Proton is vibe coding some of its apps.
cross-posted from: lemmy.dbzer0.com/post/50693956
::: spoiler Transcript
A post by [object Object] (@zzt@mas.to) saying:
courtesy of @davidgerard@circumstances.run, Proton is now the only privacy vendor I know of that vibe codes its apps:
In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure!
I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. circumstances.run/@davidgerard…It has a reply by the author saying:
in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: github.com/ProtonMail/WebClien…given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public
:::
GitHub - ProtonMail/WebClients at 2a5e2ad4db0c84f39050bf2353c944a96d38e07f
Monorepo hosting the proton web clients. Contribute to ProtonMail/WebClients development by creating an account on GitHub.GitHub
Proton’s Lumo AI chatbot: not end-to-end encrypted, not open sourcepivot-to-ai.com/2025/08/02/pro… - text
pivottoai.libsyn.com/20250802-… - podcast
youtube.com/watch?v=HDPZbUPUFy… - videoProton’s Lumo AI chatbot: not end-to-end encrypted, not open source
Proton Mail is famous for its privacy and security. The cool trick they do is that not even Proton can decode your email. That’s because it never exists on their systems as plain text — it’s always…Pivot to AI
like this
ExcessShiv
in reply to irelephant [he/him] • • •What's a good alternative VPN provider in EU, not based in Italy? Mullvad is not an option, port forwarding is an absolute requirement.
Also, is there anything out there that ties password/account management and temp emails together as well as proton pass?
TimLovesTech
in reply to ExcessShiv • • •ExcessShiv
in reply to TimLovesTech • • •Yeah it's not just for privacy, hence the port forwarding requirement.
AFAIK nothing has shown issues with the privacy of either email or VPN? At least not something that wasn't caused by blatant idiot user error like the guy with his apple email as recovery email.
katy ✨
in reply to ExcessShiv • • •hankthetankie [none/use name]
in reply to ExcessShiv • • •ExcessShiv
in reply to hankthetankie [none/use name] • • •Mugita Sokio
in reply to ExcessShiv • • •Luci
in reply to irelephant [he/him] • • •asudox
in reply to Luci • • •Cursor is literally marketed as "The AI Code Editor". I am not sure why anyone would use an AI code editor if they aren't planning on vibe coding.
Proton is, in my opinion, a bad privacy company anyway. Vibe code or not, stop paying them.
BombOmOm
in reply to asudox • • •ShoeThrower
in reply to BombOmOm • • •Ok, but VS has been around MUCH longer and has been widely used long before any AI features were added. People who have been using VS for years, aren't likely to just switch, especially in professional environments where VS has largely dominated.
Cursor OTOH, was specifically made to leverage AI. You don't just start using Cursor.
stink
in reply to ShoeThrower • • •Jumuta
in reply to BombOmOm • • •Luci
in reply to asudox • • •ObsidianZed
in reply to Luci • • •See my comment here.
ObsidianZed
2025-08-08 19:51:22
flandish
in reply to irelephant [he/him] • • •irelephant [he/him]
in reply to flandish • • •flandish
in reply to irelephant [he/him] • • •akilou
in reply to irelephant [he/him] • • •irelephant [he/him]
in reply to akilou • • •tyler
in reply to irelephant [he/him] • • •irelephant [he/him]
in reply to tyler • • •tyler
in reply to irelephant [he/him] • • •Mr. Satan
in reply to flandish • • •DevDocs API Documentation
devdocs.ioBombOmOm
in reply to irelephant [he/him] • • •Visual Studio and VS Code have an AI assistant as well, yet we don't decree all programs written with them as 'vibe coding'. The presence of an AI assistant in the IDE isn’t evidence of vibe coding.
Proton’s repo here is open source. What portion of it presents issues? Any?
SpaceNoodle
in reply to BombOmOm • • •HappyFrog
in reply to irelephant [he/him] • • •katy ✨
in reply to irelephant [he/him] • • •like this
sunzu2 likes this.
sunzu2
in reply to katy ✨ • • •God banned on proton sub for calling out this poor CEO's antics
They love free speech when they charge you money but no when you express your opinions online about their product and "leadership" 🤡
Years and still no contacts, I am making plans to move again
Never do one stop shop services people!!! Google and apple should have already taught you that
алсааас [she/they]
in reply to katy ✨ • • •Please learn nuance before falling into mob mentality
m.opnxng.com/@ovenplayer/does-…
simple
in reply to irelephant [he/him] • • •Mastodon at it again with pitchforks and torches for the slightest inconvenience.
