Proton sent a promotional email for its Lumo AI tool to a user who had explicitly opted out of Lumo communications. The user, David, found the email in his inbox despite an unchecked 'Lumo product updates' toggle in his account settings. This incident raises immediate questions about how Proton handles user consent for its new AI services.

When David contacted support, he was initially directed to the same opt-out toggle he had already disabled. Proton later defended the email by claiming it was part of a 'Proton for Business newsletter,' not a Lumo-specific update. This technical distinction feels like a semantic loophole, undermining trust for a company built on privacy and security principles.

The situation mirrors a broader industry trend where AI tools are aggressively promoted, often overriding explicit user preferences. The author connects this to similar experiences with GitHub, which recently opted users into Copilot marketing emails without clear consent. For developers, it underscores a growing tension between platform innovation and respecting user autonomy.

What happens next for Proton and its users? The company must reconcile its privacy-first branding with these marketing tactics. For the industry, it highlights the need for clearer, more honest consent mechanisms as AI features become central to product roadmaps. Users may become increasingly skeptical of subscription services that ignore their stated preferences.