I think we must make it clear that this is not related to AI at all, even if the product in question is AI-related.
It is a very common problem with modern marketing teams, that have zero empathy for customers (even if they have one, they will never push back on whatever insane demands come from senior management). This is why any email subscription management interface now is as bloated as a dead whale. If too many users unsubscribe, they just add one more category and “accidentally” opt-in everyone.
It’s a shame that Proton marketing team is just like every other one. Maybe it’s a curse of growing organization and middle management creep. The least we can do is push back as customers.
I disagree: in as much as I have noticed this *far* more with AI than any other advancement / fad (depending on your opinion) than anything else before.
This also tracks with every app and website injecting AI into every one of your interactions, with no way to disable it.
I think the article's point about non-consent is a very apt one, and expresses why I dislike this trend so much. I left Google Workspace, as a paying customer for years, because they injected gemini into gmail etc and I couldn't turn it off (only those on the most expensive enterprise plans could at the time I left).
To be clear I am someone that uses AI basically every day, but the non-consent is still frustrating and dehumanising. Users–even paying users–are "considered" in design these days as much as a cow is "considered" in the design of a dairy farm.
I am moving all of the software that I pay for to competitors who either do not integrate AI, or allow me to disable it if I wish.
To add to this, it's the same attitude that they used to create the AI in the first place by using content which they don't own, without permission. Regardless of how useful it may be, the companies creating it and including it have demonstrated time and again that they do not care about consent.
> the same attitude that they used to create the AI in the first place by using content which they don't own, without permission
This was a massive "white pill" for me. When the needs of emerging technology ran head first into the old established norms of ""intellectual property"" it blew straight through like a battle tank, technology didn't even bother to slow down and try to negotiate. This has alleviated much of my concern with IP laws stifling progress; when push comes to shove, progress wins easily.
How can you get a machine to have values? Humans have values because of social dynamics and education (or lack of exposure to other types of education). Computers do not have social dynamics, and it is much harder to control what they are being educated on if the answer is "everything".
It's not hard if the people in charge had any scruples at all. These machines never could have done anything if some human being, somewhere in the chain, hadn't decided that "yeah, I think we will do {nefarious_thing} with our new technology". Or should we start throwing up our hands when someone gets stabbed to death like "well, I guess knives don't have human values".
The short answer is a reward function. The long answer is the alignment problem.
Of course, everything in the middle is what matters. Explicitly defined reward functions are complete, but not consistent. Data defined rewards are potentially consistent but incomplete. It's not a solvable problem form machines but equally likewise for humans. Still we practice, improve and middle through dispite this and approximate improvement hopefully, over long enough timescales.
Well, it’s pretty clear to me that the current reward function of profit maximization has a lot of down sides that aren’t sufficiently taken into account.
That sounds like the valued-at-billions-and-drowning-in-funding company’s problem. The issue is they just go “there are no consequences for solving this, so we simply won’t.”
Maybe if we can't build a machine that isn't a sociopath the answer should be don't build the machine rather then oh well go ahead and build the sociopaths
I’d argue that a lot of the scrape-and-train is just the newest and most blatant exploitation of the relationship that always existed, not a renegotiation of it. Stack overflow monetized millions of hours of people’s work. Same thing with Reddit and Twitter and plenty of other websites.
Legally it is different with books (as Anthropic found out) but I would argue morally it is more similar: forum users and most authors write not for money, but because they enjoy it.
I don't know, it feels odd to declare people wrote "because they enjoy it" and then get irritated when someone finds a way to monetize it retrospectively.
Like you're either doing this for the money or you're not, and its okay to re-evaluate that decision...but at the same time there's a whole lot of "actually I was low key trying to build a career" type energy to a lot of the complaining.
Like I switched off from Facebook aboutna years after discovering it when it increasingly became "look at my new business venture...friends". LinkedIn is at least just upfront about it and I can ignore the feed entirely (use it for job listings only).
The shift from "you just don't understand" to damage control would be funny if it wasn't so transparent.
> We have identified a bug in our system... we take communication consent very seriously
> There was a bug, and we fucked up... we take comms consent seriously
These two actors were clearly coached into the same narrative. I also absolutely don't believe them at all: some PM made the conscious decision to bypass user preferences to increase some KPI that pleases some AI-invested stakeholder.
Yeah this is not a new thing with AI, you can unsubscribe all you want, they are still gonna email you about "seminars" and other bullshit. AWS has so many of those and your email is permanently in their database, even if you delete your account. I also still get Oracle Cloud emails even though I told them to delete my account as well, so I can't even log in anymore to update preferences!
For me it’s just a multi-coloured ring like a gamer’s mood light, but it’s literally just slapped in the corner of the UI the same way a shitty Intercom widget would be.
Totally a thing a growth hacking team would do, injecting an interface on top of a design.
>I disagree: in as much as I have noticed this far more with AI than any other advancement / fad
I agree with gp that new spam emails that override customers' email marketing preferences is not an "AI" issue.
The problem is that once companies have your email address, their irresistible compulsion to spam you is so great that they will deliberately not honor their own "Communication Preferences" that supposedly lets customers opt out of all marketing emails.
Even companies that are mostly good citizens about obeying customers' email marketing preferences still end up making exceptions. Examples:
Amazon has a profile page to opt out of all email marketing and it works... except ... it doesn't work to stop the new Amazon Pharmacy and Amazon Health marketing emails. Those emails do not have an "Unsubscribe" link and there is no extra setting in the customer profile to prevent them.
Apple doesn't send out marketing messages and obeys their customers' marketing email preferences ... except .. when you buy a new iPhone and then they send emails about "Your new iPhone lets you try Apple TV for 3 months free!" and then more emails about "You have Apple Music for 3 months free!"
Neither of those aggressive emails have anything to do with AI. Companies just like to make exceptions to their rules to spam you. The customer's email inbox is just too valuable a target for companies to ignore.
That said, I have 3 gmail.com addresses and none of them have marketing spam emails from Google about Gemini AI showing up in the Primary inbox. Maybe it's commendable that Google is showing incredible restraint so far. (Or promoting Gemini in Chrome and web apps is enough exposure for them.)
>This is not an issue in Europe, due to effective regulation.
This article's author complaining about Proton overriding his email preferences is from the UK. Also in this thread, more commenters from UK and Germany say companies routinely ignore the law and send unwanted spam. Companies will justify it as "oops it was a mistake", or "it's a different category and not marketing", etc.
>That's because they put their alerts in the gmail web interface :-/
I agree and that's what I meant by Google's "web apps" having promos about Gemini.
But in terms of accessing Gmail accounts via the IMAP protocol in Mozilla Thunderbird, Apple Mail client, etc, there are no spam emails about Gemini AI. Google could easily pollute everybody's gmail inboxes with endless spam about Gemini such that all email clients with IMAP access would also see them but that doesn't seem to happen (yet). I do see 1 promo email about Youtube Premium over the last 5 years. But zero emails about Google's AI.
> Apple doesn't send out marketing messages and obeys their customers' marketing email preferences ... except .. when you buy a new iPhone and then they send emails about "Your new iPhone lets you try Apple TV for 3 months free!" and then more emails about "You have Apple Music for 3 months free!"
That's "transactional" I'm sure. It makes sense that a company is legally allowed to send transactional emails, but they all abuse it to send marketing bullshit wherever they can blur the line.
Imagine making this argument for other technologies. There is no opt-out button for machine learning, choosing the power source for their datacenters, the coding language in their software, etc. Conceptually there is a difference between opting out of an interaction with another party vs opting out of a specific part of their technology stack.
The three examples you listed are implementation details, so it's not clear if this is a serious post. Which datacenter they deploy code in is (other than territory for laws etc, which is something you may wish to know about and pick from) an implementation detail.
A better example would be: imagine every single operating system and app you use adds spellcheck. They only let you spell check in American[1]. You will get spell check prompts from your Operating System, your browser, and the webapp you're in. You can turn none of them off.
[1] in this example, you speak the Queen's English, so spell color colour etc
Unrelated but interesting to think about terms like "queens English" now that the queen is gone. Will we be back to kings English some day? I suppose the monarchy might stay too irrelevant to bother changing phrases.
> I disagree: in as much as I have noticed this far more with AI than any other advancement / fad (depending on your opinion) than anything else before
Isn't that because most of the other advancements/fads were not as widely applicable?
With earlier things there was usually only particular kinds of sites or products where they would be useful. You'd still get some people trying to put them in places they made no sense, but most of the places they made no sense stayed untouched.
With AI, if well done, it would be useful nearly everywhere. It might not be well done enough yet for some of the places people are putting it so ends up being annoying, but that's a problem of them being premature, not a problem of them wanting to put AI somewhere it makes no sense.
