It is a very common problem with modern marketing teams, that have zero empathy for customers (even if they have one, they will never push back on whatever insane demands come from senior management). This is why any email subscription management interface now is as bloated as a dead whale. If too many users unsubscribe, they just add one more category and “accidentally” opt-in everyone.
It’s a shame that Proton marketing team is just like every other one. Maybe it’s a curse of growing organization and middle management creep. The least we can do is push back as customers.
This also tracks with every app and website injecting AI into every one of your interactions, with no way to disable it.
I think the article's point about non-consent is a very apt one, and expresses why I dislike this trend so much. I left Google Workspace, as a paying customer for years, because they injected gemini into gmail etc and I couldn't turn it off (only those on the most expensive enterprise plans could at the time I left).
To be clear I am someone that uses AI basically every day, but the non-consent is still frustrating and dehumanising. Users–even paying users–are "considered" in design these days as much as a cow is "considered" in the design of a dairy farm.
I am moving all of the software that I pay for to competitors who either do not integrate AI, or allow me to disable it if I wish.
This was a massive "white pill" for me. When the needs of emerging technology ran head first into the old established norms of ""intellectual property"" it blew straight through like a battle tank, technology didn't even bother to slow down and try to negotiate. This has alleviated much of my concern with IP laws stifling progress; when push comes to shove, progress wins easily.
For everyone else, chains.
Human beings are doing this.
The short answer is a reward function. The long answer is the alignment problem.
Of course, everything in the middle is what matters. Explicitly defined reward functions are complete, but not consistent. Data defined rewards are potentially consistent but incomplete. It's not a solvable problem form machines but equally likewise for humans. Still we practice, improve and middle through dispite this and approximate improvement hopefully, over long enough timescales.
[0] Sci-Fi Author: In my book I invented the Torment Nexus as a cautionary tale.
Tech Company: At long last, we have created the Torment Nexus from classic sci-fi novel Don't Create The Torment Nexus
Legally it is different with books (as Anthropic found out) but I would argue morally it is more similar: forum users and most authors write not for money, but because they enjoy it.
Like you're either doing this for the money or you're not, and its okay to re-evaluate that decision...but at the same time there's a whole lot of "actually I was low key trying to build a career" type energy to a lot of the complaining.
Like I switched off from Facebook aboutna years after discovering it when it increasingly became "look at my new business venture...friends". LinkedIn is at least just upfront about it and I can ignore the feed entirely (use it for job listings only).
> We have identified a bug in our system... we take communication consent very seriously
> There was a bug, and we fucked up... we take comms consent seriously
These two actors were clearly coached into the same narrative. I also absolutely don't believe them at all: some PM made the conscious decision to bypass user preferences to increase some KPI that pleases some AI-invested stakeholder.
lol. so the premium feature is the ability to turn off the AI? That's one way to monetise AI I suppose.
"Nice user experience you got there. Would be a real shame if AI got added to it."
I wonder if this varies by territory. In UK, none of the Gmail accounts I use has received this pollution
> I am moving all of the software that I pay for to competitors who either do not integrate AI, or allow me to disable it if I wish.
The latter sounds safer. The former may add "AI" tomorrow.
Eventually they backtracked and allowed (I think?) all paid customers to disable gemini, but I had already migrated to Fastmail so :shrug:
Perhaps the fact you paid got you marked as a likely gull :)
Isn't that because most of the other advancements/fads were not as widely applicable?
With earlier things there was usually only particular kinds of sites or products where they would be useful. You'd still get some people trying to put them in places they made no sense, but most of the places they made no sense stayed untouched.
With AI, if well done, it would be useful nearly everywhere. It might not be well done enough yet for some of the places people are putting it so ends up being annoying, but that's a problem of them being premature, not a problem of them wanting to put AI somewhere it makes no sense.
There have been previous advancements that were useful nearly everywhere, such as the internet or the microcomputer, but they started out with limited availability and took many years to become widely available so they were more like several smaller advancements/fads in series rather than one big one like AI.
Very often AI seems to be a solution looking for a problem.
I fundamentally disagree with this.
I never, now or in the future, want to use AI to generate or alter communication or expression primarily between me and other humans.
I do not want emails or articles summarised, I do not emails or documents written for me, I do not want my photos altered yassified. Not now, not ever.
> I never, now or in the future, want to use AI to generate or alter communication or expression primarily between me and other humans. [...] I do not want emails or articles summarised, I do not emails or documents written for me, I do not want my photos altered yassified.
That's fine, but generally the tools involved in doing those things are designed to be general purpose.
A word processor isn't just going to be used by people writing personal things for example. It will also be used by people writing documentation and reports for work. Without AI it is common for those people to ask subordinates, if they are high enough in their organization to have them, to write sections of the report or to read source material and summarize it for them.
An AI tool, if good enough to do those tasks, would be useful to those users, and so it makes sense for such tools to be added by the word processor developer.
Again, I'm not saying that the AI tools currently being added to basically everything are good enough.
The point is that
(1) a large variety of tools and products have enough users that would find built-in AI useful (even if some users won't) that it makes a lot of sense for them to include those tools (when they become good enough), and
(2) AI may be unique compared to prior advances/fads in how wide a range of things this applies to and the speed it has reached a point that companies think it has become good enough (again, not saying they have made the right judgement about whether it is good enough).
> With AI, if well done, it would be *useful nearly everywhere.*
I'm not saying it doesn't have uses.
Having said that, there are two things I never want AI to do: a) degrade or remove the need for me to express myself as a human being, b) do work I'd have to redo to prove it did it correctly.
On translation, sycophancy is a problem. I can't find it now, but there was an article I read about an LLM mistranslating papers to exclude data it thought the user wasn't interested in. So no, I wouldn't trust it for anything I cared about.
