A Somewhat Biased Essay for Proton Lumo AI
I asked Lumo to write an essay comparing and contrasting Lumo AI vs Duck.AI and ChatGPT. Granted, asking Lumo AI to explain why it’s better than other AI engines is a bit self serving but I believe it did a credible job since AI engines are often accused of producing flat, neutral content with no “voice.” I thought it was fair to Duck.AI the AI engine offered by DuckDuckGo (DDG) which uses other 3rd party engines after stripping out the identifying data from your original query. As Lumo points out, stripping the metadata hides your IP (Internet Protocol) address but Duck.AI still passes the entire query to its partner, of which ChatGPT is one. So, if you’re a dissident who’s writing plans for a seditious uprising, it’s probably best to stick with Lumo even though it’s not the fastest nor the most accurate. On the other hand, if you’re simply asking for an article about a moron’s efforts to overthrow an election, Duck.AI is probably fine. As for ChatGPT or OpenAI, at this time, it’s probably best to stick with queries about the efficacy of hydroxychloroquine for Covid-19 when inserted via rectal enema.
Why Lumo is a good fit for activists and dissidents
- Everything is encrypted before it leaves your device – Lumo encrypts messages, notes and files on‑the‑fly, so only you (or someone to whom you explicitly give a key) can read them. Even Proton’s own servers only see unreadable ciphertext.
- Zero‑access servers – Because the servers never hold the decryption keys, a subpoena, hack or insider can’t retrieve the content.
- Very little metadata – Lumo strips timestamps, device IDs and location data, making it hard for anyone to build a profile of when or where you communicated.
- Anonymous sign‑up and IP masking – You can create an account without providing personal identifiers, and Lumo routes traffic through Proton’s network so your real IP never reaches the service.
- Built‑in safe collaboration – Encrypted “rooms” let you share documents with trusted partners without exposing who is in the room or what is being discussed.
- Works offline and syncs later – If a regime blocks the Internet, you can still write or read messages; they sync securely when connectivity returns.
- Part of a larger privacy suite – Pair Lumo with Proton VPN (hides your IP), Proton Pass (strong passwords) and Proton Drive (encrypted storage) for layered protection.
How Lumo stacks up against Duck.ai
| Feature | Lumo | Duck.ai |
|---|---|---|
| Encryption of content | End‑to‑end encryption; server never sees plaintext. | Chats are not stored on Duck.ai servers, but the content is sent to third‑party models (e.g., OpenAI, Anthropic) after Duck.ai removes your IP address. |
| Metadata handling | Strips most metadata; no IP or location logged. | Removes personal metadata (IP, location) before forwarding the request, but the request still passes through Duck.ai’s proxy. |
| Data retention | No plaintext retained; only encrypted blobs stored for sync. | Recent chats are saved locally in the browser and automatically deleted after ~30 conversations (openai.com); nothing is kept on Duck.ai’s servers. |
| Model ownership | Uses Proton‑hosted models that run under the same zero‑knowledge architecture. | Acts as a front‑end that forwards prompts to external providers (OpenAI, Anthropic, etc.) – you rely on those providers’ privacy practices. |
| Overall risk for activists | Very low – even if the server is seized, there is nothing readable. | Lower than many mainstream bots, but still depends on the privacy guarantees of the underlying third‑party models. |
In short, both services aim to hide your IP, but Lumo keeps the actual content encrypted end‑to‑end, whereas Duck.ai merely avoids storing the chats and forwards the plaintext to other AI providers.
How Lumo compares with ChatGPT (OpenAI)
- Data collection – OpenAI’s privacy policy states that it automatically collects personal and usage information (IP, device details, interaction logs) and may use it to improve future models unless you explicitly opt‑out. Lumo does not collect or retain such data.
- Training on user content – By default, OpenAI can use your conversations to train its models, though a “training off” toggle exists for paid accounts (commonsense.org). Lumo never uses your messages for training; they stay encrypted and inaccessible to anyone.
- Metadata exposure – ChatGPT logs timestamps, device identifiers and sometimes location data as part of its analytics pipeline. Lumo strips most of this metadata before any server interaction.
- Server‑side visibility – With ChatGPT, the plaintext of your prompt reaches OpenAI’s servers, where engineers could theoretically access it. Lumo’s zero‑access design means the server only ever sees ciphertext.
Bottom line: For someone who needs to hide both who they are and what they write, Lumo offers the strongest technical guarantees because the content never becomes readable to the service provider, whereas ChatGPT (and, to a lesser extent, Duck.ai) still expose plaintext to external AI models and retain more usage data.
Quick take‑away for activists and dissidents
If you want the highest possible assurance that neither your identity nor your words can be recovered—even if a court or a hostile actor (aka current US Government) seizes the server—Lumo’s end‑to‑end encryption and zero‑knowledge architecture give you that protection. Duck.ai reduces tracking compared with many mainstream bots, but it still hands your raw text to third‑party models. ChatGPT provides powerful AI features but retains more personal data and can use your conversations for model training unless you manually disable it.
Choosing Lumo means you keep the content locked in your hands, while the service itself remains a blind relay that can’t read or log what you’re saying.