Using Cursor doesn't prove anything. Many people use Cursor as an advanced autocomplete, nothing else. It's not like they're hammering random AI-generated code and merging it without thinking. "Vibe coding" means generating barely-working code you don't understand to try and get thinks working.
This shit is why I hate the mastodon community, it's always strawmen and "you're one of THEM" style witchhunts with them
hansolo
in reply to simple • • •Seriously, WTF is this elitism?
Do these people also walk everywhere because they think a bike, train, or car is somehow disingenuous? What hypocrites.
Chulk
in reply to simple • • •Yep, anyone who assumes that the presence of a .cursor directory automatically means that:
Is either arguing in bad faith or has no idea what they're talking about.
It could be something as simple as one dev trying out cursor (an editor thats literally just a vscode fork with ai features) and accidentally committing their .cursor directory (really easy to do).
kameecoding
in reply to simple • • •dropped_packet
in reply to kameecoding • • •RipLemmDotEE
in reply to dropped_packet • • •HiddenLayer555
in reply to RipLemmDotEE • • •People refer to generative AI when they just say "AI" nowadays.
There are a ton of small, single purpose neural networks that work really well, but the "general purpose" AI paradigm has wiped those out in the public consciousness. Natural language processing and modern natural sounding text to speech are by definition AI as they use neural networks, but they're not the same as ChatGPT to the point that a lot of people don't even consider them AI.
Also AI is really good at computing protein shapes. Not in a "ChatGPT is good enough that it's not worth hiring actual writers to do it better" way, in a "this is both faster and more accurate than any other protein folding algorithm we had" way.
FauxLiving
in reply to HiddenLayer555 • • •Yeah, people don't realize how huge this kind of thing is. We've been trying for YEARS to figure out how to correctly model protein structures of novel proteins.
Now, people have trained a network that can do it and, using the same methods to generate images (diffusion models), they can also describe an arbitrary set of protein properties/shapes and the AI will generate a string of amino acids which are most likely to create it.
The LLMs and diffusion models that generate images are neat little tech toys that demonstrate a concept. The real breakthroughs are not as flashy and immediately obvious.
For example, we're starting to see AI robotics, which have been trained to operate a specific robot body in dynamic situations. Manually programming robotics is HARD and takes a lot of engineers and math. Training a neural network to operate a robot is, comparatively, a simple task which can be done without the need for experts (once there are Pretrained foundational models).
Chulk
in reply to kameecoding • • •I'm a pretty big generative AI hater when it comes to art and writing. I don't think generative AI can make meaningful art because it cannot come up with new concepts. Art is something that AI should be freeing up time in our lives for us to do. But that's not how it's shaping up.
However, AI is very helpful for understanding codebases and doing things like autocompletion. This is because code is less expressive than human language and it's easier for AI to approximate what is necessary.
mfed1122
in reply to kameecoding • • •HiddenLayer555
in reply to kameecoding • • •I'm personally scared of AI (not angry or hateful, actually scared by just how fast it's advancing) and that definitely clouds my judgement of it and makes nuance difficult.
It's like a deal with the devil. You see all these amazing benefits but you just know you're the one being taken advantage of, because, like the devil, AI corporations by definition only think about how you can be of use to them.
space_comrade [he/him]
in reply to simple • • •Also I don't think most people understand just how ineffective true vibe coding is. I tried it a few times and could barely get something slightly more complex than a demo todo app working, and even if it was working it was barely prototype level quality of user experience, there is zero chance somebody is deploying vibe coded features into a large, serious production system and not suffering major and immediate consequences because shit just didn't work at all.
The best you're going to get out of it is it shortens the amount of time wasted on tiny adjustment to the UI or something.
HiddenLayer555
in reply to space_comrade [he/him] • • •This gets into the question of what, if anything, AI "should" be used for.
I've heard responses to this go both ways. Some people argue that saving time on repetitive simple tasks is what AI "should" be used for; but other people say that if you can't even do something as simple and repetitive as a tiny adjustment to the UI, you shouldn't be in a development job to begin with; or that you're stealing the work of other programmers who had their code scraped for training data who are not being paid while you are, and that maybe you should be fired and the people who had their code scraped be hired instead.
