we appear to be the first to write up the outrage coherently too. much thanks to the illustrious @self
you can see they are actively monitoring the masto discourse and responding whenever they think their justification list has any merit https://hci.social/@protonprivacy@mastodon.social/with_replies
but they are already saying stuff out of sync with their promotional material so damage control does appear to be in action
e.g.
Thanks for the feedback everyone. Just to be clear, Proton Scribe is:
- only for business users, who have asked for it
https://mastodon.social/@protonprivacy/112814751983760603
but their site says
Who can use Proton Scribe? We are currently rolling out Scribe to eligible users. If you’re on a Proton Business plan, including Mail Essentials, Mail Professional, and Proton > Business Suite, you can try Proton Scribe for free for 14 days. If you’re on our Visionary plan, it’s included with your plan.
https://web.archive.org/web/20240719203115/https://proton.me/support/proton-scribe-writing-assistant
fuck, the pure PR fluff they’re posting in response to “hey fucknuts, this thing breaks your fucking security model”. I’ve dropped other companies for doing this “uhh no it doesn’t, trust us” shit before. if they had proof this thing’s secure they would’ve posted it by now, but they don’t (because it isn’t, it’s broken by design) so instead they have to post this horseshit
I highlighted another nice dig by weizenbaum this afternoon which your “broken by design” reminded me of:
“These gigantic computer systems have usually been put together (one cannot always use the word designed) by teams of programmers, whose work is often spread over many years. By the time these systems come into use, most of the original programmers have left or turned their attention to other pursuits. It is precisely when such systems begin to be used that their inner workings can no longer be understood by any single person or by a small team of individuals.”
I think that sequence of events happens sometimes but not all the times. the generational-departed programmer thing happens more in bigger orgs or teams with a bit of a more established presence/footprint. and I don’t really get the impression proton is that big yet
this one smells more like the other kind of ratfuckery I’ve seen in shartups: some particular bugbear/feature-idea “driven” by a C-level/owner/teamlead (where “driven”, n.: “someone said go do it”), enabled by complicit PM/POs doing some goalwashing, with devs either just keeping their head down, or actively participating in creation
bit of a whoopsie walkback after caught pants down
totes normal. everyone has this all the time, amirite?!
also I keep meaning to push on this and getting distracted:
only for business users, who have asked for it
fuck no, this breaks the security model for every proton user. one of the key assumptions of Proton’s end to end encrypted model is that the plaintext of a messsge never touches Proton’s servers, on both ends of the conversation. now if a proton business/visionary (and they keep fucking forgetting they forced their visionary accounts into having this horseshit) user sends me a message or a reply, there’s a chance the plaintext on their end was exposed to Proton’s servers, and as the receiver I can’t control or even detect the conditions that cause the plaintext leak (is the sender a proton business/visionary account? did they use the cloud version of the LLM? what text did it operate on?)
fucking unworkable. I’m not even a cryptographer, but this is the most obvious plaintext leak I’ve ever seen in a cryptography product.