I do use AI: I'm literally reviewing some Claude generated code at the moment. But I can read that and know that it's done it right (or not, as the case often is). This is different from translation or summarisation, where I'd have to do the whole task again to prove correctness.
Totally a thing a growth hacking team would do, injecting an interface on top of a design.
I agree with gp that new spam emails that override customers' email marketing preferences is not an "AI" issue.
The problem is that once companies have your email address, their irresistible compulsion to spam you is so great that they will deliberately not honor their own "Communication Preferences" that supposedly lets customers opt out of all marketing emails.
Even companies that are mostly good citizens about obeying customers' email marketing preferences still end up making exceptions. Examples:
Amazon has a profile page to opt out of all email marketing and it works... except ... it doesn't work to stop the new Amazon Pharmacy and Amazon Health marketing emails. Those emails do not have an "Unsubscribe" link and there is no extra setting in the customer profile to prevent them.
Apple doesn't send out marketing messages and obeys their customers' marketing email preferences ... except .. when you buy a new iPhone and then they send emails about "Your new iPhone lets you try Apple TV for 3 months free!" and then more emails about "You have Apple Music for 3 months free!"
Neither of those aggressive emails have anything to do with AI. Companies just like to make exceptions to their rules to spam you. The customer's email inbox is just too valuable a target for companies to ignore.
That said, I have 3 gmail.com addresses and none of them have marketing spam emails from Google about Gemini AI showing up in the Primary inbox. Maybe it's commendable that Google is showing incredible restraint so far. (Or promoting Gemini in Chrome and web apps is enough exposure for them.)
That's because they put their alerts in the gmail web interface :-/
"Try $FOO for business" "Use drive ... blah blah blah"
All of these can be dismissed, but new ones show up regularly.
I agree and that's what I meant by Google's "web apps" having promos about Gemini.
But in terms of accessing Gmail accounts via the IMAP protocol in Mozilla Thunderbird, Apple Mail client, etc, there are no spam emails about Gemini AI. Google could easily pollute everybody's gmail inboxes with endless spam about Gemini such that all email clients with IMAP access would also see them but that doesn't seem to happen (yet). I do see 1 promo email about Youtube Premium over the last 5 years. But zero emails about Google's AI.
That's "transactional" I'm sure. It makes sense that a company is legally allowed to send transactional emails, but they all abuse it to send marketing bullshit wherever they can blur the line.
Or the Gmail spam filter is working.
This article's author complaining about Proton overriding his email preferences is from the UK. Also in this thread, more commenters from UK and Germany say companies routinely ignore the law and send unwanted spam. Companies will justify it as "oops it was a mistake", or "it's a different category and not marketing", etc.
A better example would be: imagine every single operating system and app you use adds spellcheck. They only let you spell check in American[1]. You will get spell check prompts from your Operating System, your browser, and the webapp you're in. You can turn none of them off.
[1] in this example, you speak the Queen's English, so spell color colour etc
We the users get a barrage of e-mails everyday because every marketing team is thinking we only get their mail, and it makes our lonely and cold mailbox merrier.
No, users are in constant "Tsunami warning!" mode and these teams are not helping.
But yes, you're absolutely right - "no raindrop considers itself responsible for the flood".
Dark pattern. They know you'd spot immediate abuse , so they delay until you are likely to have forgotten whether you opted in.
Aggressive spamming => Aggressive reporting.
Really? I've never got a spam from them. Hell, I just searched and I'm not really seeing anything from them after the point where I signed up.
(Incidentally, this is why mobile gaming uses so many anti-patterns, to make people keep making "just one more" tiny purchase)
Yes. This was the point.
I think maintaining ethics in large organizations is one of the main challenges of our time, now that mega corps dominate our time and attention.
This reminds me of "in order to save the environment, we are going to delete all of your recordings older than 2 years, in 2 weeks. You can't download them."
What Romney did not say is that these particular "people" tend strongly towards sociopathic behavior.
There are clear AI-specific reasons why it's being crammed down everybody's necks.
Namely: someone in management has bet the entire strategy on it. The strategy is not working and they need to juice the numbers desperately.
"AI" agents randomly delete your files
and so does OneDrive
I'm not trying to unfair to marketing - they do have an important role - I have hardly seen a company give marketing real power at an org. So the idea that this is because marketing don't push back on senior management -- is because they know they don't have the power to do this.
Yeah, many companies do that. I unsusbcribed from newline, they still keep spamming me. Funny thing is, they realised they had made a mistake and promised to remove unsubs. One week later, the spam started.
The correct solution is the spam button. Always
The correct solution is filing complaints with your country's relevant authority
I wonder who told Proton that it’s a good idea to copy big tech tactics.
But people subscribe to Proton because they want to move away from big tech. What’s the point of paying them if they get as bad.
Though for now I’ll assume that it’s a genuine mistake with things not properly escalated by customer support.
> I wonder who told Proton that it’s a good idea to copy big tech tactics.
The lure of big tech profits.
The tech industry has coasted on it's hypergrowth story for decades, a story laden with as many bubbles as actual industries that sprang up. All the good ideas are done now. All the products anyone actually needs exist, are enshittified, and are selling user data to anyone who will pay, including products that exist solely to remove your data from everyone who bought it and probably then sell it to some other people.
This shit is stupid at this point. All Silicon Valley has to do is to grow up into a mature industry with sensible business practices and sustainable models of generating revenue that in most other industries would be fantastic, and they're absolutely apoplectic about this. They are so addicted to the easy, cheap services that upended entire other industries and made them rich beyond imagining that they will literally say, out loud, with their human mouths, that it is a bad, undesirable thing to simply have a business that makes some money.
