Proton Spam and the AI Consent Problem

I think we must make it clear that this is not related to AI at all, even if the product in question is AI-related.

It is a very common problem with modern marketing teams, that have zero empathy for customers (even if they have one, they will never push back on whatever insane demands come from senior management). This is why any email subscription management interface now is as bloated as a dead whale. If too many users unsubscribe, they just add one more category and “accidentally” opt-in everyone.

It’s a shame that Proton marketing team is just like every other one. Maybe it’s a curse of growing organization and middle management creep. The least we can do is push back as customers.

> Has anyone else noticed that the AI industry can’t take “no” for an answer? AI is being force-fed into every corner of tech. It’s unfathomable to them that some of us aren’t interested. The entire AI industry is built upon a common principle of non-consent.

I can't help but see the spam as more circumstantial evidence of a bubble, where top-down "pump those numbers" priorities overrides regular process.

I saw a Mastodon tweet a while ago, which went something like:

Do tech companies understand consent?:

- [ ] Yes

- [ ] Ask me again in a few days

This problem, along with general annoyances at Proton’s lack of focus on a good email experience pushed me over the edge to move to Fastmail. I’m so much happier. Proton Mail Bridge would often pin one core of my laptop CPU, draining my battery, and it was still slow to sync new email. With Fastmail, incoming mail is so fast that the verification codes are already there before I can alt tab over.

I have a Proton mailbox I specifically keep around to serve as a honeypot, for tracking when one of the many annoying little services will inevitably mishandle the contact address I hand them.

Over the years, the only spam I ever received there was from Proton. Quite the way to recalibrate my expectations, eh?

This is not an AI problem, it's an "data privacy + lack of consequences problem". It happens everywhere. I mean, have you ever tried making an airline company to stop sending their shitty miles newsletters?

Only way to stop is to start fining these companies.

This isn't an AI issue. Marketing departments have been like this forever, or at least since the infamous Canter & Siegel 'Green Card' email.

https://en.wikipedia.org/wiki/Laurence_Canter_and_Martha_Sie...

I only use Proton for the spam or temporary low value (and free) email accounts. Proton also tries to do everything, which I don't like. If I did I'd use Google.

The thing I pay for is Tuta. The cheapest tier is way more generous than Proton and the product is simpler.

Trust is maybe the most valuable commodity for a VPN provider… And I have the feeling Proton is gambling it away.

It made me move to Mullvad.

Despite the fact that in terms of performance Proton is slightly better. (underscoring just *how* crucial ‘trust’ is)

I have often found proton’s intrusive marketing campaigns annoying.

I use them for email and that’s all I want. Every time they market some new product to me, I get closer to moving to a new provider.

I canceled my subscription, and deleted my account due to the nagging and promotional annoyances.

I've contacted the support, but they basically don't care.

There are not multiple ways to fight back against this behavior. I am now with mailfence until they start the same circus.

I had a similar issue with Microsoft today. They obviously invented a new "Copilot Newsletter" and subscribed my address to it, without my consent.

I wonder what the legislation says (I'm in Germany). I know that some business related mails are deemed legal, but this seems to clearly cross the line.

Proton should pay that guy for his rage post. First time I’ve heard about Lumo, will certainly try it out!

When I migrated my email from Gmail, I took a careful look at Proton and Fastmail.

Proton's very questionable design and claims around encrypted emails and their service offerings made me concerned, which were the main reasons I went with Fastmail.

So far it has worked well, and I hope it stays that way.

Odd, I didn't even know Proton had an AI feature until I read this article. Didn't get an email or tooltip while using the app. Didn't previously explicitly opt-out either, and when I check my notification settings, Lumo product updates is set to disabled.

Maybe someone's feature gate isn't working as intended?

I did get the Github Copilot spam email today though.

> Proton for Business newsletter

AFAIK you are legally allowed to spam businesses, but not individuals. A handy get-out clause for marketeers.

I'm so fed up with Proton. I will be taking my business elsewhere. Instead of making a great product for X, they've decided to make a series of extremely mediocre products for P, Q, X, Y, Z and W, all of which are left missing the most basic features for years. Features which even the free alternatives already have. Things like supporting unicode in email headers without having to use punycode, creating mailboxes from sieve filters and a bunch of other sieve expansions, and decent, portable, non-bugridden integration with email clients. Protondrive has such dogshit speeds it's basically completely useless. The nat-pmp support on their vpn servers is very strange, and it took me a couple weeks to craft a script that could handle all of its idiosyncrasies, none of which are documented. I haven't even bothered trying their calendar, password manager, or the Yet Another AI Service they keep sending me upselling emails for. I don't need any of those things, but I'm sure they have similarly lacklustre feature parity.