There have been previous advancements that were useful nearly everywhere, such as the internet or the microcomputer, but they started out with limited availability and took many years to become widely available so they were more like several smaller advancements/fads in series rather than one big one like AI.
> With AI, if well done, it would be useful nearly everywhere.
I fundamentally disagree with this.
I never, now or in the future, want to use AI to generate or alter communication or expression primarily between me and other humans.
I do not want emails or articles summarised, I do not emails or documents written for me, I do not want my photos altered yassified. Not now, not ever.
Keep in mine I said "if well done". That was not meant to imply that I think the current AI offerings are well done. I'd take "well done" to mean that it performs the tasks it is meant for as well as human assistants perform those tasks.
> I never, now or in the future, want to use AI to generate or alter communication or expression primarily between me and other humans. [...] I do not want emails or articles summarised, I do not emails or documents written for me, I do not want my photos altered yassified.
That's fine, but generally the tools involved in doing those things are designed to be general purpose.
A word processor isn't just going to be used by people writing personal things for example. It will also be used by people writing documentation and reports for work. Without AI it is common for those people to ask subordinates, if they are high enough in their organization to have them, to write sections of the report or to read source material and summarize it for them.
An AI tool, if good enough to do those tasks, would be useful to those users, and so it makes sense for such tools to be added by the word processor developer.
Again, I'm not saying that the AI tools currently being added to basically everything are good enough.
The point is that
(1) a large variety of tools and products have enough users that would find built-in AI useful (even if some users won't) that it makes a lot of sense for them to include those tools (when they become good enough), and
(2) AI may be unique compared to prior advances/fads in how wide a range of things this applies to and the speed it has reached a point that companies think it has become good enough (again, not saying they have made the right judgement about whether it is good enough).
How about machine translation and fixing grammar in languages you're not very familiar with? That's the only use of "AI" I've found so far. I'd rather read (and write) broken English in informal contexts like this forum, but there are enough more formal situations.
> With AI, if well done, it would be *useful nearly everywhere.*
I'm not saying it doesn't have uses.
Having said that, there are two things I never want AI to do: a) degrade or remove the need for me to express myself as a human being, b) do work I'd have to redo to prove it did it correctly.
On translation, sycophancy is a problem. I can't find it now, but there was an article I read about an LLM mistranslating papers to exclude data it thought the user wasn't interested in. So no, I wouldn't trust it for anything I cared about.
I do use AI: I'm literally reviewing some Claude generated code at the moment. But I can read that and know that it's done it right (or not, as the case often is). This is different from translation or summarisation, where I'd have to do the whole task again to prove correctness.
I believe this is combined with something I call "asymmetry blindness". They may say "but we send an single e-mail per month, this can't be bad".
We the users get a barrage of e-mails everyday because every marketing team is thinking we only get their mail, and it makes our lonely and cold mailbox merrier.
No, users are in constant "Tsunami warning!" mode and these teams are not helping.
If they were sending just one per month I might actually read them occasionally. It's the three a day from the likes of aliexpress that get deleted without a second glance.
But yes, you're absolutely right - "no raindrop considers itself responsible for the flood".
Indeed. I received 28 unwanted emails of this kind in January so far (just counted), which is a bit more than once per day, despite quite avidly unsubscribing from this kind of emails. This month I had to unsubscribe from ChatGPT and GitHub emails of this kind too, although I don’t recall opting in to them in the first place and neither of them spammed me until recently.
On Jan 11th I received "Easy self-care you can start today" advertising how ChatGPT can be used for meal planning or finding a local gym (ending with "Ask ChatGPT for more wellness tips"), and on Jan 19th I received "Use ChatGPT to make life easier" advertising how ChatGPT can for example improve my coffee brewing skills (ending with "Ask ChatGPT for more ways to get it all done"). I certainly consider these "spam", and until recently didn’t receive such emails from them.
Again, no raindrop considers itself responsible for the flood: if you buy enough coffee-priced subscriptions, that's unaffordable. Usually people already have their coffee-priced budget allocated to something. Like coffee.
(Incidentally, this is why mobile gaming uses so many anti-patterns, to make people keep making "just one more" tiny purchase)
I guess the people you quote also missed that not all of us work in Silicon Valley and can afford those expensive coffees every day. I’d like an estimate of how many Nescafé powder coffee cups I’d have to skip per month to use their subscription.
The problem is not just empathy. It is also ethics. The fine distinction between opting out of A and opting out of B described in the post served to justify ignoring the opt out request. That's lazy ethically. The entire US business sector's customer relations are completely compromised ethically. It's taken to extremes in tech contexts.
In large organizations motivated reasoning trumps ethics. Behavior starts working along incentive gradients like an ant heap. Spend enough time in an environment like that and you learn to frame every selfish decision as good for the customer.
I think maintaining ethics in large organizations is one of the main challenges of our time, now that mega corps dominate our time and attention.
> Spend enough time in an environment like that and you learn to frame every selfish decision as good for the customer.
This reminds me of "in order to save the environment, we are going to delete all of your recordings older than 2 years, in 2 weeks. You can't download them."
Cloud is probably the better comparison, since crypto never had the sort of mainstream management buy-in that the other two got. Microsoft's handling of OneDrive in particular foreshadows how AI is being pushed out.
i dont like onedrive very much. i get it its useful as a pigeonhole, what i really dont like is how it is used. its the thing that moves files to onedrive and destroys local copies, that i hate, and onedrive is something that enables that. so i dont hate onedrive, i just dont like it.
I have never received a Crypto spam email from any place where I opted out from it. Same for cloud. It feels different. With crypto it was everyone wanting to ride the hype train. With AI they spent a bunch of money up front and are desperate to see ROI.
The idea that the marketing team has the ability to really push back against senior management doesn't align with the reality I have seen. The best they can do is say that this will do brand damage -- but they don't have the ability to really call the shots. Most organizations marketing is not in a real seat of power - more like an advisory position.
I'm not trying to unfair to marketing - they do have an important role - I have hardly seen a company give marketing real power at an org. So the idea that this is because marketing don't push back on senior management -- is because they know they don't have the power to do this.
Last to months several of my connections on Linkedin used private messaging for mass marketing "emails" - "normal" proper companies, not recruiters/outsourcing/... that have been spamming us for years. There is not limit to the things they will try.
On Proton: I don't get the love they get here. There ethics I find questionable and their product (e.g. search) I find unusable.
> I think we must make it clear that this is not related to AI at all
Yeah, many companies do that. I unsusbcribed from newline, they still keep spamming me. Funny thing is, they realised they had made a mistake and promised to remove unsubs. One week later, the spam started.
In theory. In practice-- I would spend all my time just filing complaints, because today, in 2026, I get more spam from "legitimate" companies than "Nigerian scammer" types
It's not a false positive to classify a company as a bad actor and move their emails to the spam folder if they refuse to respect user choices. If anything, I wish it would happen more often and at a massive scale, because then maybe companies would have an incentive to stop being so hostile around this.
They shouldn't send marketing mail from an address they want to be read. I think that's been the standard for a while, in practice - most actual transactions come from orders@<blank> or something similar while marketing mail comes from a dozen other addresses.
With customer support positions, escalating to engineering is also seen as a negative metric. They might blame customer support for this but it’s likely that they’d have been turned away with “why are you escalating this stupid thing to us?”
Genuinely: What profits!?! The only company profiting from AI has been nVidia. Every indicator we've received for this entire alleged industry is companies buying hundreds of millions of dollars in graphics cards that then either sit in warehouses depreciating in value or, worse, are plugged in and immediately start losing money.
The tech industry has coasted on it's hypergrowth story for decades, a story laden with as many bubbles as actual industries that sprang up. All the good ideas are done now. All the products anyone actually needs exist, are enshittified, and are selling user data to anyone who will pay, including products that exist solely to remove your data from everyone who bought it and probably then sell it to some other people.
This shit is stupid at this point. All Silicon Valley has to do is to grow up into a mature industry with sensible business practices and sustainable models of generating revenue that in most other industries would be fantastic, and they're absolutely apoplectic about this. They are so addicted to the easy, cheap services that upended entire other industries and made them rich beyond imagining that they will literally say, out loud, with their human mouths, that it is a bad, undesirable thing to simply have a business that makes some money.
The people at the top of this industry are literally fucking deranged and should be interred at a psychiatric facility for awhile for their and everyone else's good.
>All Silicon Valley has to do is to grow up into a mature industry with sensible business practices
Negative sum game: Growing up is easy if it doesn't kill you. The problem with being ethical when everyone else is unethical is that you'll likely go broke.
