Proton
Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.
Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.
Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.
Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.
Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.
Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.
SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.
view the rest of the comments
It's enabled by default and can send your email drafts to their server. The first time you try to use it (by clicking the Scribe button), it asks whether you want to use the local version or the cloud version. It's easy to disable it completely in Settings.
It does not, and cannot, train on your inbox, due to end-to-end-encryption.
More info: https://proton.me/support/proton-scribe-writing-assistant
I would prefer if the inital prompt included an option to disabled Scribe completely, and a warning about the privacy implications of enabling it, but overall I think their approach is good enough for my privacy needs.
End to end encryption means it can be trained on your inbox, especially locally. It’s not encrypted at rest on your side, else you wouldn’t be able to read it.
That’s why Facebook’s whole “WhatsApp is e2e encrypted, we can’t see anything” is and was a whole farce. They wouldn’t even make the claim in court. People even proved that they could exfiltrate data from WhatsApp after it made it to a users phone over to the Facebook app and boom, e2e didn’t matter at all.
It sounds like your main concern is that once your inbox is decrypted by your local device it could be used by Proton to train Scribe or for some other (perhaps nefarious) purpose.
For the first point, I think the technical challenge of creating a distributed machine learning algorithm, which runs locally on each user's device and then somehow aggregates the results, is much more difficult than downloading and using an existing model like Scribe does currently, but I agree that it is theoretically possible. If Proton ever overcomes that challenge and offers that feature, I hope they handle it as I suggested above for Scribe: an option to disable it the first time you use it. As long as I could disable it, I would consider the risk minimal. As it stands today, I consider the risk negligible.
For the second point, it's true Proton could program their app (or their website) to send your decrypted inbox elsewhere. (That's true of every email provider, unless sender and receiver have exchanged PGP keys, since email is a plaintext protocol.) I trust that they don't, based on my assessment of the available info, including discussions like this. I certainly consider them much more trustworthy than Facebook/Meta.
As a general point, I think a lot of security/privacy for services like Proton comes down to trust. It's important to keep Proton honest and to keep ourselves informed. I'm glad we have communities like this to help us do that.
Sorry I was not claiming that proton in any way was causing a problem here. I was just refuting the point that e2e means they cannot train on your inbox. I don’t even use proton but have been considering it. I do not mind the AI features.
I appreciate you pointing out the limits and pitfalls of e2e encryption. It added important nuance to the thread. Thanks!
You’re welcome. Honestly I wanted to point it out cuz I hate Facebook and WhatsApp 😂
Thanks for the correction