So I was reading this article about Signal-creator Moxie Marlinspike’s new project, Confer , which claims to be a verifiably E2E encrypted LLM chat service. There are a couple of short blog articles that give the gist of it, and some github repos including this one that includes scripts for producing the VM that will run your particular LLM session. But if I’m following this all correctly, it implies that every chat session (or perhaps every logged-in user) would have their own VM running their own LLM to ensure that the chain of trust is complete. This seems impossible from a scalability perspective, as even small LLMs require huge quantities of RAM and compute. Did I miss something fundamental here?
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 108 users / day
- 435 users / week
- 1.32K users / month
- 4.54K users / 6 months
- 1 subscriber
- 4.65K Posts
- 117K Comments
- Modlog
I think it’s a pragmatic approach to a difficult problem. You’re still trusting that Proton is doing what they claim to be doing by not logging any of the data, and it lacks the verifiable trust chain of the VM that this Conifer system has (which theoretically would let you audit the code to confirm that there is no logging going on, and then check the crypto hash of the VM running your LLM conversation to confirm that it is in fact running that code), but if you trust Proton this step isn’t as important. Otherwise the approaches look fairly the same.Proton is using PGP for the inflight encryption to the LLM while Conifer is using… maybe PGP too, I’m not sure, but a similar approach. And as others have said here, LLMs are stateless so if you can trust that the platform isn’t logging the requests, there should be no record of your discussions.