cross-posted from: https://lemmy.dbzer0.com/post/50693956

Transcript

A post by [object Object] (@zzt@mas.to) saying: courtesy of @davidgerard@circumstances.run, Proton is now the only privacy vendor I know of that vibe codes its apps: In the single most damning thing I can say about Proton in 2025, the Proton GitHub repository has a “cursorrules” file. They’re vibe-coding their public systems. Much secure! I am once again begging anyone who will listen to get off of Proton as soon as reasonably possible, and to avoid their new (terrible) apps in any case. https://circumstances.run/@davidgerard/114961415946154957

It has a reply by the author saying: in an unsurprising update for those familiar with how Proton operates, they silently rewrote their monorepo’s history to purge .cursor and hide that they were vibe coding: https://github.com/ProtonMail/WebClients/tree/2a5e2ad4db0c84f39050bf2353c944a96d38e07f

given the utter lack of communication from Proton on this, I can only guess they’ve extracted .cursor into an external repository and continue to use it out of sight of the public

  • x1gma@lemmy.world
    7813·
    9 months ago

    Just because they are using Cursor, it doesn’t mean that they are vibe coding. Anyone grabbing their pitchforks for that and screaming “they are vibecoding” only shows their own incompetence.

    If they would be vibecoding, their whole software would’ve gone to shit long ago.

    Just because some random people without an engineering background are using vibecoding to push their broken slop, it doesn’t mean that any kind of AI assisted coding is bad.

        • deaddigger@sh.itjust.works
          31·
          9 months ago

          So when they do code reviews and a complete file sliped through what does that say about the quality of their reviews? Either they didnt want this file in there, then their qa is shit or theydid want that file in their, then they are vibe coding to an extend

          • x1gma@lemmy.world
            21·
            9 months ago

            Youre jumping to conclusions. Bigger companies missed bigger problems in their reviews and QA. Why should they be wanting their cursorrules in there, and what kind of mental gymnastics is it to conclude that they are vibecoding based on that. You don’t need it committed, you don’t even need it to be in the project directory.

  • Luci@lemmy.caEnglish
    4113·
    9 months ago

    You should jump into the other threads about this before you take out your pitchforks. They’re using cursor, it doesn’t prove they are vibe coding. Visual Studio also has AI features, that doesn’t mean you are vibe coding.

  • BombOmOm@lemmy.worldEnglish
    296·
    9 months ago

    Visual Studio and VS Code have an AI assistant as well, yet we don’t decree all programs written with them as ‘vibe coding’. The presence of an AI assistant in the IDE isn’t evidence of vibe coding.

    Proton’s repo here is open source. What portion of it presents issues? Any?

    • Uninvited Guest@lemmy.ca
      5·
      9 months ago

      Non programmer here: This is the first time I’ve seen a cursor file but I genuinely like how it reads. It’s like a business analyst wrote a coding requirements doc. I’d be thrilled if my staff asked 4-6 thoughtful questions when given a goal with an open ended approach.

      For which LLM are cursor files used?

      • NotMyOldRedditName@lemmy.world
        2·
        9 months ago

        Cursor is just an IDE (integrated development environment), you can set it up to use all sorts of LLMs either directly through Cursor, or with your own API keys for the sources.

        This file content just goes into the initial context to help the LLM act how you want.

  • plm00@lemmy.ml
    142·
    9 months ago

    Plug for Tuta. 🤷‍♂️ The user experience isn’t the best, but it’s as secure as it gets. Small team, no vibe coding.

  • PrivacyDingus@lemmy.ml
    188·
    9 months ago

    Using Cursor =/= “Vibe Coding” people need to really stop with getting jumpy about everything in such a way.

  • ExcessShiv@lemmy.dbzer0.com
    91·
    9 months ago

    What’s a good alternative VPN provider in EU, not based in Italy? Mullvad is not an option, port forwarding is an absolute requirement.

    Also, is there anything out there that ties password/account management and temp emails together as well as proton pass?

  • HappyFrog@lemmy.blahaj.zone
    113·
    9 months ago

    I can believe that someone at proton vibecodes, and that their files got ob to the tree, but saying that proton as a whole does it is strange.

  • flandish@lemmy.world
    41·
    9 months ago

    what is a cursorfile? I’ve hit things like gpt when devdocs.io isn’t getting me what I want because lots of search engine things like “explain the google maps api” are becoming like searching for a dinner recipe; they contain 300 paragraphs of life story. When I just want to actually RTFM and shit’s hard to find. I don’t copy/paste code into projects just try to find better manuals.

  • acute_kernel_panic@lemmygrad.ml
    2·
    9 months ago

    It might have been that some employee just tried out cursor and accidentally added it to the repo. That is true.

    However the complete lack of communication suggests otherwise. And depending on your threat level you should always assume worst.

    As for the use of ai in general, in my opinion there are occasional places where ai can be used without compromising security.

    So depending on your threat level this can actually ne a big deal.