this post was submitted on 03 Aug 2025
521 points (93.6% liked)

Technology

73677 readers
3773 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
521
Proton’s Lumo AI chatbot: not end-to-end encrypted, not open source (pivot-to-ai.com)
submitted 3 days ago by Pro@programming.dev to c/technology@lemmy.world
125 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] cley_faye@lemmy.world -5 points 2 days ago (2 children)

Yes. They support IMAP. Which means, IMAP client can read your mails from the server. IMAP protocol does not support encryption, so any mail that does not add another layer of encryption (like GPG with encryption) implies that your mail is available in plaintext through IMAP, and as such, on the server.

If that's not enough, when you send a mail to a third party that just use plain, old regular mail, it is sent from their (proton's) SMTP server, in plaintext. Again, unless you add a layer of encryption (assuming the recipient understands it, too), it's plaintext. On the servers.

Receiving is the same; if someone sends a mail to your proton address, is shows up in full plaintext on their SMTP server. Whatever they do after that (and we've established it's not client-controlled encryption), they have access to it.

In the case of GPG with encryption (not only for signature), then the message is encrypted everywhere (assuming your "sent" folder is configured properly). But that requires both you and the other party to support that, which have nothing to do with proton; you could as well do that over gmail.

So, no, not a bold claim. The very basic of how emails standards works requires it.

Now, I'm not saying that Proton have nefarious plans or anything. It is very possible that they act in good faith when they say they "don't snoop", and maybe they even have some proper monitoring so that admin have a somewhat hard time to check in the data without leaving a trace, but it's 100% in clear up there as long as you're not adding your own layer of encryption on top of it, and as such, you, as the user, have to be aware of that. It might be fully encrypted at rest to prevent a third party from fetching a drive and getting data, logs might be excessively scrubbed to remove all trace of from/to addresses (something very common in logs, for maintenance purpose), they might have built-in encryption in their own clients that implement gpg or anything between their users, and they might even do it properly with full client-side controlled keypairs, but the mail content? Have to be available, or the service could not operate.

[–] DeathByBigSad@sh.itjust.works 7 points 2 days ago

Protonmail does not support IMAP, what they have is a program called Proton Bridge that locally decrypts you email then you can set it up so that your IMAP client then reads from Proton Bridge, giving you a seamless experience with one email client having access to all your email accounts.

[–] EncryptKeeper@lemmy.world 7 points 2 days ago* (last edited 2 days ago) (2 children)

They support IMAP. Which means, IMAP client can read your mails from the server.

Proton mail does not support IMAP. Because your emails are encrypted on the server.

Again, unless you add a layer of encryption (assuming the recipient understands it, too), it's plaintext. On the servers.

Protonmail doesn’t claim that non-protonmail email is end to end encrypted. Any emails sent to a regular email without third party encryption will be plain text through the SMTP server, but they don’t store it. So in this case they are still not storing your emails in plaintext. Your recipient will, but that’s out of Protonmail’s control.

shows up in full plaintext on their SMTP server. Whatever they do after that (and we've established it's not client-controlled encryption), they have access to it.

You’ve not established that at all. Protonmail stores that message with client side encryption and they have no access to it. Nothing you’ve brought up here suggests that anything is stored in plaintext on Protonmail servers.

[–] cley_faye@lemmy.world 2 points 2 days ago

I'll just repost the same message here, for completion sake.

Well, I've been had. There is no IMAP support indeed, during my quick lookup around it, I ended up on a website that does look a lot like a real documentation that claim it does. My bad.

The point about sending and receiving messages in cleartext stands, as SMTP works that way, but at rest it is possible they're keeping them encrypted.

[–] cley_faye@lemmy.world 1 points 2 days ago

Well, I've been had. There is no IMAP support indeed, during my quick lookup around it, I ended up on a website that does look a lot like a real documentation that claim it does. My bad.

The point about sending and receiving messages in cleartext stands, as SMTP works that way, but at rest it is possible they're keeping them encrypted.