Transcript
A post by [object Object] (@zzt@mas.to) saying:
courtesy of @davidgerard@circumstances.run, Proton is now the only privacy vendor I know of that vibe codes its apps:
In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure!
I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957
It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f
given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public
Um, it’s a public repository. You can view the code that’s been added. Even if it IS AI generated, you can review it yourself.
I’m as anti-AI as anyone but this is misplaced AI-alarmism.
You're a supervisor and you have 2 employees: Bill and Jim. As a supervisor your job is to ensure the work is being done correctly.
Bill is competent and rarely makes major mistakes. Jim does a decent job most of the time ... but he's also a savant at screwing up -- he regularly fucks up in ways that aren't immediately obvious but are guaranteed to cause serious problems days to weeks from the screw up.
You can glance over Bill's work and be fairly certain it's fine. You need to go over every single piece Jim's work to check for problems, and even then some are probably going to slip through.
AI is currently Jim, and Jim has no business writing code for anything privacy or security focused.
This is a great example since AI isn't taking on the role of an independent software engineer here, so there is no "Jim" and this is much less of an issue than y'all are making it out to be. You know that auto-correct is also a form of ML right? Have you considered that tools can be used responsibly and that standards for software developers still apply even when they use new tools?
Yeah, and I don't fuckin use it.
Also, my auto-correct is saying that sentence is missing a comma, so I guess you don't either.
Cool that's great. Can you tell me that none of the software you use has been developed by software engineers making use of machine learning methods?
I can: I do not use any software.
Hahaha
Does anyone here actually review code?
Only my own code and so far most of it has been unacceptable.
i once wrote a script to launch a program with specific flags that i think was mostly correct, it holds center place on my CV
Pure, unabashed honesty. I love it. 🫶
Yes, and it's one of the most important things I do. Given the AI codegen boom we're seeing, it's also the skill I have that is increasing the fastest in value.
yes as a consultant/freelancer THIS is where the majority of my work is coming from now. if you're good at this SERIOUSLY consider consulting and freelancing for various companies that are now desperately trying to fix their AI tech debt. It's the ONE thing that is completely in demand right now due to the sheer incompetence of all these places that decided vibe coding and AI was the way to go.
you have no idea how much money you can potentially be making right now doing this. I'm booked solid for the rest of the year purely because of this.
Not gonna really be thing long-term. Up front savings vs customer long term retention. The up front savings are what business cares about. So yeah you'll get some companies who fucked up. Most just double down on the a. I.
What you're doing is entering the bargain-phase
Uh yeah? You’d be stupid not to review code, whether written by an AI or a human. I don’t trust either.
I'm guessing OP means code you use rather than code you write, in other words auditing. Likely very few of us do that with any thoroughness. IIRC proton does have some independent auditing.
That’s what I mean too. Y’all don’t just copy-paste from stack overflow praying it works do you?
That obviously not what they meant. They mean, do you review the code for every open source application you use? Do you review every library you utilize? I'm willing to be it's a no for both of these, because no one has time for that.
No, like proton mail app. Have you reviewed it? Or Signal or Veracrypt or TheNewHotness.
Does anyone here realize that one person using Cursor doesnt mean "tHeY'rE vIbE cOdInG aCrOsS tHe wHoLe pLaCe!"
Then why didn’t they just say that instead of being shady and rewriting history?
Because thier bosses aren't accounta le to you and I? That don't have to say a dn thing
that would make sense if it wasn't a fucking business selling the promise of security lol
Again. They don't answer to us. They don't have to say anything
Now. I agree that they SHOULD. It would be not only be better buisness, BUT its the right thing yo do
But no, they don't. The should.
oh so you just want to be annoyingly pedantic, cool
No. I'm saying quit bitching and switch f you don't like it. I have
Because it's also not a great idea to expose your rules files, and tell people first "oh shit, we mentioned rules files. Please don't look!" before
I'll be honest here, I've had less dogmatic conversations with conspiracy theorists about COVID. If you just need to make this a huge problem that later turns out to be a nothingburger and you'll never look back and grow as a human, then hey, you do you. But know that you'll look like a fool to anyone that isn't a goldfish and remembers more than 3 months at a time. Because you clearly don't know what's a big deal and what's not, and this is a Grade A waste of all our time to pitch a fit about.