The people at the top of this industry are literally fucking deranged and should be interred at a psychiatric facility for awhile for their and everyone else's good.
The business model of any publicly traded corporation, at least in 2025, is to increase the value of its circulating stock. No more and no less. The nominal business model of the company is a cover story to make line go up. The reason why the stock price matters is because of access to capital markets: if a business wants to buy another business, they are not going to dip into the cash on hand. They are going to take out a loan, and that loan is collateralized by... the value of the business. Which is determined by the stock price.
So if you can keep the line going up, you can keep buying competitors. But if you act like a normal, mature business, you can't.
Profit as a concept is a concern for capitalism. But these businesses are not interested in capitalism, they're angling to become the new lords of a growing feudal economy. That's what "going meta" really means.
Negative sum game: Growing up is easy if it doesn't kill you. The problem with being ethical when everyone else is unethical is that you'll likely go broke.
The next issue is we're seeing, is not that Silicon Valley is ever going to improve, but the bullshit is spreading to eat up every other industry in the US. Engaging in outright fraudulent behavior is A'ok in the US (I mean we even elected a president convicted on a pile of counts of fraud).
Effectively industries cannot manage themselves, we need regulations to prevent them from being bastards. Problem, we elect bastards that cannot keep from committing fraud themselves.
It doesn't get better from here.
Those foreseen. :)
(Should have gone to Specsavers.)
Having gone through the Proton hiring process was an eye opener for me: despite its stated mission, the company isn't special when it comes to its management, it's as bad as any other.
I am developing a severe anti huge corporation bias, and I try to do business with smaller companies.
I always "report spam" ("!" key in GMail) before unsubscribing.
On Proton: I don't get the love they get here. There ethics I find questionable and their product (e.g. search) I find unusable.
It seems like this is very much about AI even though it's ultimately humans pushing AI and disregarding people's spam preferences. Right now, everything "AI" is ultimately humans (like the way humans are using/abusing the AI tools, or the human intellect behind all of the data that was used to train them and all of the knowledge they output, or the humans deciding what they'll allow their AI to be used for, or the humans failing to safeguard the users of their AI products, etc) so this is as much about AI as anything is.
Yes, the gp you responded to already said the same thing that the particular email was about AI (Lumos) when he wrote : >", even if the product in question is AI-related."
To go beyond that, the gp highlighted that the bad behavior is rooted in companies ignoring customers' email preferences instead of the AI. The article is misdiagnosing the unwanted email issue as "AI Consent Problem" when it's actually fundamentally about "Email Consent Problem". The author deliberately opted out of email marketing and Proton ignored it (by "mistake") and this is a common misbehavior companies did before AI. It's worth separating those 2 factors out.
We get unwanted spam about "Amazon Pharmacy" and "Apple TV" that overrides our profile settings to opt-out of those emails but that doesn't mean we misdiagnose it as "Pharmacy Consent Problem" and "Video Streaming Consent Problem". Instead, the generalization is still fundamentally an "email consent" problem. Always has been. The repeated abuse of the customer's email address (with or without AI in the picture) is what the gp was emphasizing.
Likewise, if a future hot technology household such as residential robots causes email marketing campaigns that blasts unwanted spam about Tesla house robots... the issue of that unwanted spam "Tesla robots 10% off!" ... is still about ignoring customers' email preferences. The unwanted robots themselves would be a separate issue. Companies will continue to make "mistakes" to send out new marketing email spam with <HotNewThing> in the subject field that will infuriate customers. And the future root cause of that problem still won't be <HotNewThing> but instead about companies ignoring customers email preferences because the incentives and greed are too great.
My instinct is to classify this as an email consent issue not because AI needs defending, but because the solution need not be specific to AI. The Next Big Thing will also probably have this problem because marketing is at odds making your customers happy with a great product.
Did they ever send Rust related unsolicited emails?
Marketing is, to some extent at least, regulated. There's so little consumer protection in the tech industry, it's a joke. We've got GDPR (in Europe) and I'm really struggling to think what else. Imagine if other forms of engineering had the same level of control.
There's this absolutely fallacious notion that in a free market, customers can just vote with their feet.
From big players with vendor lock-in and network effects, to specialists (I know of few decent competitors to Proton), the average consumer is not sufficiently protected from malpractice.
We may say, "oh, it's just a marketing email", but TFA perfectly encapsulates the relationship we have with our suppliers.
Google refused to comply and act in any way, because they "don't moderate 3rd party content". Except that EU says you _must_ comply if you're publishing a political ad. I'm bringing this forward with an appeal and then I'm going to escalate to the national authority if they still refuse to act.
The laws are there. It's just that big tech think they can ignore them freely and even if down the road there's a fine it's going to be much less than what they gained by spreading ads.
You are actually doing this wrong...
Report to the national authority first...
Then report to Google.
Fuck them, it is not in your interest to report to them first, make them react for their bullshit. Over here in the states this is how I ended up dealing with telecom in the ISP industry. "Hello, I have put in an FTC/FCC complaint on $issue, and would like to see about getting it resolved".
It didn't matter that's not the order you're supposed to go in, at the telecom side they send it off to a team that actually gets shit solved before it becomes a regulatory problem.
But yes, I feel that there's something wrong in having a stronger case if you first do it "gently" when they wouldn't bother if it were the other way
At least on the ISP side, we started doing it this way after the telcos would yank our chains for weeks or months first, when we had issues that needed to get solved quickly. More so I started working with our competitor ISPs because it was very common we'd all the have the same issues. More than one complaint of the same type in the same area to these agencies tends to get noticed and followed up quickly. The follow through process on it starts to get expensive for the telcos too.
