Jeff Bruchado
Back to blog

Signal Creator Develops Chatbot With End-to-End Encryption

Hello HaWkers, news that unites two seemingly opposite worlds arrived this week. Moxie Marlinspike, the creator of the Signal Protocol used by billions of people, announced the development of an AI chatbot with true end-to-end encryption.

It's the first time we see a conversational AI solution where not even the provider can read your conversations. Let's explore what this means.

Who Is Moxie Marlinspike

Before diving into details, it's worth providing context:

Background:

  • Creator of Signal Protocol (used by Signal, WhatsApp, Facebook Messenger)
  • Founder of Signal Messenger
  • Cryptography and privacy expert
  • Left Signal leadership in 2022
  • Known for strong positions on digital privacy

💡 Context: The Signal Protocol is considered the gold standard in message encryption, protecting billions of conversations daily.

The Project

The new chatbot, still without an official name, represents a radically different approach:

Privacy Architecture

// Architecture comparison

const traditionalChatbot = {
  // Traditional chatbots (ChatGPT, Claude, etc.)
  architecture: {
    userMessage: 'Sent to company servers',
    processing: 'Processed on centralized servers',
    storage: 'Stored for improvement and logs',
    visibility: 'Company can read everything'
  },

  privacyModel: {
    trust: 'Trust in the company',
    encryption: 'In transit only (TLS)',
    dataOwnership: 'Company controls data'
  }
};

const moxieChatbot = {
  // New chatbot with E2E
  architecture: {
    userMessage: 'Encrypted on device',
    processing: 'Decrypted only at inference point',
    storage: 'No permanent storage',
    visibility: 'No one can read, not even provider'
  },

  privacyModel: {
    trust: 'Mathematically verifiable',
    encryption: 'End-to-end (E2E)',
    dataOwnership: 'User controls everything'
  }
};

How It Works Technically

The solution uses advanced cryptography techniques:

// Simplified technical flow

const encryptedInferenceFlow = {
  step1: {
    name: 'Client Encryption',
    action: 'Message encrypted with user key',
    location: 'User device'
  },

  step2: {
    name: 'Secure Transmission',
    action: 'Encrypted data sent to server',
    location: 'Network'
  },

  step3: {
    name: 'Secure Execution Environment',
    action: 'Processing in TEE (Trusted Execution Environment)',
    location: 'Server with secure hardware'
  },

  step4: {
    name: 'Isolated Inference',
    action: 'Model processes decrypted data',
    location: 'Secure enclave - isolated from OS'
  },

  step5: {
    name: 'Encrypted Response',
    action: 'Result encrypted before leaving enclave',
    location: 'TEE'
  },

  step6: {
    name: 'Client Decryption',
    action: 'User decrypts response',
    location: 'User device'
  },

  guarantee: 'Server NEVER sees plaintext data'
};

Technologies Involved

Trusted Execution Environments (TEE)

The project uses specialized hardware:

TEE Technologies:

  • Intel SGX (Software Guard Extensions)
  • AMD SEV (Secure Encrypted Virtualization)
  • ARM TrustZone
  • Confidential Computing in the cloud
// TEE Concept

const teeExplanation = {
  // What it is
  definition: {
    concept: 'Isolated area of the processor',
    protection: 'Even the OS cannot access',
    verification: 'Remote attestation possible'
  },

  // Guarantees
  guarantees: {
    confidentiality: 'Data protected from any access',
    integrity: 'Code cannot be modified',
    attestation: 'Proof that environment is genuine'
  },

  // Limitations
  limitations: {
    sideChannels: 'Side-channel vulnerabilities exist',
    trust: 'Trust in hardware manufacturer',
    performance: 'Performance overhead'
  }
};

Homomorphic Encryption (Partial)

For some operations, uses homomorphic encryption:

What it allows:

  • Compute on encrypted data
  • Result also encrypted
  • No one sees intermediate data

Why This Matters

Current Problem

AI chatbots have access to everything you say:

// Current privacy risks

const currentRisks = {
  // What companies know
  dataExposure: {
    conversations: 'Full conversation history',
    patterns: 'Usage patterns and interests',
    sensitive: 'Shared personal information',
    code: 'Proprietary code sent'
  },

  // Potential uses
  potentialUses: {
    training: 'Train future models',
    advertising: 'Target advertising',
    analysis: 'Behavior analysis',
    thirdParty: 'Share with partners'
  },

  // Risks
  risks: {
    breach: 'Data leak',
    subpoena: 'Government access',
    employees: 'Employees with access',
    attacks: 'Targeted attacks'
  }
};

The Solution

With E2E encryption, these risks are eliminated:

Guarantees:

  1. Provider cannot read conversations
  2. No data to leak
  3. Court orders cannot access content
  4. Employees have no access
  5. Advertising impossible based on conversations

