<p>If an organization runs a survey in 2024 on whether it should get into AI, then they’ve already bodged an LLM into the system and they’re seeing if they can get away with it.</p>
<p>Proton Mail is a privacy-focused email service. It’s the level of privacy service that privacy obsessives recommend to their friends.</p>
<p>Proton Mail ran a user survey two months ago. They found some readers saying they were “interested in AI,” didn’t include a “hell no” option, and today, they’ve introduced Proton Scribe, claiming that “interested in AI” constituted user demand for this specific feature! [<a href="https://proton.me/blog/2024-proton-survey-results"><i>blog post</i></a><i>; </i><a href="https://proton.me/blog/proton-scribe-writing-assistant"><i>blog post</i></a>]</p>
<p>Proton Scribe is a AI writing assistant for Proton Mail’s enterprise customers — who give them vastly more money than their original base of privacy-focused users do. The enterprise users very much want to press a button to write those emails that they didn’t want to write and the recipient didn’t want to read.</p>
<p>The trouble is that Proton has announced and implemented Scribe in a manner that sends up huge red flags for their privacy-focused techie base — who now wonder if ProtonMail is still safe enough to recommend to their non-techie friends.</p>
<p><span id="more-410"></span></p>
<p>Scribe uses a Mistral LLM — trained on the usual copyrighted data, though apparently not on your inbox — running on ProtonMail’s own servers or on your own hefty and recent PC. Proton says “only the prompt is sent to the server, and is deleted immediately after use.” The feature is supposedly off by default, but users report it being on by default. [<a href="https://old.reddit.com/r/ProtonMail/comments/1e68ls7/introducing_proton_scribe_a_privacyfirst_writing/"><i>Reddit</i></a>]</p>
<p>Proton Mail’s privacy-focused users are worried about the Scribe announcement because they’ve never seen Proton be so vague and nonspecific about security and threat models. Proton’s threat models for their email, calendar, and document storage are precise and detailed, listing which parts are end-to-end encrypted and why. [<a href="https://proton.me/blog/protonmail-threat-model"><i>Mail security model</i></a><i>; </i><a href="https://proton.me/blog/protoncalendar-security-model"><i>Calendar security model</i></a><i>; </i><a href="https://proton.me/blog/protondrive-security"><i>Drive security model</i></a>]</p>
<p>Up to now, Proton has been serious about privacy — for example, email is stored encrypted in such a way that Proton themselves can’t decode it. Proton have to respond to subpoenas, but they can only supply traffic metadata, not the contents of the traffic.</p>
<p>Proton’s descriptions of Scribe are vague and waffly about their threat model. Your prompt — that is, the email you’re writing — is kept in plain text on their server, unlike emails you’ve sent or received, which are secure at rest. Proton promises they don’t log the prompts — but services like Apple, which many Proton users were trying to get away from, make only the same level of promise.</p>
<p>The Scribe announcement blog post conflates the machine-learning in their security system with the LLM in Scribe — two completely different technologies — as comparable examples of “AI.” Nobody who knows what they’re talking about technically would do that.</p>
<p>The outraged privacy-focused techies are zooming in on red flags only they can see. But those are the sort of red flags that indicate dangerous sloppiness, to a degree that they may not be able to safely recommend ProtonMail to their friends anymore. Your nerd friends keep an eye on this stuff for your sake.</p>
<p>In 2021, Signal Messenger — famous for its journalist-quality security — started messing about with a cryptocurrency, Mobilecoin, which we covered <a href="https://amycastor.com/2021/04/07/signal-adopts-mobilecoin-a-crypto-project-linked-to-its-own-creator-moxie-marlinspike/">here</a> and <a href="https://davidgerard.co.uk/blockchain/2021/04/08/signal-messenger-goes-cryptocurrency-with-mobilecoin-proof-of-intel-cpu/">here</a>. Techies who had recommended Signal to their friends were <a href="https://amycastor.com/2021/04/11/news-coinbase-q1-earnings-signal-integrates-mobilecoin-gbtc-premium-in-the-toilet-reggie-fowlers-new-lawyer/">similarly</a> <a href="https://amycastor.com/2022/01/15/news-signal-goes-worldwide-with-payments-irs-sets-its-sights-on-nfts-bukeles-bad-bets-on-btc/">outraged</a>. Signal founder Moxie Marlinspike was ousted shortly after the MobileCoin announcement.</p>
<p>ProtonMail used to be journalist-quality, and that’s no longer clear. If Signal suddenly degraded its security to the level of WhatsApp or Telegram, you wouldn’t recommend it to your friends living in dictatorships.</p>