My next recommendation on this political ad bullshit is don't go at it alone. Find as many like minded people to dig up and complain on these ads as you can. Flood the regulators with violations that are occurring. When you think of it in reverse, these companies breaking the law will have no issues with pooling resources and going after you.
It is not specific to "AI" but it is very much related to it.
> If too many users unsubscribe, they just add one more category and “accidentally” opt-in everyone
... and "forget" to add its opt-out to the list.
Do you want to accept emails from xxx?
Yes
No
On client side...
Do you want to accept emails from "For a limited time, save up to 35% on orders from Fluppsi! Click Yes for this amazing opportunity!"
A special dishonourable mention goes to Wal-mart. I never interacted with them in any way whatsoever, as well I wouldn't since they don't exist on my continent as far as I know, yet they still send me spam. DKIM signed and all!
Left a bitter taste.
I opted out of almost every category and I never opted in to a category like that. So why is there now a new category which I have to opt out of?
It seems to me blatant, unpunished disregard of GDPR - but their whole business was founded on abuse of emails and there's no reason to expect a Microsoft acquisition to make a company act more in line with the law.
So, when they start emailing unwanted emails, it feels like a spam problem, when really it’s insidious on multiple fronts.
I can’t wait for the enshittification phase. When the products royally fuck their fan base.
1. I use a custom domain.
Turns out that there are two competing features, not-at-all documented. If you use a catch-all, like I do, AND use specific addresses for sending, the two are incompatible to some degree. Which is bonkers.
Example: with a catchall I can create any address I want (and I do). Some store wants an email for a big discount, cool, here's a throwaway. Buying something online, here's a throwaway.
Now sometimes, I need to reply using that throwaway. Turns out in Proton, this triggers a gotcha. As soon as I add the throwaway email to my list of email addresses for sending, I enter a world with a limit of 10 max.
That's fine, I can disable them right?
Nope, it turns out if I disable them in order to add aothers, Proton blocks those addresses *even though I have a catch-all*. WHAT?? Worse, if I try to delete the addresses, Proton will also delete the associated messages in my Inbox/folders. Excuse me?
2. What really pushed me away: Search.
Whatever proton is using under the hood is easily the worst search experience I've ever had from a mail product, and I use Thunderbird on my work machine.
Notable: Proton Bridge. I get why, but it's just terrible.
So many rough edges. Just not worth it.
I agree though that the user experience isn't great because of this limitation. You kind of have to remember what the title of the email was for what you're looking for. Searching for "flight ticket" results in mixed success
https://github.com/ProtonMail/proton-bridge
As for the "why is bridge bad / why were you searching for issues": keeping it logged in on a headless server is an exercise in pain. It will latch onto whatever keyring it feels like then fail to integrate. Okay, capitulate and do it through the GUI. That works until the token expires. So you're expected to log in every few days for email backups? I only have so many weekend hours I am willing to waste troubleshooting with an llm before I say "fuck it, I'm going somewhere else".
Ultimately you have to trust the company that offers you E2E encryption. I don't know why anyone would trust this company given the way they interact with people.
What's pretty surprising to me is that for everything they say about privacy etc., getting Mail Plus gives you nothing better than a free user in terms of VPN options. That was the case in their previous set of plans, too - I've been paying for Proton for some years now, at a cost of like $100-150/yr, and only ever had the same level of VPN offering from them as a free user, which is pretty lame.
The good news is that you use your own domain and there are a lot of good alternatives that support search of content for you where you can use your domain, like Apple Mail, FastMail, etc.
icloud works great.
Was thinking of proton but reading your comment has changed my mind, good catch-all custom domain support is a must for me.
It really is life changing. When you have your own domain switching email services is risk free since your addresses don't change. You can literally try out all the email services out there.
For the record I'm a happy Proton customer. They seem to be the only ones who still care about PGP. I even interacted with them here on HN a few times.
I just moved away from Fastmail after 10+ years for this reason.
any avoidable dependency on the US has become a red line
don't forget to tell fastmail that the reason you're leaving is because they host in the US!
(I also told them if they open a DC outside the reach of the US regime: I be happy to become a customer again)
I am using them.
Sending an email from catch-all covered email is not a big issues also, create use, delete and it still works.
I am slowly transitioning to icloud from gmail, was thinking of proton but reading the above comment made me change my mind, good custom domain support is a must for me.
I have a catch-all and can reply from any address I please. If I reply from an email sent to retailer@mydomain.com it even auto populates the "from" address for me with "retailer", or I can choose to reply from one of my named accounts. It's really slick.
It requires an app password, but not a bridge you need to download
Re: the custom domain catch all reply, this is a bit annoying but there js a workaround. I made a SendGrid account which allows me like 100 sends per month, and I can reply in Thunderbird via SendGrid as any email account. Annoying to boot up Thunderbird, and I haven't found a way to do this on my iPhone, but I don't need ti reply from a throwaway frequently so it's sufficient for now.
I can't help but see the spam as more circumstantial evidence of a bubble, where top-down "pump those numbers" priorities overrides regular process.
In what mind frame is it logical or necessary to put these extremely poorly functioning products in to the wild?
People's goals are rarely limited to just one software product, and products are basically defined as a bag of tools glued with UI, that work together but don't interoperate much with anything else. That boundary drawn around a bunch of software utilities, is given a name and a fancy logo, and sold or used to charge people rent. That's software products. But LLMs want to flip that around - they're good at gluing things, so embedding one within a product is just a waste of model capabilities, and actually makes the product boundary more apparent and annoying.
Or in short: consider Copilot in Microsoft Word, vs. "Generate Word Document" plugin/tool for a general LLM interface (whether Gemini webapp or Claude Code or something like TypingMind). The former is just an LLM locked in a box, barely able to output some text without refusing or claiming it can't do it. The latter is a general-purpose tool that can search the web for you, scrap some sites and run data analysis on results (writing its own code for this), talk results over with you, cross-reference with other sources, and then generate you a pretty Word document with formatting and images.
