Privacy-conscious users have a new option for talking to AI. Moxie Marlinspike, the cryptographer behind Signal, has unveiled Confer, an AI assistant that applies end-to-end encryption to your prompts and the model’s replies. The promise is straightforward: your conversations stay private, cannot be used for training, and remain inaccessible to service operators or third parties.
What Makes Confer Different from Other AI Chatbots
Most AI chat services process prompts in plaintext on their servers, where employees, attackers, or legal demands could potentially access them. Confer flips that model by combining passkey-derived encryption with confidential computing. Messages are encrypted on your device, and processing occurs inside a Trusted Execution Environment, a hardware-isolated enclave that keeps data shielded from the host system.
The service relies on the WebAuthn PRF extension to derive encryption keys from your passkey, then uses remote attestation so anyone can verify the software running inside its secure enclave. Each build is cryptographically signed and published to a transparency log, creating an auditable trail. In practice, that means you don’t have to simply take the operator’s word for what code is handling your data.
According to reporting by TIME, Confer orchestrates different AI models for different tasks, drawing heavily from open source systems, with more advanced options available to paying users. That model choice is notable: open source helps with scrutiny and portability, while premium tiers can support heavier inference without shifting the privacy trade-off.
How It Works for Users on Supported Platforms
Getting started involves an email sign-in and passkey creation if your device supports it. Confer currently offers the smoothest experience on Mac and Android, while Windows and Linux users may need a compatible password manager for passkeys. Once in, the chat interface feels familiar to anyone who has tried popular AI tools.
A free tier lets you test the core experience, with paid plans unlocking higher usage or more sophisticated models. Recent updates add the ability to import past conversations from services like ChatGPT and Claude, easing migration. An iOS app is on the roadmap as development continues at a rapid clip.
Why Encrypted AI Chats Matter for Privacy Today
The timing is striking. As AI assistants grow ubiquitous, they’re also becoming data vacuum cleaners. Ad-supported roadmaps and model training pipelines incentivize platforms to collect and analyze what users type. That’s a risky mix for sensitive information, whether it’s proprietary code, client details, or personal identifiers.
A survey by the National Cybersecurity Alliance found that over 40% of workers have pasted sensitive information into AI tools, despite well-known concerns about data retention and leakage. Security incidents in adjacent products have also shown how easily guardrails fail and prompts escape their bounds. Together, these realities are pushing privacy from a nice-to-have to a business requirement.
Confer’s approach tries to match the privacy baseline people expect from Signal: your messages are unreadable by the service, unusable for model training, and resistant to compelled disclosure. It does not make AI infallible, but it reduces who can see your data to essentially you and the secure enclave executing your request.
Security Design and Trade-Offs in Confer’s Approach
End-to-end encryption for a web-based AI assistant is technically hard. Passkeys protect identity and key material on your device, but the model still needs to process your input somewhere. By anchoring execution inside a TEE, Confer bounds the trust problem to a verifiable hardware enclave. Remote attestation lets outsiders confirm the enclave’s identity and the exact code running.
There are trade-offs. TEEs depend on the security of underlying hardware and firmware, and confidential computing adds performance and operational complexity. Encrypted content also doesn’t automatically hide metadata like timing, sizes, or billing records. Still, compared with the status quo—centralized plaintext prompts retained for analytics—the privacy improvement is substantial.
Marlinspike has noted strong early usage, with the backend scaling to meet demand—an echo of Signal’s growth years. That momentum will be tested as Confer adds features, model options, and platform support while keeping its cryptographic guarantees intact.
What to Watch Next as Encrypted AI Tools Evolve
Enterprises exploring AI need a path that does not leak trade secrets or customer data. Confer’s architecture is designed for that exact scenario, and its import tools hint at a strategy to win over users already established elsewhere. Expect scrutiny from security researchers and privacy watchdogs; the transparency log and attestation claims invite exactly that.
If the market rallies around encrypted AI by default, we may see broader pressure on mainstream assistants to minimize retention and enable client-side or enclave-protected processing. For now, Confer offers a clear proposition: chat with AI the way you message a trusted contact—privately, with encryption first.