The next issue is we're seeing, is not that Silicon Valley is ever going to improve, but the bullshit is spreading to eat up every other industry in the US. Engaging in outright fraudulent behavior is A'ok in the US (I mean we even elected a president convicted on a pile of counts of fraud).
Effectively industries cannot manage themselves, we need regulations to prevent them from being bastards. Problem, we elect bastards that cannot keep from committing fraud themselves.
If you're not the shareholder, you're the product.
The business model of any publicly traded corporation, at least in 2025, is to increase the value of its circulating stock. No more and no less. The nominal business model of the company is a cover story to make line go up. The reason why the stock price matters is because of access to capital markets: if a business wants to buy another business, they are not going to dip into the cash on hand. They are going to take out a loan, and that loan is collateralized by... the value of the business. Which is determined by the stock price.
So if you can keep the line going up, you can keep buying competitors. But if you act like a normal, mature business, you can't.
Profit as a concept is a concern for capitalism. But these businesses are not interested in capitalism, they're angling to become the new lords of a growing feudal economy. That's what "going meta" really means.
This was my first reaction too. It is a bit ironic that the issue of “overlapping labels” can be applied to the OP as well.
My instinct is to classify this as an email consent issue not because AI needs defending, but because the solution need not be specific to AI. The Next Big Thing will also probably have this problem because marketing is at odds making your customers happy with a great product.
The spam was advertising AI, the point of the article was how aggressively AI is being shoved down our throats, and it seems very likely that when he went to complain about the AI spam it was an an AI chatbot which gave him the useless answers until it finally "checked with the team" (presumably a human) who lied to him about what counted as AI spam.
It seems like this is very much about AI even though it's ultimately humans pushing AI and disregarding people's spam preferences. Right now, everything "AI" is ultimately humans (like the way humans are using/abusing the AI tools, or the human intellect behind all of the data that was used to train them and all of the knowledge they output, or the humans deciding what they'll allow their AI to be used for, or the humans failing to safeguard the users of their AI products, etc) so this is as much about AI as anything is.
>The spam was advertising AI, the point of the article was how aggressively AI [...] It seems like this is very much about AI
Yes, the gp you responded to already said the same thing that the particular email was about AI (Lumos) when he wrote : >", even if the product in question is AI-related."
To go beyond that, the gp highlighted that the bad behavior is rooted in companies ignoring customers' email preferences instead of the AI. The article is misdiagnosing the unwanted email issue as "AI Consent Problem" when it's actually fundamentally about "Email Consent Problem". The author deliberately opted out of email marketing and Proton ignored it (by "mistake") and this is a common misbehavior companies did before AI. It's worth separating those 2 factors out.
We get unwanted spam about "Amazon Pharmacy" and "Apple TV" that overrides our profile settings to opt-out of those emails but that doesn't mean we misdiagnose it as "Pharmacy Consent Problem" and "Video Streaming Consent Problem". Instead, the generalization is still fundamentally an "email consent" problem. Always has been. The repeated abuse of the customer's email address (with or without AI in the picture) is what the gp was emphasizing.
Likewise, if a future hot technology household such as residential robots causes email marketing campaigns that blasts unwanted spam about Tesla house robots... the issue of that unwanted spam "Tesla robots 10% off!" ... is still about ignoring customers' email preferences. The unwanted robots themselves would be a separate issue. Companies will continue to make "mistakes" to send out new marketing email spam with <HotNewThing> in the subject field that will infuriate customers. And the future root cause of that problem still won't be <HotNewThing> but instead about companies ignoring customers email preferences because the incentives and greed are too great.
The problem with tech is that there's absolutely zero accountability.
Marketing is, to some extent at least, regulated. There's so little consumer protection in the tech industry, it's a joke. We've got GDPR (in Europe) and I'm really struggling to think what else. Imagine if other forms of engineering had the same level of control.
There's this absolutely fallacious notion that in a free market, customers can just vote with their feet.
From big players with vendor lock-in and network effects, to specialists (I know of few decent competitors to Proton), the average consumer is not sufficiently protected from malpractice.
We may say, "oh, it's just a marketing email", but TFA perfectly encapsulates the relationship we have with our suppliers.
Now that we're at it, let's talk about Google ads. I reported a Google ad because I deem it political, and in Europe you must make it clear that a political ad is a political ad and not just an ad (and it failed to do so, it should be corrected or eliminated).
Google refused to comply and act in any way, because they "don't moderate 3rd party content". Except that EU says you _must_ comply if you're publishing a political ad. I'm bringing this forward with an appeal and then I'm going to escalate to the national authority if they still refuse to act.
The laws are there. It's just that big tech think they can ignore them freely and even if down the road there's a fine it's going to be much less than what they gained by spreading ads.
>then I'm going to escalate to the national authority if they still refuse to act.
You are actually doing this wrong...
Report to the national authority first...
Then report to Google.
Fuck them, it is not in your interest to report to them first, make them react for their bullshit. Over here in the states this is how I ended up dealing with telecom in the ISP industry. "Hello, I have put in an FTC/FCC complaint on $issue, and would like to see about getting it resolved".
It didn't matter that's not the order you're supposed to go in, at the telecom side they send it off to a team that actually gets shit solved before it becomes a regulatory problem.
>You might have a stronger case with the national authority
At least on the ISP side, we started doing it this way after the telcos would yank our chains for weeks or months first, when we had issues that needed to get solved quickly. More so I started working with our competitor ISPs because it was very common we'd all the have the same issues. More than one complaint of the same type in the same area to these agencies tends to get noticed and followed up quickly. The follow through process on it starts to get expensive for the telcos too.
My next recommendation on this political ad bullshit is don't go at it alone. Find as many like minded people to dig up and complain on these ads as you can. Flood the regulators with violations that are occurring. When you think of it in reverse, these companies breaking the law will have no issues with pooling resources and going after you.
To name and shame two: LinkedIn and MyHeritage. If you ever made an account with either of them, they will never stop spamming you. They have configuration options to select which mail to receive, but they appear to consider them temporary suggestions.
A special dishonourable mention goes to Wal-mart. I never interacted with them in any way whatsoever, as well I wouldn't since they don't exist on my continent as far as I know, yet they still send me spam. DKIM signed and all!
LinkedIn once seemed to somehow go through my (GMail?) contacts and ask if I should invite my, late, grandfather to the platform in the subject of a marketing message.
I guess you also received the Linkedin Gaming spam a couple of weeks ago?
I opted out of almost every category and I never opted in to a category like that. So why is there now a new category which I have to opt out of?
It seems to me blatant, unpunished disregard of GDPR - but their whole business was founded on abuse of emails and there's no reason to expect a Microsoft acquisition to make a company act more in line with the law.
That gaming email took me mentally straight back to Facebook circa 2009, and not in a good way. LinkedIn always serves as a fantastic example of exactly how not to treat your users.
> It’s a shame that Proton marketing team is just like every other one.
Having gone through the Proton hiring process was an eye opener for me: despite its stated mission, the company isn't special when it comes to its management, it's as bad as any other.
It is entirely related, because AI marketing is an amped up version of traditional dark-pattern marketing. And since every tech company is on the AI hype train, then they all fall into the same willingness to justify the worst behavior because of their desperate need to get on the forefront of what they’ve convinced themselves is the only path to growth. But as consumers, since we are confronted with all tech companies all following the same dark patterns, we feel the impact suddenly much stronger than with past one-at-a-time panicky company over-marketing efforts.
It is an error to believe this is only happening in/with marketing. In general, "empathy" and "capitalism" are mutually exclusive. If profit is your goal, you don't care about individuals.
There’s probably a bigger association with it. I don’t like ai and see it everywhere, in every app I use, every service I purchase, my goddamn start bar.
So, when they start emailing unwanted emails, it feels like a spam problem, when really it’s insidious on multiple fronts.
I can’t wait for the enshittification phase. When the products royally fuck their fan base.
I've been using proton for a year after migrating from Rackspace and I'm done. Not because of this article, but I might as well pile on:
1. I use a custom domain.
Turns out that there are two competing features, not-at-all documented. If you use a catch-all, like I do, AND use specific addresses for sending, the two are incompatible to some degree. Which is bonkers.
Example: with a catchall I can create any address I want (and I do). Some store wants an email for a big discount, cool, here's a throwaway. Buying something online, here's a throwaway.
Now sometimes, I need to reply using that throwaway. Turns out in Proton, this triggers a gotcha. As soon as I add the throwaway email to my list of email addresses for sending, I enter a world with a limit of 10 max.
That's fine, I can disable them right?
Nope, it turns out if I disable them in order to add aothers, Proton blocks those addresses *even though I have a catch-all*. WHAT?? Worse, if I try to delete the addresses, Proton will also delete the associated messages in my Inbox/folders. Excuse me?
