cross-posted from: https://lemmy.dbzer0.com/post/50693956
Transcript
A post by [object Object] (@zzt@mas.to) saying: courtesy of @davidgerard@circumstances.run, Proton is now the only privacy vendor I know of that vibe codes its apps: In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure! I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957
It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f
given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public
You must log in or register to comment.
The worrying part is rewriting repository history to cover it up
Plug for Tuta. 🤷♂️ The user experience isn’t the best, but it’s as secure as it gets. Small team, no vibe coding.
yes, i’m fucking telling you guys so.
a dude that unironically praises a fascist is either malicious or very dumb. turns out he’s
justfucking dumb.I object to your wording of “just” fucking dumb. They’re not mutually exclusive, he’s definitely evil as well.
thats a good point. fascists are always sus in many ways.
Who are you talking about?
the ceo of the company
And you think Andy Yen supports Trump because of a single Tweet?
https://medium.com/@ovenplayer/does-proton-really-support-trump-a-deeper-analysis-and-surprising-findings-aed4fee4305ewhat i said is that if this tweet doen’t show he is a fascist, it definetly shows how dumb he is.
vibe coding security apps is dumb, as expected.
Using Cursor =/= “Vibe Coding” people need to really stop with getting jumpy about everything in such a way.
It might have been that some employee just tried out cursor and accidentally added it to the repo. That is true.
However the complete lack of communication suggests otherwise. And depending on your threat level you should always assume worst.
As for the use of ai in general, in my opinion there are occasional places where ai can be used without compromising security.
So depending on your threat level this can actually ne a big deal.
I’m not sure why being a “privacy vendor” forbids you from using AI tools in your development process
What’s a good alternative VPN provider in EU, not based in Italy? Mullvad is not an option, port forwarding is an absolute requirement.
Also, is there anything out there that ties password/account management and temp emails together as well as proton pass?
Unsure but you could check out bitwarden for your second question
I also use bitwarden (work), and it only does password management. It doesn’t do email and alias generation.
