• hansolo@lemmy.today
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    3
    ·
    2 days ago

    So then you object to the premise any LLM setup that isn’t local can ever be “secure” and can’t seem to articulate that.

    What exactly is dishonest here? The language on their site is factually accurate, I’ve had to read it 7 times today because of you all. You just object to the premise of non-local LLMs and are, IMO, disingenuously making that a “brand issue” because…why? It sounds like a very emotional argument as it’s not backed by any technical discussion beyond “local only secure, nothing else.”

    Beyond the fact that

    They are not supposed to be able to and well designed e2ee services can’t be.

    So then you trust that their system is well-designed already? What is this cognitive dissonance that they can secure the relatively insecure format of email, but can’t figure out TLS and flushing logs for an LLM on their own servers? If anything, it’s not even a complicated setup. TLS to the context window, don’t keep logs, flush the data. How do you think no-log VPNs work? This isn’t exactly all that far off from that.

    • DreamlandLividity@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      2
      ·
      2 days ago

      What exactly is dishonest here? The language on their site is factually accurate, I’ve had to read it 7 times today because of you all.

      I object to how it is written. Yes, technically it is not wrong. But it intentionally uses confusing language and rare technical terminology to imply it is as secure as e2ee. They compare it to proton mail and drive that are supposedly e2ee.

      • loudwhisper@infosec.pub
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        2 days ago

        They compare it to proton mail and drive that are supposedly e2ee.

        Only drive is. Email is not always e2ee, it uses zero-access encryption which I believe is the same exact mechanism used by this chatbot, so the comparison is quite fair tbh.

        • DreamlandLividity@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 day ago

          Well, even the mail is sometimes e2ee. Making the comparison without specifying is like marketing your safe as being used in Fort Knox and it turns out it is a cheap safe used for payroll documents like in every company. Technically true but misleading as hell. When you hear Fort Knox, you think gold vault. If you hear proton mail, you think e2ee even if most mails are external.

          And even if you disagree about mail, there is no excuse for comparing to proton drive.

          • loudwhisper@infosec.pub
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            1 day ago

            Email is almost always zero-access encryption (like live chats), considering the % of proton users and the amount of emails between them (or the even smaller % of PGP users). Drive is e2ee like chat history. Basically I see email : chats = drive : history.

            Anyway, I agree it could be done better, but I don’t really see the big deal. Any user unable to understand this won’t get the difference between zero-access and e2e.

      • hansolo@lemmy.today
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 day ago

        It is e2ee – with the LLM context window!

        When you email someone outside Proton servers, doesn’t the same thing happen anyway? But the LLM is on Proton servers, so what’s the actual vulnerability?

        • DreamlandLividity@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          edit-2
          1 day ago

          It is e2ee

          It is not. Not in any meaningful way.

          When you email someone outside Proton servers, doesn’t the same thing happen anyway?

          Yes it does.

          But the LLM is on Proton servers, so what’s the actual vulnerability?

          Again, the issue is not the technology. The issue is deceptive marketing. Why doesn’t their site clearly say what you say? Why use confusing technical terms most people won’t understand and compare it to drive that is fully e2ee?

          • sem@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 day ago

            It is deceptive. This thread is full of people who know enough to not be deceived and they think it should be obvious to everyone… but it’s not.

          • hansolo@lemmy.today
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 day ago

            Because this is highly nuanced technical hair splitting, which is not typically a good way to sell things.

            Look, we need to agree to disagree here, because you are not changing your mind, but I don’t see anything compelling here that’s introduced a sliver of doubt for me. If anything, forcing me to look into it in detail makes me feel more OK with using it.

            Whatever. Have a nice day.

            • DreamlandLividity@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 day ago

              is not typically a good way to sell things.

              Ah yes, telling the truth is not good for sales, therefore deception is ok.

              Yeah, it seems we won’t agree here. Have a nice day.