IDK what the right answer is, I think this is something I will struggle with for ages while the unscrupulous people use AI for everything and anything.
ObsidianZed
in reply to simple • • •See my comment here.
ObsidianZed
2025-08-08 19:51:22
Mr. Satan
in reply to simple • • •Here I am just thinking I'm a better programmer without AI (LLMs).
For me it's just glorified autocomplete. I haven't tried it in any real capacity, but my colleagues did and I've seen some examples. It's all basic shit I already know. In no way I felt compelled or even seen anything really useful. It can give you a head start, but I already have the knowledge to have a head start.
Some colleagues are using it for SQL, because they're unfamiliar with it, and I'm like, it's all good if it works for you, but you're not gonna learn properly if you don't try to write stuff yourself.
This touches on another point I don't see too often — I code because I like solving problems. If I outsource that, then what's the point? And it's exactly this that makes me a competent, and dare I say, good programmer.
Another issue for me is this chat bot format. I don't what a chat bot! If I have to go out of my way to try and coerce a fucking chat bot into being a useful tool then it already lost its usefulness. The only acceptable format for AI coding is better autocomplete, i. e. ability to autofill boilerplate more, better and, most importantly, as seamlessly as current solutions in modern IDEs.
In general I don't feel threatened by AI and when the tools catch up I'll gladly use them or even retire and code just for fun.
Irdial
in reply to irelephant [he/him] • • •ShoeThrower
in reply to Irdial • • •You are buying a bicycle online.
Both are the same price, but one is handmade by a skilled professional with decades of experience, the other is made by a sketchy machine that even it's creators don't really understand... and sometimes uses square wheels instead of round.
Your choice.
Rolder
in reply to ShoeThrower • • •Irdial
in reply to ShoeThrower • • •Hyacin (He/Him)
in reply to Irdial • • •"consumer privacy" in this case would be your safety while on said bicycle, imo, and square wheels will send you for a tumble.
AI slop comes with security holes (see recent Tea business, and countless other examples). As a user of Proton services, paying actually quite a bit of money annually for that — and being that they talk a really big game about how secure and private they are — I expect their app to be MORE secure than your average mail client, not the same, and not very possibly LESS secure.
bitjunkie
in reply to irelephant [he/him] • • •PrivacyDingus
in reply to irelephant [he/him] • • •plm00
in reply to irelephant [he/him] • • •sunzu2
in reply to plm00 • • •Hmm.. Been looking into it myself recently. What's your issue with the user experience?
Seemed like a better email/call product all around plus extra 5gb for email storage
chortle_tortle
in reply to sunzu2 • • •like this
sunzu2 likes this.
plm00
in reply to sunzu2 • • •like this
sunzu2 likes this.
sunzu2
in reply to plm00 • • •Ok this landed...
Yeah coming from proton wrapper slopz it actually felt better but yeah it is still wrapper slop.
Us Linux girls, take what we can get. I ain't picky
Echedelle (she/her)
in reply to irelephant [he/him] • • •acute_kernel_panic
in reply to irelephant [he/him] • • •It might have been that some employee just tried out cursor and accidentally added it to the repo. That is true.
However the complete lack of communication suggests otherwise. And depending on your threat level you should always assume worst.
As for the use of ai in general, in my opinion there are occasional places where ai can be used without compromising security.
So depending on your threat level this can actually ne a big deal.
☂️-
in reply to irelephant [he/him] • • •yes, i'm fucking telling you guys so.
a dude that unironically praises a fascist is either malicious or very dumb. turns out he's ~~just~~ fucking dumb.
like this
TVA likes this.
HiddenLayer555
in reply to ☂️- • • •like this
TVA likes this.
☂️-
in reply to HiddenLayer555 • • •like this
TVA likes this.
Dataprolet
in reply to ☂️- • • •☂️-
in reply to Dataprolet • • •like this
TVA likes this.
Dataprolet
in reply to ☂️- • • •medium.com/@ovenplayer/does-pr…
Does Proton really support Trump? A deeper analysis (and surprising findings)
ovenplayer (Medium)pulsewidth
in reply to Dataprolet • • •Nuance? And a Lemmy.ml user?