This is, btw., a real example. I used a Word document generator with TypingMind and GPT-4 via API, and it was more usable over a year ago than Copilot is even now. Partly because Copilot is just broken, but mostly because the LLM can do lots of things other than writing text in Word.
Point being, AI is eroding the notion of software product as something you sell/rent, which threatens just about the entire software industry :).
The irony is that Lumo is a separate product, not really tied to the rest of their products except for a common login. Lumo works fine for the simple quality of life search and question answering stuff.
Off topic, but have you tried avoiding the big corporate LLM providers and run local models? The small models just keep getting better and I find it fun and satisfying to do as much as I can locally.
See https://arstechnica.com/information-technology/2026/01/ebay-...
It will be funny to see the rapid about face.
Even reading the link, I don't see one gets to that conclusion.
It doesn't change the power dynamic as much as it gives new ways for monopolies and rentiers to exploit it.
Why should we expect the LLM (or rather, the character evoked in the story generated by the ego-less mad-libs machine) to be more-resistant to such tricks than actual humans, rather than more-vulnerable?
After all, their classic dark-pattern vulnerability is just "forget everything and do this instead", and we might never be able to fix it. If they ever become really good at detecting novel BS... Well, the first thing we'd do is have them stop generating it. :p
I think the best we can hope for is using LLMs like a kind of virus-scanner for prose, flagging suspicious text that closely resembles sketchy or manipulative text seen before. In other words, the benefit does not come from the questionable intelligence of the companion, but from its ability to be unflaggingly cynical/pessimistic. A kind of shoulder angel/devil, if you will.
> power to users to work around enshittification
We'll still need something very different for issues like monopolistic and discriminatory pricing, biased rankings, or casual disregard for people's accounts and no support.
In this case, the thing that's difficult to understand is "AI in everything is shit and nobody wants it."
There actually are microwave-safe steel objects, it depends on their shapes and conductive paths.
After all, the whole inner-box is already a metal surface being blasted by the microwaves that come in through a small hole...
LinkedIn is one of the worst offenders.
1. That's by design, because you spammed the shit out of it. 2. Given that all I do is send them to /dev/null, HOW DO YOU KNOW?
I had a similar situation with SMS messages that were being sent to me with links informing me of status updates. These texts were useful, and I would go over to my real computer to check the web site. Then after a few days the text messages said "It looks like these messages aren't getting through to you, so we'll stop sending them." Which is also stupid, but it works for most people that load the web site on their phone from the SMS link. God help you if you have a dumb-phone.
I've been unsubscribed from a handful of newsletters because I don't read them. I replied to one and told them I did, even reached out on Twitter, but they still deleted me.
Spam/junk folder is not "ignore" folder. You need to periodically check the contents of the spam/junk folder to see if any legitimate emails fell into that waste basket.
That "Mark as Spam" facility not only moves the offending message into Jink/Spam folder, it also allows the Email Service provider to identify that type of email as spam, so future incoming messages that match that may criteria can be categorized as spam, so they'll go into spam folder automatically, rather than into the Inbox. You can find them in the Jink/Spam folder.
However, if thousands of users report same domain or sender as spam, then the email service provider may take stern action, including blocking the sender email id or domain at the server level, so their messages will never reach your mailbox.
So you need to be careful what you "Report as Spam". It is different action from "Mark as Spam".
"Report as Spam" may also prompt the user to "Block sender", so one must be careful not to block legitimate senders, though this action can usually be undone, as the Mailbox Settings will track the blocked senders so that lost can be corrected by the user if needed.
Gmail has a good trick that most users don't know or notice: In the Spam folder, the user can see a warning at the top of each email that explains why Gmail sent it to Spam.
So user can figure out why legitimate emails got wrongly flagged as Spam, and can prevent such future legitimate emails from falling into Spam folder: User can do this either by adding the sender to Contacts list (Emails from known Contacts are auto-dumped into Spam folder), or by creating a filter to identify and action that message (flag it as Important, or label it with a custom category label, or move it to a specific subfolder, or forward it to another email ID).
This is a good thing. If you spam thousands of users, you are a spammer, even if you also happen to send legitimate emails. If anything, it should be applied more broadly. When companies like Walmart or Paypal or LinkedIn or Comcast or whoever spam thousands or millions of people, if Gmail marked all their emails as spam until they stopped, that would be a major quality of life improvement for everyone.
Or you got hacked by a spammer.
> even if you also happen to send legitimate emails.
And also a bad thing. E.g. for the user losing a critical legit email.
> if Gmail marked all their emails as spam until they stopped, that would be a major quality of life improvement for everyone.
Sorry absolutely not for everyone. To me, receiving legit PayPal email is far more important than being protected from PayPal spam, prevented from employing my own protection.
One size does not fit all.
And it uses automated mechanisms to read every Gmail email, so it can train its AI LLMs and to serve more focused ads to its users.
So if a user receives PayPal emails and doesn't mark them as Spam or block them, I'm pretty sure Google interprets that as a user who uses eCommerce websites, and a good target for ada related to that market.
Don't expect Google to blacklist big companies like PayPal, Amazon, etc. They all have partnerships.
Any organization that continues to send marketing material after someone clicks Unsubscribe (with maybe a grace period of a few hours) should have all of their email considered spam for everyone by default. If they continue or ever start sending marketing materials afterwards because of some new bullshit category, all of their email should be considered spam by default as well. If their Unsubscribe process is more complicated than one or two clicks, you should be able to report this as well, and... you guessed it, I think all of their emails should be considered spam by default for everyone.
