Signal creator Moxie Marlinspike wants to do for AI what he did for messaging – Ars Technica
Credit: Getty Images
LLM E2EE made simple
Signal creator Moxie Marlinspike wants to do for AI what he did for messaging
Introducing Confer, an end-to-end AI assistant that just works.
By Dan Goodin – Jan 13, 2026 4:00 AM | 104
Credit: Getty Images
Moxie Marlinspike—the pseudonym of an engineer who set a new standard for private messaging with the creation of the Signal Messenger—is now aiming to revolutionize AI chatbots in a similar way.
His latest brainchild is Confer, an open source AI assistant that provides strong assurances that user data is unreadable to the platform operator, hackers, law enforcement, or any other party other than account holders. The service—including its large language models and back-end components—runs entirely on open source software that users can cryptographically verify is in place.
Data and conversations originating from users and the resulting responses from the LLMs are encrypted in a trusted execution environment (TEE) that prevents even server administrators from peeking at or tampering with them. Conversations are stored by Confer in the same encrypted form, which uses a key that remains securely on users’ devices.
Like Signal, the under-the-hood workings of Confer are elegant in their design and simplicity. Signal was the first end-user privacy tool that made using it a snap. Prior to that, using PGP email or other options to establish encrypted channels between two users was a cumbersome process that was easy to botch. Signal broke that mold. Key management was no longer a task users had to worry about. Signal was designed to prevent even the platform operators from peering into messages or identifying users’ real-world identities.
“Inherent data collectors”
All major platforms are required to turn over user data to law enforcement or private parties in a lawsuit when either provides a valid subpoena. Even when users opt out of having their data stored long term, parties to a lawsuit can compel the platform to store it, as the world learned last May when a court ordered OpenAI to preserve all ChatGPT users’ logs—including deleted chats and sensitive chats logged through its API business offering. Sam Altman, CEO of OpenAI, has said such rulings mean even psychotherapy sessions on the platform may not stay private. Another carve out to opting out: AI platforms like Google Gemini may have humans read chats.
Data privacy expert Em (she keeps her last name off the Internet) called AI assistants the “archnemesis” of data privacy because their utility relies on assembling massive amounts of data from myriad sources, including individuals.
“AI models are inherent data collectors,” she told Ars. “They rely on large data collection for training, improvements, operations, and customizations. More often than not, this data is collected without clear and informed consent (from unknowing training subjects or from platform users), and is sent to and accessed by a private company with many incentives to share and monetize this data.”
The lack of user-control is especially problematic given the nature of LLM interactions, Marlinspike says. Users often treat dialogue as an intimate conversation. Users share their thoughts, fears, transgressions, business dealings, and deepest, darkest secrets as if AI assistants are trusted confidants or personal journals. The interactions are fundamentally different from traditional web search queries, which usually adhere to a transactional model of keywords in and links out.
He likens AI use to confessing into a “data lake.”
Awaking from the nightmare that is today’s AI landscape
In response, Marlinspike has developed and is now trialing Confer. In much the way Signal uses encryption to make messages readable only to parties participating in a conversation, Confer protects user prompts, AI responses, and all data included in them. And just like Signal, there’s no way to tie individual users to their real-world identity through their email address, IP address, or other details.
“The character of the interaction is fundamentally different because it’s a private interaction,” Marlinspike told Ars. “It’s been really interesting and encouraging and amazing to hear stories from people who have used Confer and had life-changing conversations, in part because they haven’t felt free to include information in those conversations with sources like ChatGPT or they had insights using data that they weren’t really free to share with ChatGPT before but can using an environment like Confer.”
Editor’s Note: Read the rest of the story, at the below link.
Continue/Read Original Article Here: Signal creator Moxie Marlinspike wants to do for AI what he did for messaging – Ars Technica
#AI #AIAssistant #ArsTechnica #artificialIntelligence #Confer #Messaging #MoxieMarlinspike #Private #SafeFromAccess #Signal #SignalCreator