Doesn't help that when i notify them about these things, their support people just gaslight me. "I've notified our development team about this". Then nothing happens. I told them about the speed issue with protondrive when it was new, that was years ago now. Still not fixed, no updates, nada.

I will be moving to something like fastmail, plus some other vpn service, since those are the only two products of theirs I'm actually using. It seems like I'll get a far better product in both cases for almost half the overall cost.

The 'not technically a Lumo email' dodge is the real story here. When you create a product category specifically to bypass user preferences, the opt-out mechanism becomes performance rather than policy. This isn't unique to Proton or AI - it's the inevitable result of conflicting incentives. Marketing teams are measured on engagement, not consent satisfaction.

Great timing: I just received a Copilot spam email from GitHub. I don't remember opting in to such marketing communications, instead I generally opt-out from such communications as soon as I sign up to a service...

This is good timing actually. I've been self-hosting SimpleLogin for a while but was considering the lifetime subscription to Proton to get it (it comes with ProtonPass but I selfhost VaultWarden).

Last week I logged into my Proton mail that I'd used last year for some government contact to get the dates, and they'd deleted the account for inactivity. Ok, I don't pay, they're entitled. But now I see this and I think maybe I'll save the $150 or whatever it is.

I've been using Fastmail for years now, and I'm completely satisfied. Custom domain + built-in masked email functionality works great.

Legit point and agreed with everything, however wait until an email address of yours reaches the database of lead generation websites and you will see that you will never be able to keep count of the violations. Newsletter lists add your email in automatically and people sell you stuff without the unsubscribe button in the email, so no way to block them... I understand your concern but dealing with far worse

Funnily, Proton was supposed to be the anti-Google, wasn't it? Maybe some of "Proton's not in the US, so not subject to scary NSA warrant canaries"

Except... Gmail has handled spam pretty well? And at least if you do get Spam they actually tell you: https://news.ycombinator.com/item?id=6090712

I got the same email on the same date. Unsubscribe told me it was from the 'important announcements' list - I fail to see how this could possibly fall into that category.

I guess I can't have important announcements from Proton in the future if it's polluted with these low value messages.

Every company seems to scramble trying to sell AI based products they have invested in so heavily, disregarding whether anyone needed them at all in the first place.

This AI thing is going to implode so hard.

Hey, Proton CTO here. There was a bug, and we fucked up. Support should have reported it up the chain and acknowledged this. Things happen, especially at scale, but we take comms consent seriously and will fix it.

Even more hypocrisy:- if you have Proton Unlimited subscription, Lumo AI will be limited, not remembering conversations. And when it’s promoting you to upgrade, mentions in the same message that your Lumo is limited while you have Unlimited subscription.

Lumo is not end to end encrypted. The model is in some kind HSM? Are those trusted?

If they are, I see some people might be interested.

I also received the email from github about AI that the author mentioned. No matter what you do, they will keep pushing the AI slop onto you.

For me, these kinds of emails especially stick out, because I like to keep my proton inbox clean and unsubscribe from everything I can.

> I don’t know about you, but I think that’s baloney. Proton Support had five full business days to come up with a better excuse. Please tell me, how can I have been any more explicit about opting out of Lumo emails, only to receive “Try Lumo” “From Lumo”, and be told that is not actually a Lumo email?

As someone who is in support in tech (not proton) I can tell you exactly what happened.

Day 1 they already knew which email it was, they probably had other tickets about this, they probably had an open discussion about this with marketing/product team.

Day 2-4 was the support agent arguing with marketing/product about how it's absolute bullshit to send out a AI newsletter when the user has it unticked and what they are going to do so it doesn't happen in the future.

Day 5 is marketing/product telling them that this is Working as designed and theu aren't going to stop this in the future. This is the day the support person works on this email with their team and potentially their manager.

It goes through a couple of "rewrites" for liability/protecting ass. The end result is the email you got, they know you are going to give a bad CSAT/NPS survey and it's going to kill their metrics.

They want nothing more to write and email that says, "Sorry marketing and product are fucking idiots and can't read. I fought for this to be disabled, but told me it's not going to happen, sorry" but culture and then not wanting to lose their jobs is why they didn't send this.

I really hope you didn't give them a bad survey.

This make me think of the GitHub spamming issue.

See, my GitHub email is not my main address, and when I got some it's either from a user of one of my repository or from a marketing team that extracted thousand of address from starred repositories to fake genuine email with my name and all.

The things is, it's always a less than stellar product. It started with NFTs, calm down for a bit and now came back with a vengeance with AI startups.

