly and do not have a reject or quarantine RUA or the email(s) in your RUA bounce.
Sometimes you may get temporarily sent to spam if your IP is in a /28 of a known spammer IP.
That’s about it.
plus the bit where you wait six weeks for a response to your request that they unblock you
none of this process is fucking simple
I’ve never had to ask MS to unblock me and it sure as hell doesn’t take 6 weeks or even 3 days for them to automatically see if everything is right again.
I even set up a non traditional domain with a “non-generic” tld a couple of years ago and I think it was around 16 hours or so before my test emails were hitting outlook inboxes.
Additionally, I think Google still wants SPF setup though it is pretty useless now. And if your RUA was set up right, as I recall, you get an automated email from MS telling you why your mail went to spam (or was rejected), which is the point of it to begin with.
I guess if it worked for you it’s perfect! Well done.
Oh for fucks sake. I don’t use their email but I don’t want to have to switch VPN service AGAIN.
Right after this I spot the announcement post on my front page, in !protonprivacy@lemmy.world. I’m surprised just how positive the comments are.
Same, tbh. I went on their subreddit expecting a shitstorm but the announcement sits at like 85% upvotes with mostly positive replies.
What kind of bizarro world have I stumbled into?
At least the top-level comments seem to be split.
between that thread’s activity pattern and how hard they tried to fudge the numbers on their own survey to make this feature look popular: boy there’s a lot of stank on this one
but hey here’s some worrying shit straight from the Proton team:
Our business audience was the most interested in a writing assistant, this is why we started gradually rolling it out starting with Business and Visionary plans. We will look into making it available to more users at a later date!
so there’s something utterly fucking obvious for the “it’s only for business users” posters to consider; they’re doing the same frog boiling shit that all LLM fuckheads do.
I’m tempted to crosspost David’s article and my mastodon thread to that community, since Proton hasn’t really replied otherwise, and they seem plenty active there answering softball questions and removing posts. I don’t look forward to the Kagi-level shitstorm in my inbox afterwards though
the thing about this is a “writing assistant” doesn’t have to be integrated into the email product. It could be a product in itself. If the “business audience(?) was the most interested in a writing assistant” you’ve got a fucken great standalone product opportunity on your hands. A Proton-certified LLM writing assistant that is magically better and more secure than anything else out there is not something you coyly slip into the email client and nudge everyone to use.
It doesn’t matter what reasons they have for doing this. Their method of deployment says more than enough to me. They know it’s off-script and they know they want their fucken “audience” to do the marketing for them.
Reddit content is paid/generated content. It is literally part of their commercial offering to customers that they can expertly deceive their users. It is an advertising platform and you use it to try and force a public image.
I went to Proton for the explicit reason I didn’t want Google scanning all my docs. Glad I moved away from them now, hopefully Fastmail doesn’t do the same.
It’s a local model running in your browser though
Doesn’t sound like it
Your prompt — that is, the email you’re writing — is kept in plain text on their server
Besides, I just don’t want AI in general, is that too much to ask? I wonder how long it will be until there are companies actively promoting their lack of AI.
I wonder how long it will be until there are companies actively promoting their lack of AI.
Its already happening, to some extent, but not mainly among the big corps. Grabbing some random examples I could find:
-
Cara blew up a few weeks ago off the back of Instagram going all-in on AI
-
Glaze and Nightshade earned a lot of popularity by offering means to sabotage them
-
Dove also made waves by directly taking shots at AI, too
-
Nintendo publicly eschewed using it, stating they’re focused “delivering value that is unique to Nintendo and cannot be created by technology alone”.
-
Newgrounds put the hammer down early on AI, but more publicly disavowed it alongside adding an option to flag something as AI-made in March this year
-
Last, but not least, Beth Spencer cooked up a quick-and-dirty “Made with Human Intelligence” badge which has since blown the fuck up online
I’m probably missing some examples, but I think my point’s made.
-
it can run locally, but Proton discourages it in their marketing, it has very high system requirements, and it requires you use a chromium-based browser (which is a non-starter for a solid chunk of Proton’s userbase). otherwise, it uses the cloud version of the feature, which works exactly like the quote describes, though Proton tries to pretend otherwise; it’s actually incredibly out of the ordinary that they pushed this feature at all without publishing anything about its threat model.
it’s unclear what happens if the feature’s enabled and set to local but you switch to a computer that can’t run the LLM. it’s also just fucked that there’s two identical versions of the same feature, but one of them exfiltrates your data.