2. What really pushed me away: Search.
Whatever proton is using under the hood is easily the worst search experience I've ever had from a mail product, and I use Thunderbird on my work machine.
Notable: Proton Bridge. I get why, but it's just terrible.
Isn't the search bad because they can't search email contents? As long as the term is somewhere in the metadata (title, sender email, sender name) it seems to work ok.
I agree though that the user experience isn't great because of this limitation. You kind of have to remember what the title of the email was for what you're looking for. Searching for "flight ticket" results in mixed success
Yeah, even when you turn on "enable local cache of emails", the search is still terrible.
What's pretty surprising to me is that for everything they say about privacy etc., getting Mail Plus gives you nothing better than a free user in terms of VPN options. That was the case in their previous set of plans, too - I've been paying for Proton for some years now, at a cost of like $100-150/yr, and only ever had the same level of VPN offering from them as a free user, which is pretty lame.
What are you going to do instead? I am very close to moving from a 20-year-old GMail address to a custom domain and was planning to use Proton as the email host.
I was in your shoes a few years ago. Just move already. Don't worry about it. Get your own domain and point the MX records at literally any email service out there. If you don't like it you can just switch later. Just start using your own domain as soon as possible.
It really is life changing. When you have your own domain switching email services is risk free since your addresses don't change. You can literally try out all the email services out there.
For the record I'm a happy Proton customer. They seem to be the only ones who still care about PGP. I even interacted with them here on HN a few times.
I've been reasonably happy with Runbox. Decent features, pricing, and servers in Norway. The webmail isn't great, but I don't really use it. If you must have encryption, I think the only option is Tuta.
Proton. There are some other good alternatives. But since the rest of the family was also using Fastmail, I needed a solution that was user-friendly enough. Besides that, Proton Drive also made it possible to finally move away from our Dropbox Family subscription.
I' migrated to purelymail.com around 2 years ago and. Reaaally cheap, easy to set up and without any bloat whatsoever. The webpage might look sketchy at first, but don't judge a book by its cover :)
I have a catch-all and can reply from any address I please. If I reply from an email sent to retailer@mydomain.com it even auto populates the "from" address for me with "retailer", or I can choose to reply from one of my named accounts. It's really slick.
I think the big downside for a lot of people is that it's hosted in the USA where the government is definitely headed in an autocratic direction that is abusive of most countries who don't comply to rantings from an orange madman. Definitely a huge downside.
I agree this is bad UX, but you can send from throwaway emails by setting new contacts for said email in simplelogin, which as someone else comented, you get for free with proton, linked to your account. It handles your catchall.
Agreed on both of these. Proton search is so dogshit.
Re: the custom domain catch all reply, this is a bit annoying but there js a workaround. I made a SendGrid account which allows me like 100 sends per month, and I can reply in Thunderbird via SendGrid as any email account. Annoying to boot up Thunderbird, and I haven't found a way to do this on my iPhone, but I don't need ti reply from a throwaway frequently so it's sufficient for now.
They are actively hostile to their customers. Author's experience is just the Proton experience. It was so when they were tiny, it is the same now
Ultimately you have to trust the company that offers you E2E encryption. I don't know why anyone would trust this company given the way they interact with people.
> Has anyone else noticed that the AI industry can’t take “no” for an answer? AI is being force-fed into every corner of tech. It’s unfathomable to them that some of us aren’t interested. The entire AI industry is built upon a common principle of non-consent.
I can't help but see the spam as more circumstantial evidence of a bubble, where top-down "pump those numbers" priorities overrides regular process.
The really strange thing is that so much of it doesn't work. Like I get that the SOTA models perform some tasks quite well and have some real value. But the AI being implemented in every corner creates a lot of really bad results. The Shopify code assistant will completely wreck your site and basically gets nothing correct. It will write 100 lines to change a color of a single DIV. The Amazon product Q&A will give you wrong information more frequently than not.
In what mind frame is it logical or necessary to put these extremely poorly functioning products in to the wild?
It's a desperate attempt at staying relevant, even if most of those companies don't realize it yet. Because of its general-purpose nature, AI subsumes products. Most software products that try to "implement AI in every corner" would, from the user's POV, be more useful if they became tools for ChatGPT/Claude/Gemini.
People's goals are rarely limited to just one software product, and products are basically defined as a bag of tools glued with UI, that work together but don't interoperate much with anything else. That boundary drawn around a bunch of software utilities, is given a name and a fancy logo, and sold or used to charge people rent. That's software products. But LLMs want to flip that around - they're good at gluing things, so embedding one within a product is just a waste of model capabilities, and actually makes the product boundary more apparent and annoying.
Or in short: consider Copilot in Microsoft Word, vs. "Generate Word Document" plugin/tool for a general LLM interface (whether Gemini webapp or Claude Code or something like TypingMind). The former is just an LLM locked in a box, barely able to output some text without refusing or claiming it can't do it. The latter is a general-purpose tool that can search the web for you, scrap some sites and run data analysis on results (writing its own code for this), talk results over with you, cross-reference with other sources, and then generate you a pretty Word document with formatting and images.
This is, btw., a real example. I used a Word document generator with TypingMind and GPT-4 via API, and it was more usable over a year ago than Copilot is even now. Partly because Copilot is just broken, but mostly because the LLM can do lots of things other than writing text in Word.
Point being, AI is eroding the notion of software product as something you sell/rent, which threatens just about the entire software industry :).
It gives a lot of power to users to work around enshittification in the software services they use. Dark patterns and user funnels and upsells and other bullshit suddenly stops working when users can ask ChatGPT to operate a service for them.
Saw an AI generated product feature list on walmart's site that listed a stainless steel rack as microwaveable. If someone can sue mcdonalds for hot coffee, I imagine someone burning their house down while microwaving steel probably could sue too. Intelligence of the plaintiff not withstanding.
Agree. The number of services i use where the apps continually add new marketing preferences which are defaulted to ‘enabled’ despite the fact that all other preferences are disabled is disgusting and clearly used by some companies to ignore people’s actual preferences.
They're checking to see whether any of the links they put in the emails are being fetched from their servers. It's stupid, but it works for most people.
I had a similar situation with SMS messages that were being sent to me with links informing me of status updates. These texts were useful, and I would go over to my real computer to check the web site. Then after a few days the text messages said "It looks like these messages aren't getting through to you, so we'll stop sending them." Which is also stupid, but it works for most people that load the web site on their phone from the SMS link. God help you if you have a dumb-phone.
Only if people naively automatically load remote content. My inbox receives the bits that actually come in the email and nothing else. If you send an empty email with all images, you sent an empty email...
So they'd miss it anyway, my mail client is firewalled to only be able to access the mailserver.
I've been unsubscribed from a handful of newsletters because I don't read them. I replied to one and told them I did, even reached out on Twitter, but they still deleted me.
Have you noticed certain financial providers sending blatant marketing emails with no unsubscribe option and a comment along the lines of "these emails are not marketing"
The trick is create a filter to weed out such junk. And if a company sends me marketing fluff without unsubscribe option, then it goes in the junk/spam folder, and I may eventually discontinue my account with that service provider altogether.
Because I periodically check my sp/junk folder to see if legitimate emails got dumped there, so I eventually know who's a spammer and who's not.
Yet rife. My complaint to a major UK provide was rebuffed with the blatently false assertion that the email promoting a website refresh was an essential service email.
I think that's fine. If 20% of the emails from some company (let's say Paypal) are spam, then all email providers (especially Gmail, the largest provider) should mark ALL of their emails as spam by default until they stop spending spam. If they want to keep spamming, they can at least humiliate themselves by telling people to check their spam folders for their emails.
If you lose an account due to negligence, it's on you, not the service provider.
Spam/junk folder is not "ignore" folder. You need to periodically check the contents of the spam/junk folder to see if any legitimate emails fell into that waste basket.
That "Mark as Spam" facility not only moves the offending message into Jink/Spam folder, it also allows the Email Service provider to identify that type of email as spam, so future incoming messages that match that may criteria can be categorized as spam, so they'll go into spam folder automatically, rather than into the Inbox. You can find them in the Jink/Spam folder.
However, if thousands of users report same domain or sender as spam, then the email service provider may take stern action, including blocking the sender email id or domain at the server level, so their messages will never reach your mailbox.
So you need to be careful what you "Report as Spam". It is different action from "Mark as Spam".
"Report as Spam" may also prompt the user to "Block sender", so one must be careful not to block legitimate senders, though this action can usually be undone, as the Mailbox Settings will track the blocked senders so that lost can be corrected by the user if needed.
