Tailscale now supports buying Mullvad subscription through them and using it with their app. So it solves this issue, although the control you have over your Mullvad tunnel is less and it misses some advanced Mullvad features. Still probably good enough for most people.

I ended up going a different route by buying a VPS and hosting Caddy as reverse proxy. Then I only have my VPS and NAS on tailscale and other devices use the reverse proxy. This allows me to also share links to cloud files or other stuff I host with friends that are not on tailscale.

I wouldn’t be concern about the MAC addresses but about the app mentioned in the article. Why do you need an app for this? What data will it collect about you?

The conditioning of people to think it must be monetary fines is strong I guess. Imo it shouldn’t be a fine for intentionally breaking laws, especially when putting lives in danger. It should be jail time for the executives. Make the calculation disappear altogether.

I didn’t. Being wrong and being deceptive are two different things.

is not typically a good way to sell things.

Ah yes, telling the truth is not good for sales, therefore deception is ok.

Yeah, it seems we won’t agree here. Have a nice day.

If you insist on being a fanboy than go ahead. But this is like arguing a bulletproof vest is useless because it does not cover your entire body.

Well, even the mail is sometimes e2ee. Making the comparison without specifying is like marketing your safe as being used in Fort Knox and it turns out it is a cheap safe used for payroll documents like in every company. Technically true but misleading as hell. When you hear Fort Knox, you think gold vault. If you hear proton mail, you think e2ee even if most mails are external.

And even if you disagree about mail, there is no excuse for comparing to proton drive.

It is e2ee

It is not. Not in any meaningful way.

When you email someone outside Proton servers, doesn’t the same thing happen anyway?

Yes it does.

But the LLM is on Proton servers, so what’s the actual vulnerability?

Again, the issue is not the technology. The issue is deceptive marketing. Why doesn’t their site clearly say what you say? Why use confusing technical terms most people won’t understand and compare it to drive that is fully e2ee?

The easiest is to explain the consequence.

We can’t access your chat history retroactively, but we can start wiretapping your future chats.

If that is too honest for you, then just explain the data is encrypted after the LLM reads them instead of using technical terms like zero access.

What exactly is dishonest here? The language on their site is factually accurate, I’ve had to read it 7 times today because of you all.

I object to how it is written. Yes, technically it is not wrong. But it intentionally uses confusing language and rare technical terminology to imply it is as secure as e2ee. They compare it to proton mail and drive that are supposedly e2ee.

You understand that. I understand that. But try to read it from the point of view of an average user that knows next to nothing about cyber security and LLMs. It sounds like it’s e2ee that proton mail and drive are famous for. To us, that’s obviously impossible but most people will interpret that marketing this way.

It’s intentional deception, using technical terms to confuse nontechnical customers.

A local LLM is one YOU run on YOUR machine.

Yes, that is exactly what I am saying. You seem to be confused by basic English.

Look, Proton can at any time MITM attack your email

They are not supposed to be able to and well designed e2ee services can’t be. That’s the whole point of e2ee.

There is no such thing as e2ee LLMs. That’s not how any of this works.

I know. When did I say there is?

Zero-access encryption

Your chats are stored using our battle-tested zero-access encryption, so even we can’t read them, similar to other Proton services such as Proton Mail, Proton Drive, and Proton Pass.

from protons own website.

And why this is not true is explained in the article from the main post as well as easily figured out with a little common sense (AI can’t respond to messages it can’t understand, so the AI must decrypt them).

Their AI is not local, so adding it to your email means breaking e2ee. That’s to some extent fine. You can make an informed decision about it.

But proton is not putting warning labels on this. They are trying to confuse people into thinking it is the same security as their e2ee mails. Just look at the “zero trust” bullshit on protons own page.

Yes, indeed. Even so, just because there is a workaround, we should not ignore the issue (governments descending into fascism).

The worst part is that once again, proton is trying to convince its users that it’s more secure than it really is. You have to wonder what else they are lying or deceiving about.

Posted on an article about an app encouraging different users to upload info about you without your consent. Yes, really simple.

There are no very clear reasons to distrust proton, but is it just me that finds them releasing a 2FA app kinda disturbing? Like, why waste the resources? What could they do better than Aegis, which is already FOSS and privacy preserving? If there is no reason, than I have to wonder if the hidden reason is to get more data into their ecosystem. Which a privacy focused company shouldn’t care about.

I am probably just paranoid but I don’t trust Proton.

This has been the case for a long time, so suddenly you have apps like Tea that encourage you to upload info of other people. So now even the few that take care not to upload their info can be nicely monitored. And the Gestapo does not even need to pay their informants for it.

Fuck. You are right, my apologies.