- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
Transcript
A post by [object Object] (@[email protected]) saying: courtesy of @[email protected], Proton is now the only privacy vendor I know of that vibe codes its apps: In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure! I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957
It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f
given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public
Um, it’s a public repository. You can view the code that’s been added. Even if it IS AI generated, you can review it yourself.
I’m as anti-AI as anyone but this is misplaced AI-alarmism.
You’re a supervisor and you have 2 employees: Bill and Jim. As a supervisor your job is to ensure the work is being done correctly.
Bill is competent and rarely makes major mistakes. Jim does a decent job most of the time … but he’s also a savant at screwing up – he regularly fucks up in ways that aren’t immediately obvious but are guaranteed to cause serious problems days to weeks from the screw up.
You can glance over Bill’s work and be fairly certain it’s fine. You need to go over every single piece Jim’s work to check for problems, and even then some are probably going to slip through.
AI is currently Jim, and Jim has no business writing code for anything privacy or security focused.
That is pretty immaterial to the issue. The issue is that when it comes to security, it’s extremely poor form to rely on unintelligent mimicry.
Does anyone here actually review code?
Only my own code and so far most of it has been unacceptable.
Pure, unabashed honesty. I love it. 🫶
Yes, and it’s one of the most important things I do. Given the AI codegen boom we’re seeing, it’s also the skill I have that is increasing the fastest in value.
Uh yeah? You’d be stupid not to review code, whether written by an AI or a human. I don’t trust either.
I’m guessing OP means code you use rather than code you write, in other words auditing. Likely very few of us do that with any thoroughness. IIRC proton does have some independent auditing.
That’s what I mean too. Y’all don’t just copy-paste from stack overflow praying it works do you?
That obviously not what they meant. They mean, do you review the code for every open source application you use? Do you review every library you utilize? I’m willing to be it’s a no for both of these, because no one has time for that.
No, like proton mail app. Have you reviewed it? Or Signal or Veracrypt or TheNewHotness.
Does anyone here realize that one person using Cursor doesnt mean “tHeY’rE vIbE cOdInG aCrOsS tHe wHoLe pLaCe!”
Then why didn’t they just say that instead of being shady and rewriting history?
Because it’s also not a great idea to expose your rules files, and tell people first “oh shit, we mentioned rules files. Please don’t look!” before
I’ll be honest here, I’ve had less dogmatic conversations with conspiracy theorists about COVID. If you just need to make this a huge problem that later turns out to be a nothingburger and you’ll never look back and grow as a human, then hey, you do you. But know that you’ll look like a fool to anyone that isn’t a goldfish and remembers more than 3 months at a time. Because you clearly don’t know what’s a big deal and what’s not, and this is a Grade A waste of all our time to pitch a fit about.
Probably anti-Proton. I’m no conspiracy theorist, but the amount of pro BlueSky, anti Proton, anti Signal people I see on Lemmy make me wonder sometimes.
Proton CEO did it to the company…
Signal requires a phone number… If you don’t see an issue with that… Then you live in a better place than the rest of us. I am happy for you.
Signal is the sad compromise for the people I hold dearest because I refuse to use Messenger anymore and SMS is a joke with how glaringly unencrypted/de-facto wiretapped it is.
I’d love to get everyone on SimpleX but they already look at me like a wacko over Signal. The convenience tax is just non-negotiable for them and I have no idea how to bypass it.
I used to be a big proponent of simplex even if I dont use it with anyone, but I was told that the main developer supports tr*mp and m*sk… If you go to their github, they only link twitter as their social media and if you check their account…
https://github.com/epoberezkin (dunno if were allowed to share twitter links)
Talks about “far-left radicals”, says that nazis were socialist etc. etc. … Really yikes
Simplex ain’t ready… So ain’t pushing it as of now.
Once it is normie ready, I will start the move.
Signal is a temp solution
With that being said, I agree 100% with your comment. We work with what we got today!
For private communication Signal is the gold standard LOL
Not everyone needs shitty xmpp extensions, Matrix that lacks PFS and is enshitiffying as we speak (I say as an avid user) or overkill like SimpleX or Briar.
Sure… But you are also feeding NSA meta data on your communications which is whatever I guess for most people but I don’t like it
You seem to be misinformed. Signals architecture is explicitly designed in a way to minimise metadata as much as possible. You can look up the data they had to hand over due to lawsuits, it was absolutely minimal
Just enough, just enough
Download portmaster and review signal connections ;)
I know that Signal runs on US cloud infrastructure (like AWS IRRC)
Doesn’t change a thing about it’s security or what they had to disclose to authorities
And only that one.
Signal dev is quite adamant on not letting people have their own servers, select a EU provider (yeah, EU is nazifying, but at least it’s a large enough second-hand basket) or host the (suppossedly zero-knowledge) messages on one’s own infrastructure. I’d say that’s curious.
There is such thing like national security laws.
So you don’t know shit.
If they are told to log, they will log. And there is enough meta data leakage to create heat map of your contacts
The question is not is Proton perfect in every conceivable way, the question is: is it more private than Google and the answer to that is yes.
When you opine on social media that Proton is somehow just as bad as Google you are doing the work of Google and that’s the part that (again I don’t truly believe this) makes me wonder if Google/Meta/Twitter is sowing the social web with seeds of doubt about more private alternatives.
Proton ceo is a pedo king bootlicker and their product lacks focus was my criticism.
You ain’t never gonna catch me defending sundar the creep and rest of them parasites
Genuinely most of the people against bluesky/atproto haven’t looked into it further than the blogpost by Christine lemmer-webber, and just want to be eliteist about being on the fediverse.
It really reminds me of the Mastodon mob mentality that caused so much trouble for fosstodon :/