Gmail has a good trick that most users don't know or notice: In the Spam folder, the user can see a warning at the top of each email that explains why Gmail sent it to Spam.
So user can figure out why legitimate emails got wrongly flagged as Spam, and can prevent such future legitimate emails from falling into Spam folder: User can do this either by adding the sender to Contacts list (Emails from known Contacts are auto-dumped into Spam folder), or by creating a filter to identify and action that message (flag it as Important, or label it with a custom category label, or move it to a specific subfolder, or forward it to another email ID).
>However, if thousands of users report same domain or sender as spam, then the email service provider may take stern action, including blocking the sender email id or domain at the server level, so their messages will never reach your mailbox.
This is a good thing. If you spam thousands of users, you are a spammer, even if you also happen to send legitimate emails. If anything, it should be applied more broadly. When companies like Walmart or Paypal or LinkedIn or Comcast or whoever spams thousands or millions of people, if Gmail marked all their emails as spam until they stopped, that would be a major quality of life improvement for everyone.
I mean if said company first spammed you and you marked them as spam, then it is on them. No different than if someone sent you a bunch of unwanted letters and you threw them out, but one of them happened to be relevant. It's on the organization sending you junk.
In Windows 10, they added a shortcut Ctrl+Win+Alt+Shift to open Microsoft Office 365 (or whatever they call(ed) it). Caused me a ton of confusion and annoyance when I picked up my laptop by the corner of the keyboard.
I get their point that you can't provide a "No" in the reminder. But there should be an option (maybe even hidden under "advanced settings - here be dragons!") for this.
Problem is (and that was their argument) people press this button all the time without reading the dialogue at all, and then won't know how to turn it back on. A messenger app has to deal with very technical illiterate people. But there should be an option in settings for the tech savvy user.
Every so often I consider writing the "STFU license." Something like GPL but if you use this code, even as a library, you can't give people unwanted notifications. Would need to be pretty comprehensive and forward compatible to cover all the crazy cases that notification-enthusiasts dream up.
Signal is an interesting case study in UX failure. I and a bunch of other tech forward people were on it in its heyday but after they removed SMS support and implemented shitty UX like that nag dialog: Neither I nor a single person I know uses it any more. Everyone is on Whatsapp or iMessage.
It may be cryptographically superior, but does that matter at the end of the day if nobody uses it?
Cryptographical superiority aside, Signal doesn't collect personal data, unlike Whatsapp. For me that's the main reason to use it. The UX is good enough, although some points can for sure be improved.
Whatsapp should be a non starter. What Mark Zuckerberg did to Whatsapp should be required reading for anyone using the internet, and then decide if you still want to use Facebook (never mind, they build a shadow profile for you anyway)
A few of my neighbors have kids the same age as my kids, they're on a WhatsApp group chat, and my choice is either use WhatsApp or make my kid miss out on social events, so it's not really a choice.
"Hey let's switch to this app that nobody else is using and it sends you annoying popups every month but trust me bro it's more secure" is not a winning argument
This. We must change laws that the above field is not considered as given consent. And while we are at it, we must change "silence is agreement" to "silence is disagreement". This applies to change of ToS, price increases etc. That means if I don't click a link with a button "I agree", the ToS change is not accepted - that means they have to cancel/delete my account.
Didn't FCC remove "1-click unsubscribe" requirement since it can "provide more choice and lower prices to all users across the board" (since the companies can rip off more users and create pseudo-lower prices)?
EU has its GPDR and it has some teeth, but US is currently hopeless on that front, for now, from my vantage point.
The FTC established a "click-to-cancel" rule, but (as with just so many regulations in the US) it was blocked by an appeals court. Federal law says there's a hoop they have to jump through for rules with an impact of more than $100 million, and they didn't jump through the hoop because they didn't think the impact was that high.
I like to frame it like this: "ask me later" is rape culture. It promotes and reinforces a culture of never taking "no" for an answer, and pushing one's agenda/intent regardless of the preference/consent of the other party/parties.
Their main business offerings are privacy and security. The fact that they were able to pull customers away from Google shows that switching costs are low.
Your reputation is your moat. If you ruin it by acting like Google, you're filling your own moat.
Terrorist attacks and perverts are every government's excuse to crack down on freedom. Refusing to comply with an authoritarian government like India's is a plus in my book.
Of course, if you or your family are not the victim of a terror attack, you may not care if others are impacted by it.
After 9/11, USA did the biggest crackdown on terror, including domestic security overhaul such as stringent security checks in airports, more pervasive surveillance, etc.
And this was for fraud investigation, not even a terror investigation case.
Every nation responds to repeated terror attacks in a similar way. Increased surveillance, increased scrutiny, increased vigilance, retaliatory strikes.
What do you expect? Let terror attacks happen, try not to prevent them, try not to retaliate at terrorist networks and nests?
You live in a cosy idealistic world, if you think that terrorism can be handled by ignoring it or its mechanisms of communication.
Please stop defending terror supporter companies, with such illogical statements.
You have no clue what idealism means.
An ideal world is one where no terror attacks happen.
Proton has been actively campaigning against police and government in a terror prone region. Proton is openly encouraging terrorists to evade scrutiny.
If you support terrorism under any pretext, then we are done here.
you're using a false dichotomy to hold the conversation hostage. it's possible to want to stop terrorism without handing a blank check to an authoritarian state.
I will respond to a quote with another famous quote:
“Eternal vigilance is the price of liberty."
The only ways to prevent terror attacks is by either going deep undercover into terror organisations, or by doing surveillance and investigation on suspected terror links.
What case discussed above? You have not discussed any case here.
And the links I shared in my original comments show a dangerous situation, not a "case".
Proton has been actively campaigning against police and government in a terror prone region. Proton is openly encouraging terrorists to evade scrutiny.
Proton (or any legitimate company, for that matter) has no business doing subversive activities in terror sensitive areas like J&K. If they do, then they need to face the repercussions.
If anything this enhances Proton's reputation. If so called "terrorists and perverts" trust it to the point they rely on it for their own security, then it's worth serious consideration. Nobody wants to use cryptography that some indian government can subvert.
Next time there is a mass shooting or terrorist bomb blast in your neighborhood, I hope you can look at a poster of Proton VPN on your bedroom wall, and feel safe.
And then when you find out the police are going door to door to investigate the terror attack, you should start distributing printouts of an ad of Proton VPN urging locals on how to evade police/government scrutiny via Proton VPN.
See how that works out for you. You will be arrested as a terror sympathiser.
No surprises why.
It's because terrorists use VPNs to evade scrutiny, and the last thing that any respectable company or civilian should be doing is to openly associate themselves with terrorism, which is what Proton has done.
Proton (or any legitimate company, for that matter) has no business doing subversive activities in terror sensitive areas like J&K. If they do, then they need to face the repercussions.
> because it was found that terrorists and perverts were using it for terror communications and digital sexual abuse.
Lol, nondescript "terrorists and perverts" are the laughingstock of Western politics. Eyes roll whenever someone justifies drastic action on vague terrorism/perversion accusations: https://youtu.be/ud9zBKJJQe4
My bigger concern is Modi's international reputation for exacerbating crime statistics to manufacture consent for authoritarian policy. We've seen our fair share of that here in America and it's not a positive influence on national politics. So much so that we can't trust our own email providers to be secure.
People living in glass houses should not throw stones on others.
I am going to use your own words to show you the mirror now..
Your America and its democratically-voted (even if we can call gerrymandering such) orange dictator have become the "laughingstock of Western politics".
The "war on terror" excuse to do wars for oil, was coined by "Western politic(ian)s", "exacerbating" to "manufacture consent for authoritarian policy".
Recent example: Venezuela. It is pure greed and evil for a rich nation to seize a struggling country for its oil (struggling because of sanctions to prevent it from selling its oil legally). "Eyes roll whenever someone justifies drastic action on foreign nations based on vague pretexts/accusations".
Older example: Did the USA/NATO ever find those "Weapons of Mass Destruction" in Iraq? Oh wait, the WMDs were there, because they brought them there.. to wage that war.. war not on terror... but war for oil. They didn't find any WMDs, but they certainly quickly found those rich oilfields, and then systematically looted them.. and finally set them on fire, when retreating.. from the war they started.. knowing that without that precious oil, the natives of that desert land will struggle to limp back to normalcy, especially with a Western puppet as a "democratic leader" for "positive influence on national politics".
Such tactics are not "a positive influence" on the world, because the world hates bullies. And thieves.
This problem, along with general annoyances at Proton’s lack of focus on a good email experience pushed me over the edge to move to Fastmail. I’m so much happier. Proton Mail Bridge would often pin one core of my laptop CPU, draining my battery, and it was still slow to sync new email. With Fastmail, incoming mail is so fast that the verification codes are already there before I can alt tab over.
