Latest news with #AndyYen


Fast Company
23-07-2025
- Business
- Fast Company
Proton's new Lumo AI is all about privacy
Proton is getting into generative AI with an assistant called Lumo, which it pitches as a more private alternative to ChatGPT. While Lumo will offer a similar chat-based interface with support for web search and file analysis, Proton says it won't store records of users' conversations or use them to train AI. Lumo is available for free on the web and mobile devices, with an optional $13-per-month or $120-per-year subscription for unlimited chats, extended chat history, and larger file uploads. Andy Yen, Proton's founder and CEO, says Lumo is a way for people to utilize AI assistants without having to worry about how their conversations could be used. 'I think it's critically important, given the amount of sensitive information that we are dumping into AI, that there be a private alternative,' Yen says. Why you might want Proton's private AI It's already possible to maintain some privacy while using major AI tools. ChatGPT, for instance, offers a setting to opt out of training OpenAI's models. It also provides a 'Temporary Chat' feature for conversations that don't appear in your chat history or affect what ChatGPT remembers about you. Google's Gemini also lets users opt out of model training through a Gemini Apps Activity setting. But those settings are not the default, and neglecting them effectively sends your data into a black box. Once your data's been fed to a model for training, it can be extremely difficult to remove, and some providers, including Google, will even show a subset of conversations to human reviewers without disclosing when that happens. ChatGPT also warns that its 'Temporary Chat' mode still stores conversations for up to 30 days for safety reasons. 'Before we created Lumo, I'd use ChatGPT sometimes,' Yen says. 'But then I'd feel really dirty after using it, because who the hell knows what Sam [Altman, OpenAI's CEO] is going to do with all my data?' Proton isn't the first company to offer a more private alternative. The privacy-centric search engine DuckDuckGo launched its own AI tool, last year, with a similar promise not to keep a record of users' conversations or use them for AI training. The difference is that DuckDuckGo has arrangements with major AI providers such as OpenAI and Anthropic, and it sends queries to their servers through a proxy that removes personal information. Those AI providers have promised not to use conversations for training purposes. Proton isn't involving major AI providers at all. Instead, Proton's Lumo AI uses a mix of open-source models that the company runs on its own servers. While conversations aren't end-to-end encrypted, Proton says it doesn't keep logs of users' chats, and conversations are decrypted only on users' devices. 'We're giving people a very clear guarantee of privacy in that your chat history is never going to be saved, logged, or even accessible to us, because it's encrypted in a way that we cannot actually decrypt it,' Yen says. And why you might not Proton's privacy-centric approach has trade-offs, both with its other products and with Lumo. With Proton Mail, the company can't offer server-based email search because it has no way of accessing users' email contents. Instead, Proton builds a local search index on each device where the Mail app is stored. I recently moved away from Proton Mail in large part because the search function was too unreliable. In the case of Proton's Lumo AI, its capabilities are already more limited than other assistants. It can't connect to other apps and services—though Yen says integrations with Proton's email service and document editor are possible—and it can't tailor its responses based on past conversations, akin to ChatGPT's ' Memory ' feature. Its mobile app offers voice input, but not a free-flowing voice conversation mode. Proton also hasn't disclosed which open-source models it's using, and they may not be on par with state-of-the-art models from companies like OpenAI and Anthropic. Yen says he hasn't noticed any issues in his own use of Lumo, but acknowledges that some trade-offs are likely. 'If you want to do things in a privacy-first way, there are going to be sometimes compromises that have to be made,' he says. 'It's a new way of doing AI, new ground that we have to break.' What it means for Proton For Proton as an organization, a foray into generative AI could also make some users uneasy. Proton has always prided itself on running a sustainable business that doesn't rely on venture capital or public shareholders, and it now operates as a nonprofit. Generative AI, meanwhile, is famously a money pit, and like other AI providers, Proton will be offering Lumo access for free. More broadly, AI competes on some level with human creativity and employment, and it uses vast amounts of energy. Proton has already faced a backlash from some of its users after adding AI writing tools to its document editor, then invoked a similar backlash days later with a foray into cryptocurrency wallets. Yen's feeling is that AI represents the future of the web and isn't going away, so Proton should offer a private alternative. While Proton will likely lose money at the outset, that was also the case when it entered the VPN and email businesses. Yen believes the organization can operate AI efficiently and can always adjust what it offers for free if the losses pile up. 'We believe strongly that this is the right thing to do for the world at this moment, and we're going to pursue it even if it ends up costing us money,' Yen says. 'But of course we're not going to compromise Proton overall financially.'