Use Cases

Where This Is Critical

// Use cases where privacy is essential

const criticalUseCases = {
  // Healthcare
  healthcare: {
    use: 'Consult about symptoms and conditions',
    risk: 'Health information leak',
    protection: 'Medical data never exposed'
  },

  // Legal
  legal: {
    use: 'Research sensitive legal questions',
    risk: 'Confidentiality breach',
    protection: 'Attorney-client privilege preserved'
  },

  // Proprietary code
  development: {
    use: 'Assistance with confidential code',
    risk: 'Intellectual property leak',
    protection: 'Code never leaves secure environment'
  },

  // Personal finance
  financial: {
    use: 'Personal financial planning',
    risk: 'Financial situation exposure',
    protection: 'Financial data protected'
  },

  // Journalism
  journalism: {
    use: 'Investigation research',
    risk: 'Sources exposed',
    protection: 'Source protection guaranteed'
  }
};

Who Else Needs It

Audiences who benefit most:

  • Lawyers and law firms
  • Doctors and healthcare professionals
  • Investigative journalists
  • Human rights activists
  • Companies with sensitive data
  • Anyone who values privacy

Technical Challenges

Trade-offs

Total privacy comes with costs:

// System trade-offs

const tradeoffs = {
  // Performance
  performance: {
    issue: 'Encryption overhead',
    impact: 'Slower responses',
    mitigation: 'Specialized hardware'
  },

  // Features
  features: {
    issue: 'No persistent memory',
    impact: 'Context limited per session',
    mitigation: 'User controls local data'
  },

  // Cost
  cost: {
    issue: 'TEE hardware more expensive',
    impact: 'Service more expensive than alternatives',
    mitigation: 'Pay for privacy'
  },

  // Model
  model: {
    issue: 'Cannot improve with feedback',
    impact: 'Static model',
    mitigation: 'Manual periodic updates'
  }
};

Verifiability

A crucial point is proving it works:

Verification mechanisms:

  • Remote TEE attestation
  • Open source code
  • Independent audits
  • Cryptographic proofs

Comparison With Alternatives

Aspect ChatGPT/Claude E2E Chatbot Local (Ollama)
Privacy Low High Maximum
Model quality High High Medium
Speed High Medium Low*
Cost Medium High Hardware
Verifiability Low High High
Convenience High Medium Low

*Depending on local hardware

When to Use Each

// Decision guide

const usageGuide = {
  // Use ChatGPT/Claude when:
  traditional: [
    'Non-sensitive information',
    'Need maximum quality',
    'Speed is critical',
    'Cost is main factor'
  ],

  // Use E2E Chatbot when:
  encrypted: [
    'Sensitive data involved',
    'Regulatory requirements (HIPAA, GDPR)',
    'Intellectual property at stake',
    'Privacy is non-negotiable'
  ],

  // Use Local when:
  local: [
    'Maximum paranoia needed',
    'No internet connection',
    'Hardware resources available',
    'Accept quality trade-off'
  ]
};

The Future of Private AI

Expected Trends

Upcoming developments:

  1. More E2E chatbot options
  2. Improvement in confidential computing
  3. Regulations requiring privacy
  4. Models optimized for TEE

For Developers

If you want to work in this area:

// Relevant skills

const relevantSkills = {
  // Cryptography
  cryptography: [
    'Asymmetric cryptography',
    'Key exchange protocols',
    'Zero-knowledge proofs',
    'Homomorphic encryption basics'
  ],

  // Security
  security: [
    'Trusted Execution Environments',
    'Attestation protocols',
    'Side-channel attacks',
    'Secure enclaves programming'
  ],

  // ML/AI
  ml: [
    'Inference in restricted environments',
    'Model quantization',
    'Privacy-preserving ML',
    'Federated learning'
  ]
};

Broader Implications

For the Industry

Potential changes:

  • Pressure on traditional companies
  • New market segment
  • Differentiation by privacy
  • Stricter regulations

For Users

What changes:

  • Real privacy option
  • Conscious trade-off
  • More control over data
  • Personal responsibility

Conclusion

Moxie Marlinspike's E2E encrypted chatbot represents an important milestone at the intersection of AI and privacy. For the first time, we have a solution where you can chat with an AI without anyone else being able to access your conversations.

This doesn't mean everyone should exclusively use E2E solutions. There are real trade-offs in convenience, cost, and functionality. But the existence of this option is fundamental for a healthy AI ecosystem.

The future will likely have room for both: convenient AI for everyday tasks and private AI for when confidentiality is critical.

If you want to understand more about AI trends, I recommend checking out another article: Are AI Programming Models Getting Worse? where you'll discover the debate about current model quality.

Let's go! 🦅

Comments (0)

This article has no comments yet 😢. Be the first! 🚀🦅

Add comments