You also have already failed the purity test by considering a different narrative.
Dataprolet
in reply to pulsewidth • • •☂️-
in reply to pulsewidth • • •talk about purity tests 🤪
please check out the fucking instance you are in.
☂️-
in reply to Dataprolet • • •what i said is that if this tweet doen't show he is a fascist, it definetly shows how dumb he is.
vibe coding security apps is dumb, as expected.
orca
in reply to irelephant [he/him] • • •Speaking as someone who hates generative AI but has been forced to adapt to using AI in the programming field to stay relevant, this doesn’t suggest they’re vibe coding. The programming world is the only place AI has actually added value (I should note it’s done some neat stuff helping with diagnoses in the medical world too), but like everything, you get what you put into it.
Feed it enough instruction and context, and it can handle the drudgery of things like tech debt updates and other things a programmer knows how to do, but would rather offload to a tool. I’ve had Claude do refactors like that while stepping through and reviewing every single change. It has saved me hours, spared me from hell, and made me look good at work.
That’s my grounded take as a person that has worked with Claude a ton.
But AI everywhere else? Fucking worthless. The whole point is to do the bullshit mundane tasks so that us humans can do art and passionate work, not the opposite.
hddsx
in reply to orca • • •orca
in reply to hddsx • • •I’ve had the greatest success with Claude. The company I work for basically let us all go wild with a few to trial, and Claude has been the best for all of us—even better than GitHub Copilot.
I pay for my own pro plan outside of work and use the VSCode plugin. I’d say read the quickstart guide and experiment with it. Start off with having it do smaller changes and don’t be afraid to be verbose. The more context, the better. Point it to existing files you want to follow the patterns of and model after; give it links to resources for best practices, etc. You can also use it in “plan mode” if you want to see its proposed approach before it starts editing.
I also recommend leaving it so that each change it makes requires your approval (it will do this by default and you can step through everything). That way you always have some control and if it does something dumb, you can stop it at that step and pivot with a different instruction. Alternatively, if you want to see it go ham and carry everything out without approval at each step, you can enable auto-accept.
Once you get into it, start looking into how to craft instruction files. You can have those at your disposal for things like writing tests, language-specific guidelines and practices, etc. That way you can make sure it uses those as a reference so you don’t have to give it the same instructions over and over with every prompt.
If you hate writing tests, I’ve had really good luck letting it handle that. I tend to use it more for the bulk tasks that suck. For things where I want more control, I work with it on a piecemeal basis in my project.
Mastering Claude Code Plan Mode: The Game-Changing Feature Every Engineer Needs
Riya (AGI In Progress)FauxLiving
in reply to orca • • •I use it for obscure methods that I don't know immediately and searching the documentation would take longer than just letting the AI write a code snippet and then looking at the functions that it uses if I don't recognize any.
It's kind of like searching, except I can ask for things in a more vague manner.
HiddenLayer555
in reply to orca • • •I'd say this is mostly because you can immediately test the AI's results and rule out anything it got wrong, and whatever errors you generate can then be fed back into the AI so it can refine what it's already written. You never have to just trust the AI (assuming you yourself still know how to code) like you have to when using it for research or for solving problems where you don't get immediate feedback.
Whether this means programming is actually a viable niche for generative AI or whether this speaks more to the limitations and inherent unreliability of the "knowledge" the AI has, I can't say.
Also, I don't know if it's just me but I'm more scared by how fast AI is advancing rather than looking forward to what it can do for me. That definitely clouds my perception when something is AI generated and makes me a lot more dismissive of any real benefits AI might have brought.
orca
in reply to HiddenLayer555 • • •Yeah, you get immediate feedback, vs a scenario where you have to manually check the “facts” it provides in order to ensure it’s not hallucinating. I’ve had Copilot straight up hallucinate functions on me and I knew that they were bullshit instantly.
I iterate with it a ton and feed it back errors it makes, or things like type mismatches. It fixes them instantly and understands the issue almost every single time.
That’s the trick. Iterate often and always give it new instructions if it does something stupid. Basically be as verbose as needed and give it tons of context, desired standards, pitfalls to avoid, whatever. It helps a ton.
18107
in reply to HiddenLayer555 • • •It will allow you to see if the AI has made any syntax or runtime errors. It does not tell you about any logic errors.