The Verge
23-07-2025
- Business
- The Verge
Proton is launching a privacy-focused AI chatbot
Proton, the company behind the encrypted email service Proton Mail, has launched an AI assistant aimed at preserving user privacy. The new chatbot, called Lumo, can summarize documents, generate code, write emails, and more, while storing data locally on users' devices. Proton says it will protect this information using 'zero-access' encryption, which grants users an encryption key that only they can use to view their content, preventing third parties, including Proton, from accessing the information. This helps ensure that Proton can't share user data with advertisers or governments, or use it for training large language models, Proton says. Though Lumo comes with the ability to search the web, Proton turns this feature off by default to 'give users maximum privacy.' If users enable the feature, Lumo will search the web for answers using 'privacy-friendly' search engines. Additionally, Proton says Lumo can analyze uploaded files, but it doesn't save any of its information. Users can link Proton Drive files to Lumo as well, which are supposed to stay end-to-end encrypted when interacting with the chatbot. Proton positions its AI chatbot as an alternative to the ones offered by larger companies, like OpenAI's ChatGPT, Meta AI, Google's Gemini, and Microsoft Copilot. 'Big Tech is using AI to supercharge the collection of sensitive user data to accelerate the world's transition to surveillance capitalism,' Andy Yen, the CEO and founder of Proton, says in the announcement. 'Our vision for Lumo is AI that puts people ahead of profits.' Lumo is powered by several open-source large language models that run on Proton's servers in Europe, including Mistral's Nemo, Mistral Small 3, Nvidia's OpenHands 32B, and the Allen Institute for AI's OLMO 2 32B model. The AI chatbot will field requests through different models depending on which is better-suited for the query. 'For instance, programming-related questions are handled by OpenHands, which specializes in coding tasks,' Proton spokesperson Betsy Jones tells The Verge. You can access Lumo now by heading to or downloading the Lumo app for iOS and Android. Users who don't have an account with Lumo or Proton can only ask the chatbot a 'limited number' of questions each week, and they won't be able to access their chat histories. Meanwhile, users with a free account can view an encrypted chat history, upload small files, and favorite a limited number of chats. There's also a $12.99-per-month Lumo Plus plan for access to unlimited chats, extended encrypted chat history, unlimited favorites, and the ability to upload large files. Posts from this author will be added to your daily email digest and your homepage feed. See All by Emma Roth Posts from this topic will be added to your daily email digest and your homepage feed. See All AI Posts from this topic will be added to your daily email digest and your homepage feed. See All News Posts from this topic will be added to your daily email digest and your homepage feed. See All Privacy Posts from this topic will be added to your daily email digest and your homepage feed. See All Security Posts from this topic will be added to your daily email digest and your homepage feed. See All Tech


Tom's Guide
04-06-2025
- Business
- Tom's Guide
Infomaniak breaks rank and comes out in support of controversial Swiss encryption law
In Switzerland, some of the best VPNs are in the firing line as a result of the country's proposed changes to encryption laws. The law's revision would extend surveillance obligations and require companies to collect information and identification on their users – a move that would significantly impact online privacy. Swiss-based VPNs Proton VPN and NymVPN would be affected, and Proton CEO Andy Yen said the privacy-focused company would rather leave its Swiss base than risk the privacy of its users. The most private VPNs uphold strict no-logs policies and collect very little information about users. This law would see these policies undermined. Despite widespread opposition from across the country, Swiss cloud security company Infomaniak is supporting the law. Infomaniak describes itself as an "ethical cloud" company and one that doesn't compromise on "ecology, privacy, or people." It's surprising, then, that they are seemingly the only privacy-focused company in Switzerland supporting the law change. In a debate on Radio Télévision Suisse (RTS), and reported in Clubic, Infomaniak spokesperson Thomas Jacobsen addressed Andy Yen's comments on the law. Jacobsen believed Yen showed a "lack of knowledge of Swiss political institutions" and called for finding the right balance, not looking for extremes. Infomaniak argued that anonymity prevents justice, saying there must be a "happy medium" to prevent the digital landscape becoming a "Wild West." Proton was cited as a company that advocates for anonymity, but this isn't technically the case. Proton, and Proton VPN, advocates for privacy – and there is a subtle but important difference between the two. Confusing privacy and anonymity is common – a Tom's Guide VPN survey found that 29% of readers think VPNs make you anonymous – but they don't mean the same thing. Anonymity is when your identity isn't known and no trace of your activity is left behind, with the Tor Network being an example. VPNs protect your data and your privacy. Many can still see some identifiable information and most don't claim to offer anonymity. Although your data is encrypted and reputable VPN providers can't see your internet activity, they can still see your connecting IP address and your payment information. The key point is that they never log or share it. Hackers, third-parties, or your ISP can't see what you're doing, and that is the privacy VPNs offer. Infomaniak is incorrect in saying Proton advocates for anonymity. Infomaniak also took issue with free services, such as free VPNs. In the debate, Jacobsen said how these free services allow anyone to hide from the law by enabling anonymity. While VPNs can be misused by bad actors for criminal endeavours, something all reputable VPNs and Tom's Guide opposes, this doesn't mean they should be taken away or targeted. Almost every kind of technology and device can be used for illicit purposes. We have to accept that not everything can, or should, be