NotesnookJul 26, 2025

Just to make things clear, Lumo doesn't use homomorphic encryption so technically the privacy guarantees are still based on "trust" just like any other AI. Yes, the e2e encrypted chat storage and everything else is cool but that's not what an AI chatbot is for actually, is it?

To simplify:

- User opens Lumo
- Lumo sends a public key
- User writes a prompt, encrypts it with the public key, sends it to Lumo
- Lumo takes the prompt, decrypts it using the private key, and viola! There's your…

RiDOUJul 27, 2025
Show threadNotesnook

prompt. In plain text. So not really confidential.
- The response is similarly encrypted using your public key etc. etc.

The point is: Lumo is 0% more private than, say, ChatGPT aside from the fact it's made by a privacy-first company.

Jul 26, 2025 at 5:01pmWeb
Show threadRiDOUJul 27, 2025

@notesnook it’s the same as for protonmail, they say it’s encrypted but the e mails are still sent plaintext.

They claim to only keep it in volatile memory for a little while and encrypt it with your public key then so it’s « never stored in unencrypted form », but it is impossible to verify this.

Show threadRiDOUJul 27, 2025
@notesnook Plus they claim to not log your IPs and when they got caught giving IP address to law enforcement they said « we don’t log ip address by default but we have to do it if law enforcement asks us », so I assume they would do the same for plaintext emails and for plaintext lumo prompts.
Show threadRiDOUJul 27, 2025
@notesnook also, I don’t see the point of encrypting plaintext prompt with a key they have access to on top of using TLS, that’s the exact same thing. I am a proton subscriber btw but they often take people for idiots