Logic errors are already the most dangerous kind of programming error, and using AI just makes them even harder to find.
Using AI will only help you with syntax (which any good IDE should already be able to do) and finding information faster than a search engine (but leaving out important context). AI is not useful for programming anything that will be made public.
iglou
in reply to 18107 • • •The danger of vibe coding is that the people doing it either don't have the skills to or don't think it's importsnt to review the AI changes.
If you work with an AI and instead of taking time typing through boring tasks, take time reading through the changes, them there isn't much of an issue. A skilled software engineer is capable of noticing logic errors in a code they read.
If the generated code is too unmecessarily complex to ensure its logic is okay, then scrap it.
I don't use it in that way (only use JetBrains' line completion AI) but I don't see a problem if it is used that way.
However, if I review a code that was partly generated by AI and notice that the dev let through shitty code without review, the review will be salty.
Soapbox
in reply to irelephant [he/him] • • •like this
TVA likes this.
x1gma
in reply to irelephant [he/him] • • •Just because they are using Cursor, it doesn't mean that they are vibe coding. Anyone grabbing their pitchforks for that and screaming "they are vibecoding" only shows their own incompetence.
If they would be vibecoding, their whole software would've gone to shit long ago.
Just because some random people without an engineering background are using vibecoding to push their broken slop, it doesn't mean that any kind of AI assisted coding is bad.
xthexder
in reply to x1gma • • •like this
TVA likes this.
x1gma
in reply to xthexder • • •There probably will be people who are gonna review the code and see how much of it is probably LLM generated, and then we will know.
I still think that it's pretty much impossible to vibe code something on that scale, but I haven't seen their cursorrules either.
MotoAsh
in reply to x1gma • • •x1gma
in reply to MotoAsh • • •deaddigger
in reply to x1gma • • •x1gma
in reply to deaddigger • • •ObsidianZed
in reply to irelephant [he/him] • • •For added clarity:
github.com/ProtonMail/WebClien…
WebClients/.cursor/rules/proton-inbox.mdc at b4453c3f111d23d44ab96ceda4181812f2abd673 · ProtonMail/WebClients
GitHublike this
TVA likes this.
Uninvited Guest
in reply to ObsidianZed • • •Non programmer here: This is the first time I've seen a cursor file but I genuinely like how it reads. It's like a business analyst wrote a coding requirements doc. I'd be thrilled if my staff asked 4-6 thoughtful questions when given a goal with an open ended approach.
For which LLM are cursor files used?
NotMyOldRedditName
in reply to Uninvited Guest • • •Cursor is just an IDE (integrated development environment), you can set it up to use all sorts of LLMs either directly through Cursor, or with your own API keys for the sources.
This file content just goes into the initial context to help the LLM act how you want.
Fuck Work
in reply to irelephant [he/him] • • •like this
TVA likes this.
Jankatarch
in reply to irelephant [he/him] • • •jokeyrhyme
in reply to irelephant [he/him] • • •AHemlocksLie
in reply to irelephant [he/him] • • •dogs0n
in reply to AHemlocksLie • • •Spammers and blacklists may not be as big of an issue as you think, as long as you don't share you real email with untrusted apps (eg: only use email aliases from something like Simplelogin or anonaddy).
Nevertheless you could always setup your own domain with an email service, which lets you more easily migrate platforms.
I believe simplelogin lets you change your mailbox for aliases so in an even that you are changing email address, you can redirect those too.
Evotech
in reply to dogs0n • • •That's not the issue
It's a massive pain to actually get your emails to be received if you use a random self hosted ip
dogs0n
in reply to Evotech • • •Oh i guess thats what they meant by blacklist, was not thinking of ip reputation? If that's the issue, I have never experienced it, I believe there are tools you can use to see if your ip is bad and in that case u can probably ask ur isp for a new one (if u pay for static ip).
My other advice for using your own domain still stands, makes it a lot easier to swap around providers.
Electricd
in reply to Evotech • • •vga
in reply to irelephant [he/him] • • •Mio
in reply to irelephant [he/him] • • •I dont see any problem with AI coding. It can be done without the editor supporting it by just asking for a function like please implement a sort function given a list of numbers.
Proton code is open source, so all AI agents have already read everything. You as user just have to do the code review, fix it and test. I am not seeing any problem here.
pheggs
in reply to irelephant [he/him] • • •