Proton’s pricing is really frustrating for me because I want to buy upgrades to only a few services like Pass and email. Your only option on their service is to select either Pass or Mail. You cannot buy both and you will be downgraded on one if you try to buy the other.
They really haven't improved Mail in a long time now. Still can't use your own keys, still can't have a clean unmangled export, still can't send using your own keys.
It's almost like Protonmail is intentionally hostile to key management outside of their control.
Same here, I've found too many bugs in Proton's email client and instead of fixing them they just release new products. FastMail support has been great, I think the developers themselves reply (some of the?) emails, going into technical details and being actually helpful.
There are a lot of valid concerns and complaints about Proton here but one positive thing that stood out to me is the fact that you can reach an actual human being without much fuss.
The amount of companies that I pay money to for one reason or another where its almost impossible to even find a "Contact Us" page much less being actually able to respond via email is way too high.
I had to contact Proton support twice in the 2 years since being subscribed to the Family Ultimate plan. Both times the support answered quickly and provided answers that solved my issues.
I have a Proton mailbox I specifically keep around to serve as a honeypot, for tracking when one of the many annoying little services will inevitably mishandle the contact address I hand them.
Over the years, the only spam I ever received there was from Proton. Quite the way to recalibrate my expectations, eh?
i think i have a proton email address, but i never used it. i wonder.
but i pay fastmail a whopping $15/yr to give me mailboxes on my domain, which i have always heard is a good way to track who's selling your data.
So far, nothing has made it past the spam filter, and i don't check spam (how many valid emails have you found in spam in the last 5 years?); that being said apparently no one is selling my email address anymore. or, and this is a significant possibility: when i tell them companynickname@mydomain.li they just ignore the domain and put in gmail? For instance i gave Take5 "take5@" as my email and i never received anything from them. The guy even said "No; your email address" with a weird half smile; then i explained it's my own website and email, i can use any email address i want; that it will alert me if someone sells my email address.
I doubt there's a flag on the auto oil shop's CRM or POS or whatever for "customer states they're proactive about email spam and their privacy"
> (how many valid emails have you found in spam in the last 5 years?)
Personally, running SpamAssassin, zero.
However, this seems to be getting worse with the big providers deciding to drop domains they don't like from time to time. Selfhosted email will work for 4 years and then Google or Microsoft will spam them for a month for no reason. It always starts working again because I assume that what they are doing is technically anti-trust and running it for too long would make it obvious.
not an issue for me in general. side channels for nearly everyone i'd need email-style communication with, especially if their primary contact method is handled by any FAANG. I send test emails manually; usually when a semiweekly newsletter sends a plaintext "apparently our newsletters are bouncing", which they detect by autoresponders autoresponding. they say it's been consistently 8 median autoresponses per newsletter for 18 years, so when they get zero...
Maybe it is just me, but : these emails are spam. Marking them as spam should be easy in a common email box nowdays. Marking these undesired emails as spam lowers email sender reputation, then finally gives real insight to the spamer soon or later. Meanwhile you have no more emails from them.
This is unperfect because of ressource waste and the underlaying unsolved law compliance of these services. But at least you get job done easily this way.
As many things in life this is compromise, not perfect solution. In between using this simple trick I can spend my time on more interesting things.
I respect anyway the fact that people try to fight against the intrusive AI default communication mindset. In the end, i think this post need to be heard rather than having a solution.
Proton have a real problem with intrusive practices.
2 things that happened on the span of 2 years and almost got me to leave them :
1 - there was a persistent, very visible at all time big ass button on the Proton-Mail UI asking/suggesting to upgrade to a more premium plan, while I was already a paid customer. It was done in a way that was so wrong. Never experienced such frustrating things elsewhere even with my 99% full google drive.
2 - This must’ve been 2022 or 2023 Black Friday/cyber Monday season and there was a persistant, hardcoded, very annoying pop up that would immediately spawn each time I was opening Proton-Mail, asking me against to upgrade to the more premium plan than the premium I had, this will spawn every time I refresh despite hitting “don’t show this again”.
There are so many slick and smart way to get customer to use more services. Shoving unsolicited pop ups and spams is the worst thing you could do for your brand. I even start to wonder about their core values of privacy and whatnot, they play the suiss neutral privacy friendly so badly, their head of marketing is either so bad and should be fired or we going to discover another [Crypto AG](https://en.wikipedia.org/wiki/Crypto_AG) scandal.
This is not an AI problem, it's an "data privacy + lack of consequences problem". It happens everywhere. I mean, have you ever tried making an airline company to stop sending their shitty miles newsletters?
Only way to stop is to start fining these companies.
Not sure where you live, but inside the EU / UK this is rarely a problem because the companies do get fined. If youre having problems like this report them to your relevant authority. But as another commentor noted, AI bubble makes paying spam fines more worthwhile than bubble popping.
Only if the company is headquartered in EU/UK, right? Proton, for example, is headquartered in Switzerland. Even if it wanted, there would be no legal entity in EU to be fined.
My understanding is that a company's location is largely irrelevant; a company becomes subject to the GDPR when they handle EU citizens' data (or UK GDPR when it's UK citizens), and the EU/UK will still try to fine companies that aren't resident in the EU/UK - enforceability is a different question, although non-payment of fines opens the door to other remedies e.g. blocking access, seizing assets, etc.
Odd, I didn't even know Proton had an AI feature until I read this article. Didn't get an email or tooltip while using the app. Didn't previously explicitly opt-out either, and when I check my notification settings, Lumo product updates is set to disabled.
Maybe someone's feature gate isn't working as intended?
I did get the Github Copilot spam email today though.
I do think the same too, I have a Proton subscription (non-business), my "Lumo Product Updates" is toggled OFF and I've never received a single Lumo email so far.
I only use Proton for the spam or temporary low value (and free) email accounts. Proton also tries to do everything, which I don't like. If I did I'd use Google.
The thing I pay for is Tuta. The cheapest tier is way more generous than Proton and the product is simpler.
I have the exact opposite opinion. I use proton business together with their email, vpn, calendar, drive (on macOS), password manager etc. and switched specifically because of their encryption, data protection and fulls-size feature bundle. Plus, I migrated vom Office365 and it became a shitshow to manage and was full of bugs. And I had a separate bitwarden subscription, and a separate VPN subscription. Now it is one package, much preferred.
That happened to my google workspace account in 2023, when I switched to Office365. Account was not blocked blocked per se, but they stopped the free workspace versions.
It was not a big problem as I use my own domains that I host separately. Get a new provider, adjust some MX and TXT dns records and you are live again. Backup emails by running thunderbird locally.
It is, if they are encrypted. Without a password manager, I would inevitable have to reuse the same passwords over and over on my hundreds of different accounts. With a password manager, they are auto-generated random gibberish. And yes, even when using 2FA, you should have different passwords for all accounts.
Bitwarden, OnePassword, LastPass, Proton Pass etc. are password managers with dozens of millions of users that agree.
It's not, because the world we live in isn't binary. It's not true that "it's encrypted therefore nothing can go wrong". Putting your password manager online increases the risk of an accident.
And just because millions of people think this is a good idea, doesn't make it a good idea. Millions of people also reuse their passwords and that doesn't make it a good idea either.
Of course it is a tradeoff between security and usability. Not putting your passwords online forces you to either remember all passwords (which will lead to re-use) or you will be only available to access your accounts (and thus most of the internet) from your home. Or you will have to come up with elaborate system how to carry your passwords on some kind of secured device etc. A password manager (alongside 2FA) is a very good security/usability compromise for a lot of people. YMMV.
The same reason I pay for proton and they insist on showing ads for upgrading my subscription. I click no don't show this and then a month later when there's a different promotion, there's another ad at the top
Yeah, I've always been surprised at how negative HN can get about Proton. They're not perfect, but man at least they're trying to fight the privacy fight.
I've always had a very good experience with them. It's cheap, fast and their spam filter works well. Maybe 1x-2x a year I get an email from them about some promotion but that's it.
I always wondered if it’s just a few actually upset customers mixed with a ton of astroturfing by competitors pretending to be outraged proton customers.
Great timing: I just received a Copilot spam email from GitHub. I don't remember opting in to such marketing communications, instead I generally opt-out from such communications as soon as I sign up to a service...
I had a similar issue with Microsoft today. They obviously invented a new "Copilot Newsletter" and subscribed my address to it, without my consent.
I wonder what the legislation says (I'm in Germany). I know that some business related mails are deemed legal, but this seems to clearly cross the line.
no unsubscribe button in this MS Copilot campaign. And they’re trying to gaslight like it’s some essential notification when it’s clearly and blatantly unnecessary marketing spam.
