Hi
Managers are always touting the use of AI—I use it extensively, even with highly sensitive personal data. My tool of choice is Proton Lumo+, as the quality of its responses is impressive.
My question: Are there any valid privacy concerns regarding Lumo+ that I, as a user handling such data, might be overlooking?
I think Lumo is based on the trust that Proton conveys, but they don’t use TEE nor some revolutionary technology.
You may also want to consider using @Informity for all your document processing needs with AI. This is all local and is as private as it can be.
Yes, personal information sent to LLMs may be exfiltrated by maliciously crafted prompt injections, among other attack vectors.
Appreciate the referral, CloakedNetizen!
@Kris if you’re looking for something fully local, Informity AI might be worth a try — everything runs on your machine, nothing uploaded anywhere, open source (MIT license).
what is TEE?
Thank you for recommendation.
But it’s not in homebrew 
Trusted Execution Environment.
@Informity didn’t I tell ya
I too hope its in there soon.
A Trusted Execution Environment is a segregated area of memory and CPU that’s protected from the rest of the CPU by using encryption. Any code outside that environment can’t read or tamper with the data in the TEE. Authorized code can manipulate the data inside the TEE.
It protects what’s running in it from the rest of the CPU, but it still processes data in the clear. It’s a step up from not using it, but it’s still possible to exfiltrate data from TEEs since the data is decrypted.
Homebrew distribution is now available: GitHub - informity/homebrew-tap: Informity Homebrew · GitHub
You can install and upgrade Informity AI through this tap now. I’ll work on submitting to the official Homebrew repository down the line, but this should get you going in the meantime. Let me know if you run into any issues.
Please link the PR when you are ready. Thank you.
What’s going on with the Homebrew maintainers? They reject your Cask and don’t give any reason at all? That’s really annoying.
@Kris Indeed. Not really sure what the issue is - I did everything that was required. Oh well…
I will try to resubmit in the future. Meanwhile, users can still use my custom tap GitHub - informity/homebrew-tap: Informity Homebrew · GitHub
Personally, I don’t see any reason to add a completely vibe-coded app with only 27 stars on GitHub that literally scans personal files on the device either. One update and these files will start flying to the developer’s cloud.
It’s very easy to verify this is not the case. It’s a non issue.
What exactly can be verified? That the application is not vibe-coded?
Non issue? As far as I know, brew auto-updates without maintainers, such an application can become malicious at any moment. The developer themselves is unknown, and the GitHub account has only been active for about 2 months.
How you know it’s vibe-coded?