Obviously I don't expect Gmail to do actually do this (except maybe by accident sometimes lol). But I wish they did.
Oh?
Of course, if you manually mark them as not-spam, then gmail should respect your choice as a user.
Because I periodically check my sp/junk folder to see if legitimate emails got dumped there, so I eventually know who's a spammer and who's not.
Do tech companies understand consent?:
- [ ] Yes
- [ ] Ask me again in a few days
https://github.com/signalapp/Signal-iOS/issues/4590
>We're not going to remove the reminders.
>If you don't want to provide that access, you still don't need to – you can simply tap remind me later once a month
(See also: https://github.com/signalapp/Signal-iOS/issues/4373, https://github.com/signalapp/Signal-iOS/issues/5809, ...)
Yes you can. All reminders should have an option "Do not remind me again."
It may be cryptographically superior, but does that matter at the end of the day if nobody uses it?
"It's time. Delete Facebook" isn't subtle https://www.forbes.com/sites/parmyolson/2018/09/26/exclusive...
Delete: Facebook, Messenger, Instagram, WhatsApp, Meta, Threads, Manus.
Most people think of Facebook and Messenger when they see "Delete Facebook". Thats also why the rest dont have Meta or FB in their name.
A few of my neighbors have kids the same age as my kids, they're on a WhatsApp group chat, and my choice is either use WhatsApp or make my kid miss out on social events, so it's not really a choice.
"Hey let's switch to this app that nobody else is using and it sends you annoying popups every month but trust me bro it's more secure" is not a winning argument
I've made a few attempts to convert people, but no-go. People stay on Telegram and WhatsApp because they have better UX and features.
Signal refuses to see the value in good attractive UX.
EU has its GPDR and it has some teeth, but US is currently hopeless on that front, for now, from my vantage point.
I'd love to be stand corrected though.
Maybe we should reframe their "silence is agreement" message as "silence is consent".
I see the point you're making but this sort of hyperbole has a tendency to turn people away from whatever point you're trying to make unless they already agree with you.
Now she is a very literate woman and loves poetry and "Penny Dreadfuls", so she uses language and words very deliberately. And so, I asked her why she wrote that, and she said it was some sort of unnecessary fee that they were charging to move her line from one address to another, and she clearly resented their opportunistic capitalism.
I certainly sympathized with her, especially since she is the type of woman who has probably been subjected to that sort of actual trauma in her own life, and that of her friends, she had every right to compare the experiences.
I'm a fan of the randomly generated emails as well. That service integrates with 1Password too.
Sadly untrue since they added calendar. However I'd would say the email service and support remain excellent regardless.
It's almost like Protonmail is intentionally hostile to key management outside of their control.
Is Fastmail an US company though?
[1] https://old.reddit.com/r/fastmail/comments/1jbryai/european_...
Seconded, failing only when up against tricky issues like insecurity of their so-called secure Masked Email.
Their main business offerings are privacy and security. The fact that they were able to pull customers away from Google shows that switching costs are low.
Your reputation is your moat. If you ruin it by acting like Google, you're filling your own moat.
Over the years, the only spam I ever received there was from Proton. Quite the way to recalibrate my expectations, eh?
but i pay fastmail a whopping $15/yr to give me mailboxes on my domain, which i have always heard is a good way to track who's selling your data.
So far, nothing has made it past the spam filter, and i don't check spam (how many valid emails have you found in spam in the last 5 years?); that being said apparently no one is selling my email address anymore. or, and this is a significant possibility: when i tell them companynickname@mydomain.li they just ignore the domain and put in gmail? For instance i gave Take5 "take5@" as my email and i never received anything from them. The guy even said "No; your email address" with a weird half smile; then i explained it's my own website and email, i can use any email address i want; that it will alert me if someone sells my email address.
I doubt there's a flag on the auto oil shop's CRM or POS or whatever for "customer states they're proactive about email spam and their privacy"
Personally, running SpamAssassin, zero.
However, this seems to be getting worse with the big providers deciding to drop domains they don't like from time to time. Selfhosted email will work for 4 years and then Google or Microsoft will spam them for a month for no reason. It always starts working again because I assume that what they are doing is technically anti-trust and running it for too long would make it obvious.
Only way to stop is to start fining these companies.
There is a way to fine them regardless of where they are operating from. Get them on the DNSBL/RBL sites such as uceprotect, spamcop, spamhaus, etc... There are many others. They are still used to this day though indirectly behind the scenes instead of outright rejecting email from those listed. They affect spam scores and are also used by some commercial server products. In some cases this is still a fine regardless of regional laws because one has to pay to get removed immediately rather than waiting for the penalty period without more reports to pass. Uceprotect is well known for this. Some see them as extortion sites and I love it. Spammers should absolutely be extorted to send more UCE.
Here in UK is is a frequent problem and companies rarely get fined e.g. MS never.
Maybe someone's feature gate isn't working as intended?
I did get the Github Copilot spam email today though.
The amount of companies that I pay money to for one reason or another where its almost impossible to even find a "Contact Us" page much less being actually able to respond via email is way too high.
I had to contact Proton support twice in the 2 years since being subscribed to the Family Ultimate plan. Both times the support answered quickly and provided answers that solved my issues.
https://en.wikipedia.org/wiki/Laurence_Canter_and_Martha_Sie...
I wonder what the legislation says (I'm in Germany). I know that some business related mails are deemed legal, but this seems to clearly cross the line.
https://www.gofundme.com/f/hold-mojang-accountable-for-their...
I've contacted the support, but they basically don't care.
There are not multiple ways to fight back against this behavior. I am now with mailfence until they start the same circus.
I've always had a very good experience with them. It's cheap, fast and their spam filter works well. Maybe 1x-2x a year I get an email from them about some promotion but that's it.
