Science the Hell Out of This! Podcast
If you pay attention to the buzz around AI, you may have read news articles about people using AI Chatbots as their psychiatrist, doctor, lawyer, and even as their boyfriend. However, most of these people probably don’t realize that all their questions, discussions, feelings, opinions, and personal details that they share with these large language models aren’t secret. The information is available to these high-tech companies, AND can be made available if subpoenaed to the government or other parties. OpenAI’s CEO, Sam Altman, confirmed this in a podcast (Perez, 2025). Sam Altman believes that laws need to be changed so that such information cannot be subpoenaed or should be restricted. However, I see this as another excuse by these high-tech company leaders to shift the responsibility to the government. The correct solution, in my opinion, is to create an LLM that is designed with privacy in mind. Altman may want to conveniently pass the burden to the government while continuing to profit from our data. Enter Lumo. Thanks for reading Science the Hell Out of This!! Subscribe for free to receive new posts and support my work. Lumo - The Privacy First Large Language Model More intelligent people than I realized this problem far earlier than it occurred to me. The privacy-first company Proton has developed a new LLM named Lumo. They claim that Lumo: * stores no logs, * all conversations with the LLM are stored using battle-tested zero-access encryption (which is just a fancy way of saying nobody but you can decrypt and read the text, not even Proton), * does not share any data with third-party vendors, advertisers (Proton makes money from their subscriptions), or government agencies, * user data is not used to train their AI model * is open-source, and therefore, the entire code base can be inspected by anyone. Why trust Proton? You can’t. For one thing, even though they claim to be open-source, I can’t find Lumo’s source code online. Proton does share their source code for their other applications, and I read online that they release their code after a bit of a delay, but until they do so, it remains locked code. So, let’s instead discuss their architecture. How are they keeping our conversation with the LLM secure? You, the user, signs in to Lumo using your Proton login. Once logged in, Lumo creates a unique key, which I will refer to as the request key. This request key is stored in your browser, either as a cookie, local storage, session storage, or similar mechanism. This key is used to encrypt your prompts as well as the AI’s responses. To ensure privacy, Proton/Lumo must send the entire conversation (i.e., the back and forth you have with the LLM) to Proton’s servers, ensuring that Proton never stores any of your discussion. LLMs that don’t promise privacy send the latest change and store the rest on their servers. Before sending the conversation to the proton backend, Lumo encrypts the conversation using your unique request key. The encryption mechanism they use is Advanced Encryption Standard (AES), which is a symmetric block cipher used for encrypting data. By symmetric, I mean that a single key is used for both encrypting and decrypting the data. Next, your web client needs to send this AES-encrypted data to the Proton backend server. But now, there is a problem. Proton needs to decrypt the AES-encrypted data, but it lacks access to the request key generated in your browser. Another encryption mechanism resolves this. Lumo Public Key is part of a public-private key cryptography mechanism that Proton uses to communicate between the client and the server backend. The public key is a static key common to all users. Only someone who has the private key can decrypt the data, and only the Proton backend has the private key. Lumo encrypts your request key using the public key, which I will call pked (public-key-encrypted-data), and sends this off to the backend. With the request key available, Proton servers can decrypt the AES-encrypted data at any time. Thus, public-private key encryption is a secure way to transmit the symmetric request key to the server, solving the “key exchange” problem. Lumo’s core AI server retrieves the request key by decrypting pked using the Lumo private key. With the request key on hand, the AES-encrypted data can be decrypted. The plain text is read in its entirety. Wait, if your entire conversation is available decrypted to the LLM, isn’t this a problem? Proton claims the private key is only accessible to Lumo's core AI servers. They claim it is not available to the rest of the backend system that Proton uses for other services, a claim we cannot verify until the source code is public. Proton also says that the data is decrypted at the AI server level and is fed to the LLM and never stored. Therefore, there is no privacy risk. The LLM takes the plain text, creates a response, and appends it to the plain text. It then encrypts this response text using AES encryption again. There is no need to use public-private-key cryptography since the user-side client already has the request key. Once the AES-response text is received on the client end, it is decrypted. Conclusion That is how the privacy-first LLM works. Some things can’t be trusted until Proton makes the source code publicly available. While their claim of open-source before releasing the code publicly is a dubious tactic that I cannot endorse, it appears they do eventually release it for public investigation. As for the fact that the data is decrypted at the AI server level, and could be a privacy risk, this IS a concern, but if it is merely fed to the LLM and not stored, the information is secure. Once the source code is made public, curious researchers can audit the code and confirm the truth. While the technical aspects of the Lumo LLM are exciting for the nerds, the key point that I would like the reader to take away from this article is the importance of securing private data. We need more privacy-first products and services. We should have control over our data lest someone malicious uses it for inappropriate ends. References: Perez, S. (2025, July 25). Sam Altman warns there’s no legal confidentiality when using ChatGPT as a therapist | TechCrunch. TechCrunch. https://techcrunch.com/2025/07/25/sam-altman-warns-theres-no-legal-confidentiality-when-using-chatgpt-as-a-therapist/ Lumo security model: How Proton makes AI private | Proton. (2025, August 4). Proton. https://proton.me/blog/lumo-security-model This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit krishna31254.substack.com [https://krishna31254.substack.com?utm_medium=podcast&utm_campaign=CTA_1]
3 episodios
Comentarios
0Sé la primera persona en comentar
¡Regístrate ahora y únete a la comunidad de Science the Hell Out of This! Podcast!