No joke. This belongs in an exhibition.
oktux
joined 1 year ago
I appreciate you pointing out the limits and pitfalls of e2e encryption. It added important nuance to the thread. Thanks!
It sounds like your main concern is that once your inbox is decrypted by your local device it could be used by Proton to train Scribe or for some other (perhaps nefarious) purpose.
For the first point, I think the technical challenge of creating a distributed machine learning algorithm, which runs locally on each user's device and then somehow aggregates the results, is much more difficult than downloading and using an existing model like Scribe does currently, but I agree that it is theoretically possible. If Proton ever overcomes that challenge and offers that feature, I hope they handle it as I suggested above for Scribe: an option to disable it the first time you use it. As long as I could disable it, I would consider the risk minimal. As it stands today, I consider the risk negligible.
For the second point, it's true Proton could program their app (or their website) to send your decrypted inbox elsewhere. (That's true of every email provider, unless sender and receiver have exchanged PGP keys, since email is a plaintext protocol.) I trust that they don't, based on my assessment of the available info, including discussions like this. I certainly consider them much more trustworthy than Facebook/Meta.
As a general point, I think a lot of security/privacy for services like Proton comes down to trust. It's important to keep Proton honest and to keep ourselves informed. I'm glad we have communities like this to help us do that.
It's enabled by default and can send your email drafts to their server. The first time you try to use it (by clicking the Scribe button), it asks whether you want to use the local version or the cloud version. It's easy to disable it completely in Settings.
It does not, and cannot, train on your inbox, due to end-to-end-encryption.
More info: https://proton.me/support/proton-scribe-writing-assistant
I would prefer if the inital prompt included an option to disabled Scribe completely, and a warning about the privacy implications of enabling it, but overall I think their approach is good enough for my privacy needs.
It sounds odd to me too, but I found a wiki article on it: https://en.m.wikipedia.org/wiki/Positive_anymore
I did a lot of research on digitizing old VHS tapes and ended up going with a local, professional service to have mine converted.
If you want to do it yourself, this site and its associated forum are a great starting place to learn how: https://www.digitalfaq.com/editorials/digital-video/professional-analog-workflow.htm
The EFF has an article that explains the latest changes (and why they still oppose the bill): https://www.eff.org/deeplinks/2023/08/congress-amended-kosa-its-still-censorship-bill
And an article explaining the "original" bill: https://www.eff.org/deeplinks/2023/05/kids-online-safety-act-still-huge-danger-our-rights-online
* "original" in quotes because KOSA was created in 2022, rejected, then resurrected in 2023. This is the resurrected 2023 version.
If you oppose this bill, you can fill out this form to email your senator: https://act.eff.org/action/tell-congress-kosa-will-censor-the-internet-but-won-t-help-kids
I think self-hosting a simple, static web site on a Raspberry Pi would be a good project.
Overall, I think a practical, interesting project is a great way to make lessons concrete and engaging, and this particular project would an excellent springboard into a variety of topics that are fundamental to the invisible technology that underpins everything we do day to day.