controlled in order to target a small minority. This trade-off would take away the right to privacy of millions of genuine users. VPNs, and especially the best free VPNs, are a lifeline for people living under censorship and internet restrictions. Without them, they would be unable to access a free and open internet and would suffer at the hands of authoritarian regimes. Proton VPN has a host of dedicated anti-censorship features, aimed at protecting the privacy of those who need it most – including the free service Proton VPN Free. Many VPNs also offer free emergency VPNs for journalists or activists. VPNs cannot just be for those who can afford them, so Infomaniak's targeting of free privacy services fails to consider the appropriate repercussions. The article quotes Infomaniak's founder, Boris Siegenthaler, as saying "the answer is clear: the day activists for important climate, humanitarian, or democratic causes are in the crosshairs, we will oppose this request." However, many argue that the Swiss government's request would put those people in the crosshairs, and they wouldn't be protected. Infomaniak doesn't advocate for widespread surveillance, but that would not be needed under these plans. Metadata collection could form a large part of the new surveillance law, and it's seemingly something Infomaniak supports. In a separate interview with RTS, Jacobsen argues that metadata collection is acceptable in order to help prosecute individuals who "carry out illicit activities" anonymously. He says how in other aspects of life, we don't accept that, saying you need ID for taking out a phone number and SIM card. "The outside of the package is enough to bring justice," he said – referring to metadata. The contents of messages or communications will remain encrypted, but the metadata will be seen and collected. Metadata can include geolocation, date and time, IP addresses, file size, device identifiers, plus who sent and received the message. So, even though the actual content of the message remains encrypted and hidden, you can identify and subsequently prosecute individuals based on analysis of metadata. The opposition claims this is a fundamental privacy risk if handled in the wrong way, and something that should be opposed, not lauded. Infomaniak's approach to metadata has also received backlash from others in the industry. A LinkedIn post by founder Boris Siegenthaler saw disagreement with Infomaniak's position in the comments. A journalist said he was concerned about metadata, should it be collected, falling into the wrong hands. He claimed certain people and sources would be at risk and communication methods must preserve their safety. One comment argued that "metadata protection is important to avoid profiling," and another said a middle ground between Proton and Infomaniak's position was needed. Infomanaik has said it's moving to an encrypted email service. Jacobsen said the content of emails will be protected, "but without anonymity." Infomaniak's own service would therefore appear to be affected by the law change and they'd be required to collect and store the metadata of its users and their emails. The Swiss government's consultation on the proposed law change ended on May 6 2025. Its findings are still not known, but we will monitor its progress closely. We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.


Tom's Guide
20-05-2025
- Business
- Tom's Guide
Proton VPN boss compares Switzerland to Russia and claims it could leave the country over proposed law
Proton boss Andy Yen has said the company will leave Switzerland if the country's new surveillance legislation becomes law. Switzerland is known for its strong privacy laws and is home to one of the best VPNs, Proton VPN. The law change would impact Proton VPN's credentials as one of the most private VPNs and would have a monumental effect on the wider VPN industry. Switzerland's current surveillance law instructs mobile networks and internet service providers (ISPs) to collect and store user data. The proposed change would extend this to VPNs, messaging apps, and social media companies. Having a strict no-logs policy is very important and a must-have to be considered a quality VPN provider. Collecting user information would severely breach these policies and undermine user privacy. Proton VPN would rather leave its Swiss home than risk the privacy of its users. The Swiss government's consultation on the proposals closed on May 6 2025, and we are awaiting its findings. Andy Yen spoke to Radio Télévision Suisse (RTS) on May 13, and launched a scathing attack on the proposed legislative amendment. Yen described it as a "major violation of the right to privacy" – something that directly contradicts Proton's "privacy by default" tagline. "This revision attempts to implement something that has been deemed illegal in the EU and the United States," Yen claimed. "The only country in Europe with a roughly equivalent law is Russia." This is a damning comparison. Russia has some of the world's strictest VPN laws, has banned multiple VPNs from its app stores, and has a long history of internet censorship. In December 2024, it disrupted the internet across several regions in a rumoured test of its "sovereign internet structure." The only country in Europe with a roughly equivalent law is Russia The amendment's consultation phase ended on May 6. At the time of writing the findings aren't known. If the law is changed, Yen said "we would have no choice but to leave Switzerland." "The law would become almost identical to the one in force today in Russia. It's an untenable situation. We would be less confidential as a company in Switzerland than Google, based in the United States. So it's impossible for our business model." The law requires changes to encryption, as well as user data collection. An encryption backdoor would be demanded and new types of information and monitoring created. Proton's users exceed 100 million, with Proton VPN, Proton Mail, and the wider Proton ecosystem at risk. But other Swiss based companies who provide encrypted services would also be impacted – including the encrypted messaging app, Threema, and the newly launched VPN, NymVPN. NymVPN has been a vocal critic of the proposed amendment, with its Chief Operating Officer Alexis Roussel releasing a detailed statement. We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.