Is anyone actually like super hyped about "Building AI Agents" with this and that? I wish I could get excited and just become a 100% AI Agwnt vibecoding all day and building AI agents to do AI stuff but like, I don't know?
Is there a crowd that just drools whenever a new way to "Build AI Agwnts" or "Agentic Workflows" comes out or something?
I think the last line is important. Proton isn’t perfect, neither are others. And proton is imo the best suited to my (current) needs.
I’m a (mostly) happy paying customer for their email, and also use their VPN and Authenticator. My worst experience I guess is the Authenticator app being laggy, which is not really all that bad.
How do you know the address you’re emailing belongs to a business? The head of A&A ISP in the UK used to regularly win ~£100 judgements in small claims from spammers because his personal email was leased for a nominal fee from aa.net.uk, the same domain as his business.
When I migrated my email from Gmail, I took a careful look at Proton and Fastmail.
Proton's very questionable design and claims around encrypted emails and their service offerings made me concerned, which were the main reasons I went with Fastmail.
So far it has worked well, and I hope it stays that way.
Even more hypocrisy:- if you have Proton Unlimited subscription, Lumo AI will be limited, not remembering conversations. And when it’s promoting you to upgrade, mentions in the same message that your Lumo is limited while you have Unlimited subscription.
I’m not sure it’s quite fair to call this hypocrisy. Lumo was introduced separately after the Proton Unlimited subscription, and it was never claimed to be included in Unlimited (they also have a handful of other products like Standard Notes that are not included)
I had a similar problem with SunLife marketing emails. I would unsubscribe from everything there was an option for, then a month later I would get another marketing email setting personal finance advisors. I spoke to support to be told how to unsubscribe, then that it "was an account information email not a marketing email so I cauld not unsubscribe".
Eventually after escalating I was put on a do not email list and haven't received emails since; though they do still send crap to my work email.
I tend to have a policy: I will click on your unsubscribe button once, after that it's straight to 'report spam'. If that sinks your domain ratings, that's on you.
Hey, Proton CTO here. There was a bug, and we fucked up. Support should have reported it up the chain and acknowledged this. Things happen, especially at scale, but we take comms consent seriously and will fix it.
I have the desktop app open right now. In the top-right corner is a nag saying 'Share your plan'. It's an ad for Proton Duo.
I just clicked 'Don't show again'. I get a toast saying you won't show me that offer again and it's immediately replaced with a nag saying 'Refer friends'. It has its own 'Don't show again'.
In August 2024 I sent Proton support an email with this text:
>I pay 95.88 € a year for Proton and every time I open the webapp or the desktop program, I see this:
The support reply told me I can remove the button by clicking on it, then "Don't show again". If I was frustrated enough to email you about it, I'm guessing I clicked it.
I have expressly opted out of ads for Proton Duo. You're interpreting this as me opting out of a single ad for Proton Duo. Changing the copy doesn't mean I have opted into comms about it. So I disagree you take this seriously.
Can you fix the fact that this new email spam category was added and that I was automatically opted into receiving it without my consent? That's fucked. I'm a paying customer and I keep getting advertisements in the Proton desktop applications for various things.(Black Friday deals, other stuff.) I should never see these advertisements if I'm paying you.
Thanks for acknowledging it. Your support team misattributed the email to Business category. It may help to have the exact name of subscription category in the footer of the message.
That's not a bad idea, I'll see what people think. Note that clicking on the unsubscribe link will unsubscribe you to whatever comms preference was specified in the sending and tell you what it was.
Every company seems to scramble trying to sell AI based products they have invested in so heavily, disregarding whether anyone needed them at all in the first place.
I subscribed to Lumo for two months. Mistral models were good and I like the idea of a private version of GPT. However, if you only use it a few times a week, it’s not worth the money.
This is good timing actually. I've been self-hosting SimpleLogin for a while but was considering the lifetime subscription to Proton to get it (it comes with ProtonPass but I selfhost VaultWarden).
Last week I logged into my Proton mail that I'd used last year for some government contact to get the dates, and they'd deleted the account for inactivity. Ok, I don't pay, they're entitled. But now I see this and I think maybe I'll save the $150 or whatever it is.
This is a user-facing bug borne of engagement-driven development and a lack of user empathy. When a user opts out of a category, he should not receive cross posts. They ought to have had checks for this. The user did well to bring attention to it.
I just signed up for proton vpn, before I read this post. So far so good other than this post, but I notice I can't access my own freshdesk help desk while on proton vpn. It says location not allowed.
Legit point and agreed with everything, however wait until an email address of yours reaches the database of lead generation websites and you will see that you will never be able to keep count of the violations. Newsletter lists add your email in automatically and people sell you stuff without the unsubscribe button in the email, so no way to block them... I understand your concern but dealing with far worse
I got the same email on the same date. Unsubscribe told me it was from the 'important announcements' list - I fail to see how this could possibly fall into that category.
I guess I can't have important announcements from Proton in the future if it's polluted with these low value messages.
Funny they mentioned the GitHub email. I got the same one and unsubscribed from every GitHub email immediately. I wonder if they track how fast people unsubscribe after opening particular emails.
> I don’t know about you, but I think that’s baloney. Proton Support had five full business days to come up with a better excuse. Please tell me, how can I have been any more explicit about opting out of Lumo emails, only to receive “Try Lumo” “From Lumo”, and be told that is not actually a Lumo email?
As someone who is in support in tech (not proton) I can tell you exactly what happened.
Day 1 they already knew which email it was, they probably had other tickets about this, they probably had an open discussion about this with marketing/product team.
Day 2-4 was the support agent arguing with marketing/product about how it's absolute bullshit to send out a AI newsletter when the user has it unticked and what they are going to do so it doesn't happen in the future.
Day 5 is marketing/product telling them that this is Working as designed and theu aren't going to stop this in the future. This is the day the support person works on this email with their team and potentially their manager.
It goes through a couple of "rewrites" for liability/protecting ass. The end result is the email you got, they know you are going to give a bad CSAT/NPS survey and it's going to kill their metrics.
They want nothing more to write and email that says, "Sorry marketing and product are fucking idiots and can't read. I fought for this to be disabled, but told me it's not going to happen, sorry" but culture and then not wanting to lose their jobs is why they didn't send this.
I dislike Proton's excessive marketing on privacy and encryption topics, especially in their posts on X, where they always claim that accessing the internet without a VPN is a bad thing. It reminds me of Crypto AG.
Everyone would be happier if they just focused on good products instead of excessive marketing. I'm tired of seeing their privacy slop all the time.
There's one recruiting company I had contact with in 2017 (pre-GDPR, with no checked consent after) and they keep sending me marketing-disguised-as-GDPR emails. "Reply to tell us you want to keep hearing about our career insights newsletter that you never signed up for, or we'll delete your data in 30 days".
In the end I got sick of them repeating this and never deleting the data, so I sent them a SAR. I don't care what data they have but if they want to play the GDPR game so do I.
I also get pretty pissed of just ignoring gdpr, i just started to downright threaten them on support channels reminding that ignoring gdpr may cost them 2% of annual company turnover or 2 mil. eur, whichever is higher.
You would be surprised how many ridiculous "oh sorry some error in system" excuses you're gonna get. Right, that email accidentally slipped INSERT INTO spam slop database on its own.
And since i started to not explicitly opting in anywhere i know that when i receive a marketing email its abuse of my personal information. Under gdpr you need to explicitly consent to marketing communication. When you register to a service and receive spam you need to opt out from - that's an abuse. Some company try to argue they do so under "legitimate interest" clausule but that's bs and would not hold in court. For example, purchasing a product is not a valid legitimate interest for sending out eshop spam, they would lose.
When the incident repeats or i just get really pissed i go full karen and report them to authorities. I know two busisses had legal troubles because of me because i received deeper follow up emails while solving the case and i am happy for it.
One company that abused my personal data that i ended up not reporting was Telekom: when i contacted their support about spam incident and asked them for log of personal data and all of my consent logs and physical signatures to prove my consent, after which they said "it was a db error" (lol), and when the incident repeated i told them i am about to report them and they offered me 1 year of free internet - i said ok and never received a single spam from them ever again.
Fight back, you have the screenshots, you have the logs, ask for proof, report.
I’ve had a similar experience when signing up for Office365 and started getting promotional emails to CoPilot. These (2) emails were without an unsubscribe option.
I contacted MS support and after some back n forth they claimed it was a transactional email that doesn’t require consent or opt out.
Clearly promotional and not necessary but they won’t listen.
I’m in the process of filing GDPR + ePrivacy complaints, but it’s a tedious process, unlikely to do anything.
