Welcome back to In the Loop, TIME’s new twice-weekly newsletter about AI. If you’re reading this in your browser, why not subscribe to have the next one delivered straight to your inbox?
What to Know: Signal’s founder is working on encrypted chatbots
Moxie Marlinspike, the cryptographic prodigy who wrote the code that underpins Signal and WhatsApp, has a new project—and it could be one of the most important things happening in AI right now.
[time-brightcove not-tgx=”true”]
The tool, named Confer, is an end-to-end encrypted AI assistant. It uses smart math to ensure that even though the compute-intensive process of running the AI still happens on a server in the cloud, the only person who can access the unscrambled details of that computation is you, the user.
New paradigm — That’s a clean break from the current way of doing things. When you interact with existing chatbots—unless you have a powerful computer running an open-source AI system—your data is not held privately. That’s especially true for the most useful models, which are closely guarded by AI companies, and far too big to run on a local machine anyway. Even though it may feel as intimate as a private chat, the reality is quite different. Marlinspike writes that users appear to be engaged in a conversation with an assistant, but an “honest representation” would be more akin to a group chat with “executives and employees, their business partners / service providers, the hackers who will compromise that plaintext data, the future advertisers who will almost certainly emerge, and the lawyers and governments who will subpoena access.”
Anti-surveillance — For AI companies trying to generate profitable returns on the capital expenditure of building frontier AI systems, that data is a potential goldmine. Your AI chat logs reveal how you think, Marlinspike argues. As such, they could be the key for a profoundly more powerful—and manipulative—form of advertising, which is inevitably coming soon: “It will be as if a third party pays your therapist to convince you of something,” Marlinspike writes.
Safety implications — An enduring criticism of Signal is that encryption allows nefarious users to escape consequences of their actions. The same might be true of encrypted LLMs. But that cat is already out of the bag: open-source models can be run locally. More dangerously, their guardrails can be fine-tuned away. Confer doesn’t have that problem, since it doesn’t give users access to underlying model weights. Its private inference paradigm therefore seems, in fact, to be a new kind of middle path: combining the privacy protections of open-source models, with the ability to safeguard model weights that is so far only possible with closed-source, surveillance-prone AI. That might be a win, not a loss, for AI safety.
Ecosystem effects — One of the most interesting things to think about here, for me, is what impacts Confer will have on the wider AI industry. Marlinspike’s key victory with the Signal protocol was arguably not the creation of Signal (although it’s a vital app that I use every day). It was the fact that WhatsApp later used Signal’s code to encrypt the chats of billions of users, magnifying its effects far more widely. To be sure, I doubt Google, OpenAI or Anthropic will be end-to-end encrypting their users’ chats any time soon—doing so would run directly counter to their business interests. But by offering a privacy-respecting alternative, Confer could undermine the business models of less user-friendly companies. (A type of “race to the top,” to steal a line from Anthropic.) With the advent of frontier AI, the balance of power between users and corporations tipped strongly in favor of Big Tech. Confer could be a sign that trend isn’t as inevitable as it might seem.
Will it work? — My main criticism with Confer, after spending some time using it, is that the free version’s base model lacks the spark of my current favorite model. Marlinspike does not specify what AI model powers the app. In a Signal message, Marlinspike told me that Confer uses different open-source models for different tasks. “My hope is that we don’t have to burden people with selecting or thinking about a model, in the same way that Signal doesn’t burden people with selecting a [cryptographic] cipher,” he said. Even so, its outputs contain a lot of the recognizable hallmarks of early ChatGPT responses: “It’s not X, it’s Y” formulations, for example. Confer’s paid tier is more expensive, at $34.99 per month, than its competition, but it does offer the ability to use “advanced AI models” and personalize how they respond, according to the website. There’s certainly room for improvement, but for a version-one product, it’s an impressive suite of features.
Who to Know: Google CEO Sundar Pichai
Google became the fourth company ever to reach a valuation of $4 trillion on Monday, the latest milestone in a relentless comeback for a firm whose CEO, Sundar Pichai, was once pilloried for appearing to have fumbled Google’s AI lead to OpenAI. Google stock rose after Apple announced it had picked Google’s Gemini AI models to power the next generation of Siri, in a multiyear partnership likely to be worth billions of dollars.
Gemini is also gaining ground on ChatGPT in the share of global AI traffic, according to statistics shared by Similarweb earlier this month. Gemini now receives 21.5% of total AI website traffic, up from 5.7% a year ago. Although ChatGPT is still growing, it is doing so at a slower rate: its relative traffic share has fallen from 86.7% a year ago to 64.5% today.
AI in Action
The U.K.’s media regulator Ofcom announced an investigation into Elon Musk’s X on Monday, following a scandal in which its chatbot Grok was used to generate sexualized deepfakes of women and children. The investigation could result in fines of up to 10% of X’s worldwide revenues, or even an outright ban, officials said.
What We’re Reading
OpenAI’s Shopping Ambitions Hit Messy Data Reality, in The Information
OpenAI is struggling to get its in-app checkouts to work properly. Ann Gehan writes: “Challenges with wrangling product data mean in-app checkouts aren’t yet widely available to the millions of shops that OpenAI said in September would soon be coming to ChatGPT. OpenAI and its early partners, Shopify and Stripe, have been working on ways to better standardize and share merchants’ product information in order to expand the shopping service more broadly, two people with knowledge of the efforts said.”
The post Signal’s Founder Built a Chatbot That Can’t Spy on You appeared first on TIME.