<div class="sharedaddy sd-sharing-enabled"><div class="robots-nocontent sd-block sd-social sd-social-icon sd-sharing"><h3 class="sd-title">Share this post:</h3><div class="sd-content"><ul><li class="share-facebook"><a class="share-facebook sd-button share-icon no-text" data-shared="sharing-facebook-410" href="https://pivot-to-ai.com/2024/07/18/proton-mail-goes-ai-security-focused-userbase-goes-what-on-earth/?share=facebook" rel="nofollow noopener noreferrer" target="_blank" title="Click to share on Facebook"><span></span><span class="sharing-screen-reader-text">Click to share on Facebook (Opens in new window)</span></a></li><li class="share-linkedin"><a class="share-linkedin sd-button share-icon no-text" data-shared="sharing-linkedin-410" href="https://pivot-to-ai.com/2024/07/18/proton-mail-goes-ai-security-focused-userbase-goes-what-on-earth/?share=linkedin" rel="nofollow noopener noreferrer" target="_blank" title="Click to share on LinkedIn"><span></span><span class="sharing-screen-reader-text">Click to share on LinkedIn (Opens in new window)</span></a></li><li class="share-reddit"><a class="share-reddit sd-button share-icon no-text" data-shared="" href="https://pivot-to-ai.com/2024/07/18/proton-mail-goes-ai-security-focused-userbase-goes-what-on-earth/?share=reddit" rel="nofollow noopener noreferrer" target="_blank" title="Click to share on Reddit"><span></span><span class="sharing-screen-reader-text">Click to share on Reddit (Opens in new window)</span></a></li><li class="share-twitter"><a class="share-twitter sd-button share-icon no-text" data-shared="sharing-twitter-410" href="https://pivot-to-ai.com/2024/07/18/proton-mail-goes-ai-security-focused-userbase-goes-what-on-earth/?share=twitter" rel="nofollow noopener noreferrer" target="_blank" title="Click to share on Twitter"><span></span><span class="sharing-screen-reader-text">Click to share on Twitter (Opens in new window)</span></a></li><li class="share-mastodon"><a class="share-mastodon sd-button share-icon no-text" data-shared="sharing-mastodon-410" href="https://pivot-to-ai.com/2024/07/18/proton-mail-goes-ai-security-focused-userbase-goes-what-on-earth/?share=mastodon" rel="nofollow noopener noreferrer" target="_blank" title="Click to share on Mastodon"><span></span><span class="sharing-screen-reader-text">Click to share on Mastodon (Opens in new window)</span></a></li><li class="share-bluesky"><a class="share-bluesky sd-button share-icon no-text" data-shared="sharing-bluesky-410" href="https://pivot-to-ai.com/2024/07/18/proton-mail-goes-ai-security-focused-userbase-goes-what-on-earth/?share=bluesky" rel="nofollow noopener noreferrer" target="_blank" title="Click to share on Bluesky"><span></span><span class="sharing-screen-reader-text">Click to share on Bluesky (Opens in new window)</span></a></li><li class="share-email"><a class="share-email sd-button share-icon no-text" data-email-share-error-text="If you're having problems sharing via email, you might not have email set up for your browser. You may need to create a new email yourself." data-email-share-error-title="Do you have email set up?" data-email-share-nonce="d67aa63352" data-email-share-track-url="https://pivot-to-ai.com/2024/07/18/proton-mail-goes-ai-security-focused-userbase-goes-what-on-earth/?share=email" data-shared="" href="mailto:?subject=%5BShared%20Post%5D%20Proton%20Mail%20goes%20AI%2C%20security-focused%20userbase%20goes%20%E2%80%98what%20on%20earth%E2%80%99&body=https%3A%2F%2Fpivot-to-ai.com%2F2024%2F07%2F18%2Fproton-mail-goes-ai-security-focused-userbase-goes-what-on-earth%2F&share=email" rel="nofollow noopener noreferrer" target="_blank" title="Click to email a link to a friend"><span></span><span class="sharing-screen-reader-text">Click to email a link to a friend (Opens in new window)</span></a></li><li class="share-end"></li></ul></div></div></div><div class="sharedaddy sd-block sd-like jetpack-likes-widget-wrapper jetpack-likes-widget-unloaded" data-name="like-post-frame-234484554-410-678983b7eaba8" data-src="https://widgets.wp.com/likes/?ver=14.2.1#blog_id=234484554&post_id=410&origin=pivot-to-ai.com&obj_id=234484554-410-678983b7eaba8&n=1" data-title="Like or Reblog" id="like-post-wrapper-234484554-410-678983b7eaba8"><h3 class="sd-title">Like this:</h3><div class="likes-widget-placeholder post-likes-widget-placeholder" style="height: 55px;"><span class="button"><span>Like</span></span> <span class="loading">Loading...</span></div><span class="sd-text-color"></span><a class="sd-link-color"></a></div>
<div class="jp-relatedposts" id="jp-relatedposts">
<h3 class="jp-relatedposts-headline"><em>Related</em></h3>
</div>