I guess it's a number game for them but I can't comprehend their lack of value, same for those peoples that subscribes to everyone just to gain a sub back (and judging by the number, a lot of people sub back without thinking about it, so it works).

Damn I despise that marketing-bussiness hellscape that the internet slowly morphed into along the years. We can't have nice things because there will always be a prominent proportion of us that would exploit it for personal gain and we would do collectively nothing against it, for the name of liberal economic or something. And forward the enshitification goes.

I dislike Proton's excessive marketing on privacy and encryption topics, especially in their posts on X, where they always claim that accessing the internet without a VPN is a bad thing. It reminds me of Crypto AG.

Everyone would be happier if they just focused on good products instead of excessive marketing. I'm tired of seeing their privacy slop all the time.

Implementing this sort of “functionality” is always the department of a junior team, so that the obvious sorts of questions about defaults can be answered with “a junior dev was responsible for the implementation and messed up”, even though the mess up was by design.

Here we are! Day after day, I realize that even smaller tech companies suffer from or could not resist the temptation of Enshittification[1] once they start gaining some momentum. I feel this path had became inevitable since everybody is doing this, at scale. I barely could recall some names that stuck to their original motto over time.

____________________

1. https://en.wikipedia.org/wiki/Enshittification

There's one recruiting company I had contact with in 2017 (pre-GDPR, with no checked consent after) and they keep sending me marketing-disguised-as-GDPR emails. "Reply to tell us you want to keep hearing about our career insights newsletter that you never signed up for, or we'll delete your data in 30 days".

In the end I got sick of them repeating this and never deleting the data, so I sent them a SAR. I don't care what data they have but if they want to play the GDPR game so do I.

I’ve had a similar experience when signing up for Office365 and started getting promotional emails to CoPilot. These (2) emails were without an unsubscribe option.

I contacted MS support and after some back n forth they claimed it was a transactional email that doesn’t require consent or opt out.

Clearly promotional and not necessary but they won’t listen.

I’m in the process of filing GDPR + ePrivacy complaints, but it’s a tedious process, unlikely to do anything.

Lumo will likely be the thing that moves me away from Proton. I've been pretty happy with it, ever since they made the photo's app actually have shareable libraries it's been just as good as any other Google Mail/Photos/Files thing I've used. The password manager plugin for firefox isn't as good as bitwarden, but when you're paying it's part of the package so... If I have to encrypt my files before I use the drive, and they continue to build their AI spy into everything, though, then what is the point really?

Anyway, it is sort of hilarious to report Proton as spam to Proton.

I also get pretty pissed of just ignoring gdpr, i just started to downright threaten them on support channels reminding that ignoring gdpr may cost them 2% of annual company turnover or 2 mil. eur, whichever is higher.

You would be surprised how many ridiculous "oh sorry some error in system" excuses you're gonna get. Right, that email accidentally slipped INSERT INTO spam slop database on its own.

And since i started to not explicitly opting in anywhere i know that when i receive a marketing email its abuse of my personal information. Under gdpr you need to explicitly consent to marketing communication. When you register to a service and receive spam you need to opt out from - that's an abuse. Some company try to argue they do so under "legitimate interest" clausule but that's bs and would not hold in court. For example, purchasing a product is not a valid legitimate interest for sending out eshop spam, they would lose.

When the incident repeats or i just get really pissed i go full karen and report them to authorities. I know two busisses had legal troubles because of me because i received deeper follow up emails while solving the case and i am happy for it.

One company that abused my personal data that i ended up not reporting was Telekom: when i contacted their support about spam incident and asked them for log of personal data and all of my consent logs and physical signatures to prove my consent, after which they said "it was a db error" (lol), and when the incident repeated i told them i am about to report them and they offered me 1 year of free internet - i said ok and never received a single spam from them ever again.

Fight back, you have the screenshots, you have the logs, ask for proof, report.

I lost all respect for Proton. They've been running ragebait ad campaign on Facebook, maybe also on other media, I don't know that, with that rage especially targeted at Google, spreading fake information and hate.

Ever since my first interaction with their support is was clear that they DGAF about usability improvements that I'd care about. Time to build an alternative I guess.

"Never attribute to malice that which is adequately explained by stupidity" - Robert J. Hanlon

If you ever tried to setup a martech stack you konw what a PITA is to comply GDPR without any error

File under "some business bro had this classified in the wrong newsletter". I don't see the big deal and I don't extrapolate this into some systemic disease with marketing emails.

That's pretty petty, their response actually makes sense. I hope you get over it.

I'm with proton on this tbh. It's not a lumo update, it's an attempt to tell people who don't use lumo about it's existence. Maybe it's not something you want to read but an email saying "hey, have you heard of this thing called lumo" is not something you'd send out to existing lumo users