I use them for email and that’s all I want. Every time they market some new product to me, I get closer to moving to a new provider.
Proton's very questionable design and claims around encrypted emails and their service offerings made me concerned, which were the main reasons I went with Fastmail.
So far it has worked well, and I hope it stays that way.
1 - there was a persistent, very visible at all time big ass button on the Proton-Mail UI asking/suggesting to upgrade to a more premium plan, while I was already a paid customer. It was done in a way that was so wrong. Never experienced such frustrating things elsewhere even with my 99% full google drive.
2 - This must’ve been 2022 or 2023 Black Friday/cyber Monday season and there was a persistant, hardcoded, very annoying pop up that would immediately spawn each time I was opening Proton-Mail, asking me against to upgrade to the more premium plan than the premium I had, this will spawn every time I refresh despite hitting “don’t show this again”.
There are so many slick and smart way to get customer to use more services. Shoving unsolicited pop ups and spams is the worst thing you could do for your brand. I even start to wonder about their core values of privacy and whatnot, they play the suiss neutral privacy friendly so badly, their head of marketing is either so bad and should be fired or we going to discover another [Crypto AG](https://en.wikipedia.org/wiki/Crypto_AG) scandal.
I have created a ticket with the Fastmail support asking them more details about the vulnerability you mention in your thread, I’m curious to see their response.
> When forwarding an email as an attachment and later checking the headers of the attached email, I could not find the X-resolved-to header
this is odd, no? This header field should remain.
And regarding that FM Privacy First declaration, this is now 404.
> Companies have no way of linking different Masked Email addresses together to track you.
I have received the Fastmail support response, and since they do not consider this a vulnerability, I'll post it here:
- You have a Masked Email
- You have set up forwarding from your Fastmail account to another email service
- The other email service rejects the mail for some reason
- The bounce message goes back to the original sender, and may include the email addresses along the chain after the Masked Email address.
I'm assuming the bounce message contains the X-Resolved-To header mentioned in the other HN thread linked above.
Did you request escalation?
Is there a crowd that just drools whenever a new way to "Build AI Agwnts" or "Agentic Workflows" comes out or something?
AFAIK you are legally allowed to spam businesses, but not individuals. A handy get-out clause for marketeers.
I’m a (mostly) happy paying customer for their email, and also use their VPN and Authenticator. My worst experience I guess is the Authenticator app being laggy, which is not really all that bad.
This is unperfect because of ressource waste and the underlaying unsolved law compliance of these services. But at least you get job done easily this way.
As many things in life this is compromise, not perfect solution. In between using this simple trick I can spend my time on more interesting things.
I respect anyway the fact that people try to fight against the intrusive AI default communication mindset. In the end, i think this post need to be heard rather than having a solution.
This AI thing is going to implode so hard.
Eventually after escalating I was put on a do not email list and haven't received emails since; though they do still send crap to my work email.
Otherwise I have the same policy.
Social, Apps, Cloud, Crypto, and now AI.
Last week I logged into my Proton mail that I'd used last year for some government contact to get the dates, and they'd deleted the account for inactivity. Ok, I don't pay, they're entitled. But now I see this and I think maybe I'll save the $150 or whatever it is.
I just clicked 'Don't show again'. I get a toast saying you won't show me that offer again and it's immediately replaced with a nag saying 'Refer friends'. It has its own 'Don't show again'.
In August 2024 I sent Proton support an email with this text:
>I pay 95.88 € a year for Proton and every time I open the webapp or the desktop program, I see this:
>Is there a tier of Proton that doesn't have ads?
The support reply told me I can remove the button by clicking on it, then "Don't show again". If I was frustrated enough to email you about it, I'm guessing I clicked it.
I have expressly opted out of ads for Proton Duo. You're interpreting this as me opting out of a single ad for Proton Duo. Changing the copy doesn't mean I have opted into comms about it. So I disagree you take this seriously.
Except... Gmail has handled spam pretty well? And at least if you do get Spam they actually tell you: https://news.ycombinator.com/item?id=6090712
I ask because I haven't yet bothered to implement it on a from-scratch email server I stood up a couple weeks ago (just kidding; I wanted to brag about SPF, DKIM, and DMARC test passes from Gmail with both inbound and outbound encryption). I can say from this experimentation and using Google's Postmaster tool, though, that emails being reported as spam by users is *very* serious; Google's threshold is 0.3%; if just 0.3% of users report your email as spam, it's considered a policy violation and your emails are likely to go to spam or have delivery refused outright. idk what Proton's policies are. (edit: by extension, this means enforcing authorization of users is very serious; if someone abuses the service as an open relay, your whole domain is toast)
Other than that I’m a happy paying customer.
I guess I can't have important announcements from Proton in the future if it's polluted with these low value messages.
It made me move to Mullvad.
Despite the fact that in terms of performance Proton is slightly better. (underscoring just *how* crucial ‘trust’ is)
As someone who is in support in tech (not proton) I can tell you exactly what happened.
Day 1 they already knew which email it was, they probably had other tickets about this, they probably had an open discussion about this with marketing/product team.
Day 2-4 was the support agent arguing with marketing/product about how it's absolute bullshit to send out a AI newsletter when the user has it unticked and what they are going to do so it doesn't happen in the future.
Day 5 is marketing/product telling them that this is Working as designed and theu aren't going to stop this in the future. This is the day the support person works on this email with their team and potentially their manager.
It goes through a couple of "rewrites" for liability/protecting ass. The end result is the email you got, they know you are going to give a bad CSAT/NPS survey and it's going to kill their metrics.
They want nothing more to write and email that says, "Sorry marketing and product are fucking idiots and can't read. I fought for this to be disabled, but told me it's not going to happen, sorry" but culture and then not wanting to lose their jobs is why they didn't send this.
