Transcript
A post by [object Object] (@zzt@mas.to) saying: courtesy of @davidgerard@circumstances.run, Proton is now the only privacy vendor I know of that vibe codes its apps: In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure! I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957
It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f
given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public
Um, it’s a public repository. You can view the code that’s been added. Even if it IS AI generated, you can review it yourself.
I’m as anti-AI as anyone but this is misplaced AI-alarmism.
Does anyone here actually review code?
Only my own code and so far most of it has been unacceptable.
Uh yeah? You’d be stupid not to review code, whether written by an AI or a human. I don’t trust either.
I’m guessing OP means code you use rather than code you write, in other words auditing. Likely very few of us do that with any thoroughness. IIRC proton does have some independent auditing.
That’s what I mean too. Y’all don’t just copy-paste from stack overflow praying it works do you?
That obviously not what they meant. They mean, do you review the code for every open source application you use? Do you review every library you utilize? I’m willing to be it’s a no for both of these, because no one has time for that.
can review it yourself.
You’re a supervisor and you have 2 employees: Bill and Jim. As a supervisor your job is to ensure the work is being done correctly.
Bill is competent and rarely makes major mistakes. Jim does a decent job most of the time … but he’s also a savant at screwing up – he regularly fucks up in ways that aren’t immediately obvious but are guaranteed to cause serious problems days to weeks from the screw up.
You can glance over Bill’s work and be fairly certain it’s fine. You need to go over every single piece Jim’s work to check for problems, and even then some are probably going to slip through.
AI is currently Jim, and Jim has no business writing code for anything privacy or security focused.
This is a great example since AI isn’t taking on the role of an independent software engineer here, so there is no “Jim” and this is much less of an issue than y’all are making it out to be. You know that auto-correct is also a form of ML right? Have you considered that tools can be used responsibly and that standards for software developers still apply even when they use new tools?
You know that auto-correct is also a form of ML right?
Yeah, and I don’t fuckin use it.
Also, my auto-correct is saying that sentence is missing a comma, so I guess you don’t either.
Probably anti-Proton. I’m no conspiracy theorist, but the amount of pro BlueSky, anti Proton, anti Signal people I see on Lemmy make me wonder sometimes.
Genuinely most of the people against bluesky/atproto haven’t looked into it further than the blogpost by Christine lemmer-webber, and just want to be eliteist about being on the fediverse.
Do you understand the difference between using AI assistance for coding and vibe code?
How is this proof of vibecoding?
It doesn’t matter Proton is the whipping boy of the fediverse