Besides, I just don’t want AI in general, is that too much to ask?
you’re not alone. the other insulting part of this is that the vast majority of Proton’s userbase indicated they didn’t want this feature in responses to Proton’s 2024 survey, which was effectively constructed to make it impossible to say no to the LLM feature, since the feature portion of the survey was stack ranked. the blog post introducing Scribe even lies about the results of the survey — an LLM wasn’t even close to being the most requested feature.
read the fucking article before you multi-post your uninformed shit in this thread, thanks
Never rely on multi services products from a company. I know it’s more practical but you get the real benefits of having spread services.
Why is that an issue? I deploy local LLMs for work and none of the content they use or generate goes outside the encrypted active domain, so no security issues or privacy issues. The question is how contained the LLM is, that’s all.
did you read the parts of the article that describe why the LLM is an issue?
Shouldn’t the headline be about unencrypted text prompts, rather than AI?
nope
I read the article. What is the problem?
it’s an article about a poorly-designed feature that doesn’t accomplish any of its marketed goals and was hoisted upon Proton’s users in spite of their objections
this is an article about AI
The trouble is that Proton has announced and implemented Scribe in a manner that sends up huge red flags for their privacy-focused techie base.
Proton Mail’s privacy-focused users are worried about the Scribe announcement because they’ve never seen Proton be so vague and nonspecific about security and threat models.
Up to now, Proton has been serious about privacy
It’s not about AI. It’s about privacy and communication.
oh. perhaps you could explain this to the authors of the article?
fucking incredible, you managed to cherry pick some of the few sentences in the article that don’t use the words “AI” or “LLM”! good for you, you exhausting motherfucker
“unencrypted text prompts”
can’t tell if this is because bond movies or marvel movies or fatf movies or heist movies or … but good god some people just have no fucking idea whatsoever
the model execution environment can quickly solve FHE in an afternoon, for a treat. after that it has to get back to piano practice tho!
their self reported system requirements to run the local LLM don’t sound like the average office dell spec (sorry for using screenshots)
and the “opt in” flow appears to make no effort to explain the critical privacy difference between local and server llms
https://proton.me/support/proton-scribe-writing-assistant#system-requirements
Rhaa fk, enshitification… I don’t want to host my emails…
Eamonn Maguire, author of the Proton Scribe announcement post, responded to my tweet with this: https://x.com/EamonnMagu14645/status/1814062340863651965
not sure how legit that account is, actually. It’s not the one I @'ed - this one was created in Jan 2024 - either it’s his low-key alt or a bot
perhaps his plausible deniability account.
do you get banned from twitter if you call him a fucking asshole?
I’m working on a more detailed reply on mastodon but to be honest, I’m pretty sure he didn’t read the original post
it all stinks so much. He calls it “opt-in” but the official description of that opt-in is:
If you try to use Proton Scribe, you will be prompted to chose between local and server-side. So, technically, it’s not active until you decide how, and if, you want to use it.
as you can see here: https://mastodon.social/@protonprivacy/112807462045101580
there is opt-in and then there is dangling an expired hotdog
holy fuck that’s worse than I thought
so going back to not being able to recommend Proton to anyone again: there’s now a button (and associated “tutorial” advertising modals trying to get the user to click the button, don’t pretend there won’t be) that when clicked gives the user a confusing choice between an option that might not work and one that exfiltrates their data and claims it doesn’t (if they even get this choice on a computer that doesn’t support the local LLM), and if they interact with that it just opts them into the feature in a state that may or may not (but by default does) expose the plaintext of their messages to Proton’s servers
and I’m supposed to recommend this horseshit to non-technical users? what’s that sound like, I wonder? “oh it’s a great privacy-oriented mail service you should pay for — but not for your business because you might fuck up and exfiltrate your data, and also there’s a chance they’ll enable the same feature for regular users at some unspecified time in the future so look out for that. oh and don’t get visionary either.” yeah fuck that
i hate proton because they store ips and give them to the police even if they wouldn’t need to
Glad I stuck with mailbox.org.
I’m not familiar with them. What makes them more privacy focused?
It’s encrypted and based out of Germany (so, outside of five eyes). The ui is shit but if you use an app for email it’s great. They also offer anonymous payment methods if you’re into that.
they’re not end-to-end encrypted; their security model involves giving their server both your GPG private key and its passphrase, which makes your inbox and other data trivially able to be subpoenaed by German authorities.
I don’t think this is a replacement for Proton or Tutanota at all.
It’s encrypted and based out of Germany (so, outside of five eyes).
[…] your inbox and other data trivially able to be subpoenaed by German authorities
Germany is a member of the Fourteen Eyes alliance and shares data with 9 and 5 eyes members.
I just wanted to put that out there after @czech@lemm.ee suggested that the five eyes are the only eyes. They share with Germany and vice versa.
