tinsukE

Sir/madam/gentleperson, I commend your humbleness and civic posture in this conversation.

Holy crap! It’s as if I had access to this blog post beforehand!

Joke aside, it is still a “trust me bro, we don’t keep your clear text history” security model. AKA no guaranteed privacy.

https://proton.me/blog/lumo-security-model

From their own response (and due to logical thinking about how the LLM service works): https://fosstodon.org/@notesnook/114927444378333659

Strictly speaking, if you consider Lumo’s GPU servers to be one of the “ends”, then yeah, it is E2EE (you and the server being the ends).

But Proton own the GPU servers, and therefore have access to their private keys, so they can decrypt your messages as they arrive, before they’re deleted, which happens after they’re encrypted with your asymetric key (so only you can read it) and stored with zero-access.

I don’t consider this safe. In a system where you are only interfacing with a computer (and not other users), E2EE should mean that only you have access to the unencrypted data, at any given time. Which is how Proton Drive works.

Stated can be a long way away from reality. That website statement can be changed at a whim and doesn’t have any legal binding.

If you wanna rely on encryption to protect your privacy, you have to be encrypted/protected from the service provider too, that’s what E2EE is all about, and what many of Proton’s services provide, but Lumo not.

Keywords being “stored” and “history”.

The LLM doesn’t operate with encryption, so it is served and extrudes unencrypted data.

Proton operates the LLM, meaning Proton has access to your unencrypted data.

Comparatively, Proton Drive doesn’t leak your files’ contents at any point, even to Proton.

“Private” as in only you and Proton can access the messages’ unencrypted contents?

This is a far cry from any other of their products where they can’t access the user’s data.

https://fosstodon.org/@notesnook/114927444378333659

Sigh, feels bad that my subscription is paying for this kind of crap.

Oh, you’re right.

It seems to have been implemented and working on 138, but broken since 140 (my current version), with a fix scheduled to come on 142.

I’m looking forward to that one!

Oh, I meant mutual TLS by “it”. Edited.

That’s no bug, mTLS just isn’t implemented on Firefox (for Android) currently.

There are 2 proposed solutions on that thread:

1. It was possible on old versions of FF, but not the current ones. I believe this to be related to the versions prior to the revamp that happened circa 2020. (the author refers to a version that was already “old” by 2022). So it was something supported on OG Firefox, not not on the new (current, by 5 years already) version.
2. Using the debug menu’s secret settings to enable “Use third party CA certificates”. This is available on current FF, but that’s no mutual TLS. It is about allowing CA certificates that you installed yourself on your device for server TLS auth.

Tried it and it was a breeze to set it up with Caddy!

Problem was… lack of client side support, specially on mobile.

Many (most?) client apps don’t support it.

Use the PWA from your browser, you said? I hope you like Google and using Chrome, because Firefox for Android doesn’t support it (mTLS) 😭 (for now, see replies)

Glad to hear!

And the developer is quite responsive, open up a GitHub issue with the details and I’m confident it’ll get sorted out.

He’s also on Mastodon: https://mastodon.social/@_jocmp

Not exactly what you asked, but if you’re gonna read from Android, I highly suggest CapyReader.

I highly recommend trying CapyReader for mobile, it is much snappier!

Yes it is!

Although I can’t migrate from CORE and have the service migrated seamlessly unless I use VMs.

And I don’t know docker containers, so it is something else I’d have to learn and understand. If I have to choose, I’d probably learn LXN/Incus instead.

I’ve been slowly, but steadily, migrating the services I run on my TrueNAS CORE (FreeBSD) from Jails to Debian VMs so I can migrate to TrueNAS 25 (no more SCALE it seems, and Linux) around April without many hurdles, hopefully.

Besides having to learn some systemd, it has been a smooth ride.

Now I’m down to the last 2 services, which I think are the most complicated setups I have and with no nice deb packages to ease installation: Paperless-ngx and Photoprism.

I’ll probably look into playing with Containers (LXC/Incus) to have the same lightweight and efficiency as Jails once the migration to Linux is done. But honestly, if everything is running nicely, I won’t be very motivated to do so, let’s see.

I wrote red soil, but more specifically, where I lived there was Terra Roxa (purple soil?), which seems to be a kind of red soil according to the English Wikipedia page: https://en.m.wikipedia.org/wiki/Terra_roxa

And it is the prevalent soil on the north of the state of Paraná, regarded as Brazil’s agricultural barn: https://en.m.wikipedia.org/wiki/Paraná_(state)

So it does confuse me that the state’s soil would be unfertile, as I grew up learning how good it was and surrounded by prosperous farms.

The Portuguese Wikipedia page does talk about it being fertile (no English translation): https://pt.m.wikipedia.org/wiki/Terra_roxa

So maybe it isn’t a type of red soil in the end; or there are some types of red soil that are (very) fertile.

Brazilian here. Perfectly safe (color-wise; of course it can be polluted as hell despite its color, just like any other river).

Our ground/mud has a different color. Some areas on the south even have a red soil (very fertile, but makes everything about ground level look dirty very quickly): https://en.m.wikipedia.org/wiki/Red_soil

There’s great variety of water colors even in the same area, just search for images “meeting of the waters Manaus”:

I had it initially setup to run on Wi-Fi too, battery or charging.

Then I had my battery drain to 30-40% during afternoons, when I’m used to reaching evenings above 60%. Check app usage on settings: Syncthing.

Since I use it mostly for backing up photos, I found it better to enable it only when charging.

Syncthing.

Just configure it to only run while plugged to the wall, so you’re not surprised by the rare bug of it randomly turning your phone into a pocket warmer.