That is pretty immaterial to the issue. The issue is that when it comes to security, it's extremely poor form to rely on unintelligent mimicry.
Probably anti-Proton. I'm no conspiracy theorist, but the amount of pro BlueSky, anti Proton, anti Signal people I see on Lemmy make me wonder sometimes.
Proton CEO did it to the company...
Signal requires a phone number... If you don't see an issue with that... Then you live in a better place than the rest of us. I am happy for you.
Signal is the sad compromise for the people I hold dearest because I refuse to use Messenger anymore and SMS is a joke with how glaringly unencrypted/de-facto wiretapped it is.
I’d love to get everyone on SimpleX but they already look at me like a wacko over Signal. The convenience tax is just non-negotiable for them and I have no idea how to bypass it.
I used to be a big proponent of simplex even if I dont use it with anyone, but I was told that the main developer supports tr*mp and m*sk... If you go to their github, they only link twitter as their social media and if you check their account...
https://github.com/epoberezkin (dunno if were allowed to share twitter links)
Talks about "far-left radicals", says that nazis were socialist etc. etc. .... Really yikes
TBH I feel like so many project leaders are wackos that I don't even judge the products by those, just by things they do. I still have hope in Simplex, but there were a couple of red flags, such as content scanning proposals, including clientside. Sure, it can probably be relatively easily forked to remove that specific thing, or you can choose the servers that don't do that, but it's still alarming that they try.
Yuck. Well then again we sit in Lemmy, and the lead dev is a proud tankiest tankie. Open source do be like that.
Lol, got a point there
Simplex ain't ready... So ain't pushing it as of now.
Once it is normie ready, I will start the move.
Signal is a temp solution
With that being said, I agree 100% with your comment. We work with what we got today!
For private communication Signal is the gold standard LOL
Not everyone needs shitty xmpp extensions, Matrix that lacks PFS and is enshitiffying as we speak (I say as an avid user) or overkill like SimpleX or Briar.
Sure... But you are also feeding NSA meta data on your communications which is whatever I guess for most people but I don't like it
You seem to be misinformed. Signals architecture is explicitly designed in a way to minimise metadata as much as possible. You can look up the data they had to hand over due to lawsuits, it was absolutely minimal
First - I'm not sure Sealed Sender would help against the server being changed to be actively malicious and trying to build social graphs. Second - even metadata concerns aside, a centralized system is just not resilient. Proposals like Chat Control are A LOT more easily enforceable with them than with tiny selfhosted servers.
Just enough, just enough
Download portmaster and review signal connections ;)
I know that Signal runs on US cloud infrastructure (like AWS IRRC)
Doesn't change a thing about it's security or what they hand to disclose to authorities
There is such thing like national security laws.
So you don't know shit.
If they are told to log, they will log. And there is enough meta data leakage to create heat map of your contacts
And only that one.
Signal dev is quite adamant on not letting people have their own servers, select a EU provider (yeah, EU is nazifying, but at least it's a large enough second-hand basket) or host the (suppossedly zero-knowledge) messages on one's own infrastructure. I'd say that's curious.
The question is not is Proton perfect in every conceivable way, the question is: is it more private than Google and the answer to that is yes.
When you opine on social media that Proton is somehow just as bad as Google you are helping doing the work of Google and that's the part that (again I don't truly believe this) makes me wonder if Google/Meta/Twitter is sowing the social web with seeds of doubt about more private alternatives.
Proton ceo is a pedo king bootlicker and their product lacks focus was my criticism.
You ain't never gonna catch me defending sundar the creep and rest of them parasites
You may want to double check that.
I didn't say defending, I said helping. Which you are.
You are entitled to you opinion
It really reminds me of the Mastodon mob mentality that caused so much trouble for fosstodon :/