Arab Times
27-03-2025
- Arab Times
Tech tip: Avoid sharing your email with strangers; use a decoy
LONDON, March 27, (AP): You've heard of burner phones. What about burner email? So much of the internet now requires that you hand over your email address before you're able to use any services - from an app you've downloaded to signing up for a newsletter or redeeming a special offer online. But who says you have to give your real email address? Next time you're asked, consider using an email mask. There are a growing number of services that give out disguised email addresses and relay any messages to your actual address. Experts say this can be a powerful tool to safeguard privacy and security. Here are some pointers on the whys and hows of email masking: The idea behind email masking is simple. The masking service gives you a randomized address you can use as a decoy instead of your actual email. It can be a series of unrelated words, or a string of letters and numbers. When someone sends a message to the burner email, it will be automatically routed to your address without anyone knowing. Providers include privacy-focused search engine DuckDuckGo's Email Protection service, Firefox Relay from browser maker Mozilla, email service FastMail and independent services like The encrypted service Proton Mail offers email masking with its password manager and standalone SimpleLogin service. There are many others. It's one of the features Apple offers users subscribing to its iCloud+ or Apple One services. When you're using the Safari browser app on your iPhone and need to input your email, you can tap the field above the onscreen keyboard to "Hide My Email,' which then creates a random address as a substitute. It's also available on Mac computers with the desktop Safari browser or Mail app. If you're using a different browser or app, you can still manually create a random email address by going into your iCloud settings. Most services have a free version with basic options and a premium tier with more features. Some free services can only receive emails but not reply to them. However, an important feature users should look for is the ability to do both, said Proton CEO Andy Yen. "Maybe you never reply to a newsletter and that's fine,' said Yen. But it's a problem if, for example, you used your email alias to buy something online and there's an issue with your order that the site needs to ask you about. "Then the ability to reply is actually pretty important,' he said. Most masking services have a dashboard control panel where you can view the various alias addresses you've activated. If you notice one starting to get a lot of spam, just turn it off. Mask your email when you want to add an extra layer of privacy or protect yourself from data leaks or unauthorized information sharing. An email mask is a "general-purpose tool that can be used in any context,' says Santiago Andrigo, principal product manager at Mozilla. However, he recommends using it in two key situations. The first is when you're unsure what a website will do with your email address. "Masking your email gives you control - if you start receiving unwanted messages, you can easily block any emails coming to that email mask,' Andrigo said. The second scenario is "when your association with a service could reveal sensitive personal information,' he said. For example, if you join an online community for a specific medical condition or a minority group, a data breach could expose your participation. There are myriad reasons not to give out your email address to anyone who wants it. It could be sold to marketers or shady data brokers, eroding your privacy by helping them build a profile of you for legitimate or nefarious purposes. If your address ends up on the wrong mailing list, it could result in more junk or phishing emails. And if an online service is hacked, attackers could make off with logins, passwords, and other personal information. Using unique passwords for all your online accounts - typically with the help of a password manager - is good cybersecurity practice. "But the real pain point for any user is actually not the password getting leaked, but actually the email getting leaked,' said Yen. Changing your password after a data breach is standard practice but it's a lot harder to change another piece of sensitive information, your email address - unless you're using a mask. There are other so-called hacks that you might have heard about. You could set up a throwaway account with a free email service like Gmail or Yahoo. But it's tedious to do this. Some Gmail users add a plus sign and an extra phrase or combination of characters between their username and the @ sign. It helps track who's sharing your address as well as filter messages. But "from a privacy standpoint, that does nothing,' said Yen. "Because people can just simply take away the plus and get your original address.' Email masks use their servers to relay message traffic between the sender and the recipient. So how can you be sure those servers are private? Look for reputable providers that promise not to keep your messages. If you're shopping around for an email masking service, Yen advises checking if it has "proper terms and conditions,' a privacy policy, and is based in a jurisdiction where it could be legally held accountable. "We state very clearly we're not keeping a copy of anything that passes through our servers," Yen said. Firefox Relay says in its FAQs that it does not "read or store any of your messages.' "In the event that an email cannot be delivered to you, we will keep it on our servers and delete it after it has been delivered (in no event will we hold onto it for more than three days),' it says. Apple says it "doesn't read or process any of the content" in email messages that pass through Hide My Email except for standard spam filtering.