Proton markets Lumo as "open source," but support calls it a "long-term intention, not the instantaneous state"

Hello,

I’m hoping to get some perspective on a recent interaction I had with Proton support that has left me feeling concerned.

I was looking into Proton’s new AI thingy, Lumo, and was really encouraged by this claim on their website:

"Unlike other AI assistants, my code is fully open source, so anyone can verify that it’s private and secure — and that we never use your data to train the model.” (Source: https://lumo.proton.me/about)

Naturally, I wanted to check out the code. When I couldn’t find it, I reached out to support to ask for a link. After some back and forth, this was the official response I received:

"The statement on our website reflects our long-term intention and the values we stand for, not necessarily the instantaneous state upon launch.”

But that just doesn’t sit quite right with me. Framing a factually incorrect statement on their website as a “long-term intention” seems to go against the transparency I expect from Proton.

What I’m struggling with is that Proton has done this correctly before. As far as I can tell, when they recently launched Proton Authenticator, the source code was available from day one. They clearly know how to do a proper open-source launch, which makes the choice to market Lumo as open source before it’s actually ready feel misleading.

My trust in Proton is built on my ability to believe what they say. This idea that their website might reflect future goals instead of current reality really shakes that foundation.

Am I overreacting here? I genuinely want to give them the benefit of the doubt, but this feels like a significant misstep for a company whose entire brand is built on trust.

They always do this. They do release the code and keep their promise a little later and not immediately after release of their newest product. This is actually a well known thing Proton does with how it open sources things eventually. Proton Authenticator appears to be an outlier here. AI/Lumo is a bigger product so they may be ironing some things out. But I have no reason to doubt it is not indeed open source in spirit today. They just have to make it so.

This is more a non issue for me but I do see your point too. They should ideally, in a perfect world, release it all when they release the product - but such is not the case.

They really shouldn’t call something open source until its actually open source. I think this is clearly what the PG “deceptive marketing” criteria is meant to avoid.

Not that I think Proton deserves to be delisted for this, especially since its just Lumo, but people have pulled out their pitchforks against other projects doing similar things.

It would be nice to get more clarification from @Proton_Team about this seemingly deceptive marketing.

Their statement is clearly untrustworthy. I agree.

But to go a bit further than the initial question, if you care about the source code availability :

How do you know the code running on the server is the same than the code in the repository ?

This statement being true or not does not change the amount of confidence you have to put in Proton.

Yes it does, your presenting a false dichotomy. There is a difference between verifiably lying to your customers for marketing and a slippery slope fallacy that they might be doing something nefarious we can’t see.

Even with fully FOSS apps and tools, at some point you have to trust that they have compiled the code as it looks open sourced and not done anything with it. How do we know anything? In the end, it’s that last bit of trust in the other is what makes anyone believe such is a case with whatever one is talking or thinking about?

What I am hung up on mostly is that they heavily leverage this point in their marketing. They have this graphic they show on both the official Lumo page ( About Lumo, the privacy-first AI assistant | Lumo by Proton ) and on the announcement blog post ( Introducing Lumo: AI where every conversation is confidential | Proton ), where they directly compare Lumo to the big players by saying that it is open source, and the others aren’t.

To me at least, it doesn’t feel right that they’re outright, to my face, lying about it being open source.

Also, I really don’t want to go into FUD territory, but the line "The statement on our website reflects our long-term intention and the values we stand for, not necessarily the instantaneous state upon launch” implies that they would be willing to have other incorrect information on the website as long as it’s something that’s planned for the future.

An argument could be made that Proton’s marketing definitely needs some more polishing with how they present a newly released product with all the facts that are true today and that they should clearly mention their promise for FOSS for said product is coming soon and is not immediately the case.

But I won’t go so far as to call them liars in a broad sense because they are not that kind of a company or engage in shady practices.

I am not trying to shill for them, technically, they are liars today but is only temporary - and we know that this is how they do things so there is still trust that they will open source it once they are ready to do so (hopefully soon enough).

But like I said, I do see everyone’s point here. They could and should do better.

Can’t argue with this. They should know better. The privacy community is a finicky bunch when it comes to promises, fact, truth, and FOSS.

Maybe you have a more elastic definition of “liars” but to me its people who say things that they know are false, as if they are true. Such as “this product is Open Source” when its not.

I agree. I think while this is disappointing, I am not all of sudden ready to abandon the company and its products.

I agree. But perhaps to play devil’s advocate, I feel like they should have corrected the marketing when I first asked almost three weeks ago now. Like, in theory, there exist people that have purchased a subscription, an expensive subscription, separate from the Proton suite, under the false expectation of the increased reliability/trustworthiness that typically comes from open-source.

Yes.

Albeit, I’m still pretty sure and confident that it is still private and secure as they claim today, just not open sourced yet.

"Unlike other AI assistants, my code is fully open source, so anyone can verify that it’s private and secure — and that we never use your data to train the model.” (Source: About Lumo, the privacy-first AI assistant | Lumo by Proton )

"The statement on our website reflects our long-term intention and the values we stand for, not necessarily the instantaneous state upon launch.” (Proton’s official response)

I confirmed the page still says “my code is fully open source.” I wouldn’t call Proton liars but to me this is deliberately misleading and not an honest mistake. If it were just a “long-term intention” they would have said “my code will be fully open source” to begin with or corrected the statement after receiving feedback from @vnixxa31.

Given the misleading marketing and no one can view the source code, right now I would avoid using it and tell everyone to avoid using it.

That is a perfectly valid point. Without the assurance you asked about, Proton could just publish source code for something different to what runs on their servers. However, unless there is an easy solution I don’t know about, at this point in time I would blame lack of availability of a technical solution.

Mega has an interesting implementation with their browser extension, which hosts all the code locally. It’s not the most scalable solution though of course, imagine having to do that for every E2EE web app.

When it comes to Proton Mail running a bridge is probably safer. With Lumo, the safest option is probably to not use it at all

It’s really too bad that it’s not open source. I was extremely excited by the idea of “zero-access encryption” being applied to an AI model that runs on a server. I have absolutely no idea how this could be achieved. My understanding is that the models will always need access to the plaintext of the message, meaning that it must be decrypted server-side.

However, it is also possible that I was reading too much into empty marketing claims.

They encrypt your chat history but the AI can see everything while it’s processing it.

That is what I assumed was the case. However, wouldn’t that disqualify it from being zero-access encryption? I could absolutely be misunderstanding something, but I was under the impression that zero-access implies that data only ever exists in plaintext on the user’s device.

Proton recently released this article about Lumo’s security model, which you might want to read.

Well, Proton said:

At-rest zero-access encryption for conversational history

Proton can see your conversation when Proton is processing it. You have to trust them to not doing anything nefarious at that moment. It is “trust me bro” encryption.

I guess I was confused by the line further down: “Yes, I am one of the safest AI chat assistants available, thanks to zero-access encryption and Proton’s strict no-logs policy. Your data remains on your device…”

After reading through the article about Lumo’s security model, I’m glad they’re being transparent about the limitations of the technology in this regard. However, I think it’s safe to say that it is a little bit confusing when they sometimes neglect to mention that it is only the history that is zero-access. Especially since their security model seems to miss the point of zero-access encryption.