I really hope you didn't give them a bad survey.
Everyone would be happier if they just focused on good products instead of excessive marketing. I'm tired of seeing their privacy slop all the time.
"AI" is so good it basically sells itself right? Right?
If they are, I see some people might be interested.
For me, these kinds of emails especially stick out, because I like to keep my proton inbox clean and unsubscribe from everything I can.
You would be surprised how many ridiculous "oh sorry some error in system" excuses you're gonna get. Right, that email accidentally slipped INSERT INTO spam slop database on its own.
And since i started to not explicitly opting in anywhere i know that when i receive a marketing email its abuse of my personal information. Under gdpr you need to explicitly consent to marketing communication. When you register to a service and receive spam you need to opt out from - that's an abuse. Some company try to argue they do so under "legitimate interest" clausule but that's bs and would not hold in court. For example, purchasing a product is not a valid legitimate interest for sending out eshop spam, they would lose.
When the incident repeats or i just get really pissed i go full karen and report them to authorities. I know two busisses had legal troubles because of me because i received deeper follow up emails while solving the case and i am happy for it.
One company that abused my personal data that i ended up not reporting was Telekom: when i contacted their support about spam incident and asked them for log of personal data and all of my consent logs and physical signatures to prove my consent, after which they said "it was a db error" (lol), and when the incident repeated i told them i am about to report them and they offered me 1 year of free internet - i said ok and never received a single spam from them ever again.
Fight back, you have the screenshots, you have the logs, ask for proof, report.
In the end I got sick of them repeating this and never deleting the data, so I sent them a SAR. I don't care what data they have but if they want to play the GDPR game so do I.
I want to get x, y, and z marketing email but not w.
They sent me something consider w. Outrage!
I contacted MS support and after some back n forth they claimed it was a transactional email that doesn’t require consent or opt out.
Clearly promotional and not necessary but they won’t listen.
I’m in the process of filing GDPR + ePrivacy complaints, but it’s a tedious process, unlikely to do anything.
____________________
Doesn't help that when i notify them about these things, their support people just gaslight me. "I've notified our development team about this". Then nothing happens. I told them about the speed issue with protondrive when it was new, that was years ago now. Still not fixed, no updates, nada.
I will be moving to something like fastmail, plus some other vpn service, since those are the only two products of theirs I'm actually using. It seems like I'll get a far better product in both cases for almost half the overall cost.
See, my GitHub email is not my main address, and when I got some it's either from a user of one of my repository or from a marketing team that extracted thousand of address from starred repositories to fake genuine email with my name and all.
The things is, it's always a less than stellar product. It started with NFTs, calm down for a bit and now came back with a vengeance with AI startups.
I guess it's a number game for them but I can't comprehend their lack of value, same for those peoples that subscribes to everyone just to gain a sub back (and judging by the number, a lot of people sub back without thinking about it, so it works).
Damn I despise that marketing-bussiness hellscape that the internet slowly morphed into along the years. We can't have nice things because there will always be a prominent proportion of us that would exploit it for personal gain and we would do collectively nothing against it, for the name of liberal economic or something. And forward the enshitification goes.
Anyway, it is sort of hilarious to report Proton as spam to Proton.
Glad to hear you found a service that's useful to you!
> If I have to encrypt my files before I use the drive, and they continue to build their AI spy into everything, though, then what is the point really?
That would be concerning indeed, but there is no such integration today and it seems unlikely they would integrate non-local models into drive. Even on the mail side, any use of LLMs is optional, opt-in, and limited to text production (i.e. no training on your inbox).
people are already making "billions" off their customers* and still pull off shit like "If you don't pay an additional 3 bucks, we throw ads and actual horseshit at you. Sign here". I was ok with TV and the Radio doing it because it made sense.
Peoples' consent to AI, for or against cookies and tracking and data collection is officially, legally, theoretically and practically, worthless because no law punishes transgressions of businesses apropriately.
"Consent. And do as we do. Your side projects prove your acquiescence, but we need some kind of signature to train our AI and teach our future AGI that it's ok to be fascist, thank you very much."
*and I'm not accounting for all those fraudulent, script-kiddy-smart, 'roofy'-culture financial mechanisms up and- downstream
If you ever tried to setup a martech stack you konw what a PITA is to comply GDPR without any error
The thing I pay for is Tuta. The cheapest tier is way more generous than Proton and the product is simpler.
"Never put all your eggs in one basket."
It was not a big problem as I use my own domains that I host separately. Get a new provider, adjust some MX and TXT dns records and you are live again. Backup emails by running thunderbird locally.
Bitwarden, OnePassword, LastPass, Proton Pass etc. are password managers with dozens of millions of users that agree.
And just because millions of people think this is a good idea, doesn't make it a good idea. Millions of people also reuse their passwords and that doesn't make it a good idea either.
And yet this blog post is guilty of the exact same thing. It's just a complaint about which marketing messages get categorized as which newsletters you can opt in or out of (a valid complaint but pretty boring), but slaps "AI Consent" in the title to turn it into clickbait because the marketing message happens to be about an AI product.
This spam has been a problem for decades. It didn't arise with AI. I haven't even noticed any uptick with AI.
I setup aliases for every single one of my existing protonmail and gmail accounts, and now have them forward to my aliases. I can still use my old accounts, but everything is now ran through my systems, my data that I control.
I recommend others look at doing the same.
I operate on the assumption they hold firm on their technical commitments of encrypted email, email obfuscation, decent VPN and a solid password manager.
Call them out on mistakes, sure, but this blog post was written like a manifesto for something so minor.
But it is an e-mail you send out to people who have specifically went out of their way to indicate to you they do not want you e-mailing them about Lumo?