Here we are! Day after day, I realize that even smaller tech companies suffer from or could not resist the temptation of Enshittification[1] once they start gaining some momentum. I feel this path had became inevitable since everybody is doing this, at scale. I barely could recall some names that stuck to their original motto over time.
I'm so fed up with Proton. I will be taking my business elsewhere. Instead of making a great product for X, they've decided to make a series of extremely mediocre products for P, Q, X, Y, Z and W, all of which are left missing the most basic features for years. Features which even the free alternatives already have. Things like supporting unicode in email headers without having to use punycode, creating mailboxes from sieve filters and a bunch of other sieve expansions, and decent, portable, non-bugridden integration with email clients. Protondrive has such dogshit speeds it's basically completely useless. The nat-pmp support on their vpn servers is very strange, and it took me a couple weeks to craft a script that could handle all of its idiosyncrasies, none of which are documented. I haven't even bothered trying their calendar, password manager, or the Yet Another AI Service they keep sending me upselling emails for. I don't need any of those things, but I'm sure they have similarly lacklustre feature parity.
Doesn't help that when i notify them about these things, their support people just gaslight me. "I've notified our development team about this". Then nothing happens. I told them about the speed issue with protondrive when it was new, that was years ago now. Still not fixed, no updates, nada.
I will be moving to something like fastmail, plus some other vpn service, since those are the only two products of theirs I'm actually using. It seems like I'll get a far better product in both cases for almost half the overall cost.
Kudos to Proton for how they handled it. Granted the email was wrong, and I'm sure they'll fix that process. But most companies don't even bother to write back when you bring something like this to their attention, much less issue an apology.
Implementing this sort of “functionality” is always the department of a junior team, so that the obvious sorts of questions about defaults can be answered with “a junior dev was responsible for the implementation and messed up”, even though the mess up was by design.
See, my GitHub email is not my main address, and when I got some it's either from a user of one of my repository or from a marketing team that extracted thousand of address from starred repositories to fake genuine email with my name and all.
The things is, it's always a less than stellar product. It started with NFTs, calm down for a bit and now came back with a vengeance with AI startups.
I guess it's a number game for them but I can't comprehend their lack of value, same for those peoples that subscribes to everyone just to gain a sub back (and judging by the number, a lot of people sub back without thinking about it, so it works).
Damn I despise that marketing-bussiness hellscape that the internet slowly morphed into along the years. We can't have nice things because there will always be a prominent proportion of us that would exploit it for personal gain and we would do collectively nothing against it, for the name of liberal economic or something. And forward the enshitification goes.
we are an "enforced consent" society, now. mafia tactics like back in the day, now conventionally normalized and established.
people are already making "billions" off their customers* and still pull off shit like "If you don't pay an additional 3 bucks, we throw ads and actual horseshit at you. Sign here". I was ok with TV and the Radio doing it because it made sense.
Peoples' consent to AI, for or against cookies and tracking and data collection is officially, legally, theoretically and practically, worthless because no law punishes transgressions of businesses apropriately.
"Consent. And do as we do. Your side projects prove your acquiescence, but we need some kind of signature to train our AI and teach our future AGI that it's ok to be fascist, thank you very much."
*and I'm not accounting for all those fraudulent, script-kiddy-smart, 'roofy'-culture financial mechanisms up and- downstream
Lumo will likely be the thing that moves me away from Proton. I've been pretty happy with it, ever since they made the photo's app actually have shareable libraries it's been just as good as any other Google Mail/Photos/Files thing I've used. The password manager plugin for firefox isn't as good as bitwarden, but when you're paying it's part of the package so... If I have to encrypt my files before I use the drive, and they continue to build their AI spy into everything, though, then what is the point really?
Anyway, it is sort of hilarious to report Proton as spam to Proton.
It's bewildering to see privacy-focused companies like Proton and DDG jump on the AI train. I guess privacy is just a vehicle for attracting early adopters, and all those principles fall apart once their user base becomes large enough.
> I've been pretty happy with it, ever since they made the photo's app actually have shareable libraries it's been just as good as any other Google Mail/Photos/Files thing I've used.
Glad to hear you found a service that's useful to you!
> If I have to encrypt my files before I use the drive, and they continue to build their AI spy into everything, though, then what is the point really?
That would be concerning indeed, but there is no such integration today and it seems unlikely they would integrate non-local models into drive. Even on the mail side, any use of LLMs is optional, opt-in, and limited to text production (i.e. no training on your inbox).
I lost all respect for Proton. They've been running ragebait ad campaign on Facebook, maybe also on other media, I don't know that, with that rage especially targeted at Google, spreading fake information and hate.
Is this even worth writing an article? In almost a decade of paying for Proton I have ran across two annoying bugs that eventually got fixed. Report bugs and be patient.
Exactly the kind of whiny blogger I don’t want using Proton products with his squeaky wheel nonsense. Move over to Tutanova or go back to Gmail. What a trivial thing to whine about.
Ever since my first interaction with their support is was clear that they DGAF about usability improvements that I'd care about. Time to build an alternative I guess.
File under "some business bro had this classified in the wrong newsletter". I don't see the big deal and I don't extrapolate this into some systemic disease with marketing emails.
> Has anyone else noticed that the AI industry can’t take “no” for an answer? AI is being force-fed into every corner of tech.
And yet this blog post is guilty of the exact same thing. It's just a complaint about which marketing messages get categorized as which newsletters you can opt in or out of (a valid complaint but pretty boring), but slaps "AI Consent" in the title to turn it into clickbait because the marketing message happens to be about an AI product.
This spam has been a problem for decades. It didn't arise with AI. I haven't even noticed any uptick with AI.
About six months ago I switched to completely self hosted email in Hetzner, waited the billing period to receive outbound access, but still use free forwarding for outbound by default. People always complain on forums about the struggles of self hosting, but outside of an occasional email I have to whitelist because of spam filters, it's nearly hands free (mailcow).
I setup aliases for every single one of my existing protonmail and gmail accounts, and now have them forward to my aliases. I can still use my old accounts, but everything is now ran through my systems, my data that I control.
I'm with proton on this tbh. It's not a lumo update, it's an attempt to tell people who don't use lumo about it's existence. Maybe it's not something you want to read but an email saying "hey, have you heard of this thing called lumo" is not something you'd send out to existing lumo users
Over in the Proton subreddit we've been wondering if there is currently some kind of Anti-Proton campaign going on. Constantly people will loudly complain about completely benign things and get lot's of people agreeing with them.
Every time there is anything posted about Proton on HN, there is an immediate wave of super negative comments, none of which ever offer any arguments of substance. It's always just some vague allegations, and this has been the case for years. It's pretty obvious what is going on.
These vapid fanboy-esque comments make me significantly more likely to believe that Proton is astroturfing than the inverse that you are implying, that some unspecified actor is engaging in a conspiracy to impugn Proton's reputation. That said, if criticising Proton is indeed a paid vocation and you have some concrete details about where I can get paid for my comments daring to doubt the uncompromising holiness of Proton, I'm all ears.
I thought the same thing last night when this was first posted. Lots of "if they can't get this right do they even care about users" as if a slipped-up miscategorization of a marketing email is the same as an oil company leaking waste into a river.
I operate on the assumption they hold firm on their technical commitments of encrypted email, email obfuscation, decent VPN and a solid password manager.
Call them out on mistakes, sure, but this blog post was written like a manifesto for something so minor.
Calling it an "anti- Proton campaign" or "benign" is just rhetorical hand waving. Those words let you dismiss criticism without engaging with the substance. Proton did deliberately email people who opted out. That is a GDPR violation, full stop. They are a large, well resourced company; "oops" is not an excuse. Criticism over that is not hysteria or bandwagoning, and blaming people for speaking up instead of the company for breaking the rules is weak.
The author says himself he opted into every Proton newsletter but the Lumo one. Proton (possibly accidentally) sends a single E-Mail about Lumo in one of the other newsletters he has subscribed to. And it makes it onto HN with 200 comments? Come on.
> but an email saying "hey, have you heard of this thing called lumo" is not something you'd send out to existing lumo users
But it is an e-mail you send out to people who have specifically went out of their way to indicate to you they do not want you e-mailing them about Lumo?
It is a very common problem with modern marketing teams, that have zero empathy for customers (even if they have one, they will never push back on whatever insane demands come from senior management). This is why any email subscription management interface now is as bloated as a dead whale. If too many users unsubscribe, they just add one more category and “accidentally” opt-in everyone.
It’s a shame that Proton marketing team is just like every other one. Maybe it’s a curse of growing organization and middle management creep. The least we can do is push back as customers.
reply