this post was submitted on 08 Aug 2025
435 points (85.5% liked)

Privacy

3473 readers
174 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be civil and no prejudice
  2. Don't promote big-tech software
  3. No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
  4. No reposting of news that was already posted
  5. No crypto, blockchain, NFTs
  6. No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 9 months ago
MODERATORS
fxomt@lemmy.dbzer0.com
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
fxomt@piefed.social
435
Proton is vibe coding some of its apps. (lemmy.dbzer0.com)
submitted 3 days ago* (last edited 3 days ago) by irelephant@lemmy.dbzer0.com to c/privacy@lemmy.dbzer0.com
203 comments fedilink hide all child comments
 

TranscriptA post by [object Object] (@zzt@mas.to) saying: courtesy of @davidgerard@circumstances.run, Proton is now the only privacy vendor I know of that vibe codes its apps: In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure! I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957

It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f

given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public

you are viewing a single comment's thread
view the rest of the comments
[–] alsaaas@lemmy.dbzer0.com 7 points 3 days ago* (last edited 3 days ago) (1 children)

For private communication Signal is the gold standard LOL

Not everyone needs shitty xmpp extensions, Matrix that lacks PFS and is enshitiffying as we speak (I say as an avid user) or overkill like SimpleX or Briar.

[–] sunzu2@thebrainbin.org -1 points 3 days ago (1 children)

Sure... But you are also feeding NSA meta data on your communications which is whatever I guess for most people but I don't like it

[–] alsaaas@lemmy.dbzer0.com 7 points 3 days ago* (last edited 3 days ago) (2 children)

You seem to be misinformed. Signals architecture is explicitly designed in a way to minimise metadata as much as possible. You can look up the data they had to hand over due to lawsuits, it was absolutely minimal

[–] EngineerGaming@retrolemmy.com 2 points 1 day ago

First - I'm not sure Sealed Sender would help against the server being changed to be actively malicious and trying to build social graphs. Second - even metadata concerns aside, a centralized system is just not resilient. Proposals like Chat Control are A LOT more easily enforceable with them than with tiny selfhosted servers.

[–] sunzu2@thebrainbin.org 2 points 3 days ago (1 children)

minimise

Just enough, just enough

Download portmaster and review signal connections ;)

[–] alsaaas@lemmy.dbzer0.com 3 points 3 days ago* (last edited 2 days ago) (2 children)

I know that Signal runs on US cloud infrastructure (like AWS IRRC)

Doesn't change a thing about it's security or what they hand to disclose to authorities

[–] sunzu2@thebrainbin.org 5 points 3 days ago

There is such thing like national security laws.

So you don't know shit.

If they are told to log, they will log. And there is enough meta data leakage to create heat map of your contacts

[–] lambalicious@lemmy.sdf.org -1 points 2 days ago

I know that Signal runs on US cloud infrastructure

And only that one.

Signal dev is quite adamant on not letting people have their own servers, select a EU provider (yeah, EU is nazifying, but at least it's a large enough second-hand basket) or host the (suppossedly zero-knowledge) messages on one's own infrastructure. I'd say that's curious.