cross-posted from: https://lemmy.dbzer0.com/post/50693956

Transcript

A post by [object Object] (@[email protected]) saying: courtesy of @[email protected], Proton is now the only privacy vendor I know of that vibe codes its apps: In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure! I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957

It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f

given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public

  • Epzillon@lemmy.world
    171·
    10 hours ago

    I dislike using AI when im writing my own code, simply because I do not believe AI is fair use or leads to anything positive for the creators of the works its trained on. I do use it to debug some stuff or get some hints but always double check whether the solution is good afterwards. With that said, if the cursorfile is just a settings file it only proves that someone has used AI in their IDE, the code itself does not necessarily have to be generated by an AI. And even if it were it could still be fine, it all comes down to the developers and the review process. The code is not inherently flawed because an AI wrote it. As long as humans are there to point out, find and prevent issues/security flaws its fine to use.

    Here comes the problem though. The term “vibe coding” mainly refers to people with little to no skill as developers, mainly relying on AI to do the heavy lifting. That is very problematic. Thats when security flaws, issues and tech debt start to rack up. I havent looked at the code or researched repo history, but i would believe these devs are better than “vibe coders”

    • arcterus@piefed.blahaj.zoneEnglish
      61·
      8 hours ago

      Tbh I would not be at all surprised if they were vibe coding. The snafu with the new authenticator app logging secrets, them just churning out random new apps no one asked for instead of meaningfully improving their existing products, claiming to open-source all their apps despite the Android calendar app still (after years) not being open-sourced (and with a GitHub link on their web page that implies all their code is available, but it in fact just links to the web clients), etc. have all combined to the point where I simply no longer trust them.

    • jj4211@lemmy.world
      2·
      9 hours ago

      Based on my experience with prompts and seeing what they produce when attempting significant function… I’m kind of shocked anyone makes to produce a working project at all.

      I still haven’t quite gotten over getting annoyed at bad suggestions even though I can just ignore them when they are bad.