and for the users at home playing the drinking game: of course this weird fuck’s been giving dangerously bad advice on privacy lemmy, why wouldn’t he be
I ain’t gonna dig any deeper to find out if privacy Typhoid Mary over here has a uniquely bad gpg setup he loves but if anyone does: that’s another shot
e: also lol @ coming into TechTakes with an account named after the fucking cypherpunks mailing list
How many of their users do you think are sufficiently paranoid?
for fucking Proton of all things? come the fuck off it.
the rest of your post is wrong, but in a really boring way? like, you get that there’s a bunch of ways to catch this shit but want me to do the labor of proving that it’s possible for some reason? no, fuck off, go cosplay as a privacy expert elsewhere.
that’s utterly trivial for a sufficiently paranoid user’s browser to detect, and damning for proton if it is (not to mention, pushing hostile JavaScript doesn’t work for users on the imap bridge or using mobile apps they update via methods that can’t easily be tracked like Obtainium on Android)
the mechanisms proton uses to exfiltrate encrypted data and get their users arrested are far more subtle and deniable than that basic shit. specifically, they’ve been silently overcomplying with law enforcement data requests for years, which has led to documented arrests of activists, and all of their LLM features represent a significant data leak, as all of them are implemented in a way that sends cleartext to proton’s servers while maintaining the illusion that the feature is more secure than it is.
I wouldn’t be at all surprised if they were doing more evil shit than the above, but I would be very surprised if any of it were in the form of JavaScript that the user could, you know, deobfuscate and read
ah right, you only care about vague consolidation in the tech industry, but will take the industry’s word at their self-reported energy usage (while they build massive datacenters and construct or reopen polluting energy sources, all specifically to scale out LLMs) and don’t care about the models being fed massive amounts of plagiarized work at great cost to independent website operators, both of which are mechanisms by which LLMs are being used as a weapon with which to consolidate the tech industry under the rule of a handful of ethically bankrupt billionaires. but it’s ok, Claude Code is a massive improvement over the garbage that came before it — and it’s still a steaming pile of shit! but I’m sure going to bat for this absolute bullshit won’t have any negative consequences at all.
how about you fuck off, bootlicker.
404media posted an article absolutely dunking on the idea of pivoting to AI, as one does:
media executives still see AI as a business opportunity and a shiny object that they can tell investors and their staffs that they are very bullish on. They have to say this, I guess, because everything else they have tried hasn’t worked
wait til you find out what the ml does stand for, it’s a real trip (and it sure as fuck ain’t Mali)
holy fuck please learn when to shut the fuck up
oh fuck off
this particular abyss just fucking hurts to gaze into
the reason why we’re calling AI a bubble isn’t because we think the people illegally running gas generators to power their datacenters have suddenly grown a conscience
we’re calling it a bubble because just like with NFTs, there’s no use case for LLMs or generative AI that stands up to even mild scrutiny, but the people funneling money into this crap don’t seem to have noticed yet
no ❤️
what the numbers show is that nobody gives a shit. nobody’s paying for LLMs and nobody’s running the models locally either, because none of it has a use case. masturbating in public about how invested you are in your special local model changes none of this.
case in point: you jacked off all night over your local model and still got a disappointing result
no, you fuckers wandered into an anti-AI community and started jacking off about local models
no fucking thanks
hey so I got this letter from OSHA saying you’re no longer qualified to post here? please step away from the forklift
no it isn’t, your posts are still shit
this is the happy honeymoon phase?
this marriage is fucked
Yudkowsky got wind of his skepticism, and reached out to Ross to do a discussion with him about the topic. He also requested that Ross not do any research on him.
I pinky promise I’m an expert! no you’re not allowed to check my credentials, the fuck?
exactly, it’s not a problem that’s unique to the web. I’d argue that as an execution environment, the browser has properties that make it slightly easier to catch this class of attack (though as you said, we’re in halting problem territory so there’s no universal check for this kind of thing):
and I do have to emphasize that last bit. I’m not here to praise Proton, I’m here to bury it correctly. if the worst thing you’ve got to say about proton is that an SLA could request a custom JS exploit be sent to your browser, then it’s probably still a perfectly fine service to use if you’re just chatting with your grandma and your drug dealer, depending on your threat model. I’d argue that Proton isn’t suitable for anybody, because the class of attacks they’ve enabled allow for quiet mass surveillance, rather than the motivated (and loud) targeted kind.