How do you know your personal data is private online?
Most tech-savvy people, encountering this question, would probably just scoff and tell you that you don’t have a reasonable expectation of privacy. Absent some kind of special walled garden, your data is largely out there to be pilfered, pondered, scrutinized, and fed to AI engines for training.
Enter Moxie Marlinspike, one of the most colorfully named voices in tech today and someone I had never heard of until I was told that this person’s key management system promises the ultimate cryptographic protection for personal data that’s used in AI schemas.
Turns out Marlinspike was also the brain behind the Signal app that supports secure and private messaging.
Now, this illustrious engineer has made something called Confer that is supposed to help users to navigate chats securely, without exposing their information to governments, scammers, service providers, or, well, anybody.
How it Works
In a way, the engineering behind Confer is profoundly simple: the private key is kept with the user, so after the data is encrypted at the point of departure, it can’t be viewed by any other party.
Like the old book-and-number schemes of the ancient analog days, it’s foolproof – to an extent.
“User data will never be accessed by the chatbot and stored on their servers to be used for AI training of the models,” crows Isaiah Richard at Tech Times. “This also means that users will not be part of tracking, especially as ads are now coming to AI platforms. Confer encrypts messages via the WebAuthn passkey system and then employs the Trust Execution Environment (TEE) for the inference processing on its servers.”
I like this term, Trust Execution Environment (TEE), even though it sorts of reeks of techspeak.
Experts describe the TEE as a kind of “panic room” for data, where even if the larger environment is breached, the TEE can provide sanctuary.
And again, it’s the key use strategy that provides this safety.
As a sidebar, here’s what GPT considers the “three essential principles of key management:”
- Generate keys securely (strong randomness, approved algorithms, right key sizes).
- Protect keys at rest and in use (HSM/TEE where possible, encryption, least privilege, separation of duties).
- Manage the full lifecycle (distribution, rotation, backup/escrow if needed, revocation, and secure destruction + audit logs).
In a world where privacy is hard to come by, Confer changes the game. Here’s how Marlinspike characterizes the difference in an article at Ars Tecnica by Dan Goodin:
“The character of the interaction is fundamentally different because it’s a private interaction,” Marlinspike said. “It’s been really interesting and encouraging and amazing to hear stories from people who have used Confer and had life-changing conversations, in part because they haven’t felt free to include information in those conversations with sources like ChatGPT or they had insights using data that they weren’t really free to share with ChatGPT before but can using an environment like Confer.”
The Power of Remote Attestation
The software also solves another set of potential problems by doing something like a hash check on systems before sending secrets through the platform.
My original question, and an important one, was this: if big providers, government, or whoever, are faced with the daunting prospect of monitoring communications over Confer, and they’re really hellbent on getting this stuff, couldn’t they just install keyloggers and image captures on the user’s device, and get the same data at the point of origin?
That leads us to something called ‘remote attestation’ that’s also a part of the Confer build.
“On Confer, remote attestation allows anyone to reproduce the bit-by-bit outputs that confirm that the publicly available proxy and image software—and only that software—is running on the server,” Goodin reports in the above Jan. 13 piece. “To further verify Confer is running as promised, each release is digitally signed and published in a transparency log. Native support for Confer is available in the most recent versions of macOS, iOS, and Android. On Windows, users must install a third-party authenticator.”
Okay, so the remote attestation may solve that issue, by doing a preliminary check. If you’re confused as to how this works, here’s a simplified example that I got from GPT, verbatim here:
“A bank ships an app meant to run inside a TEE: ‘PaySafe v1.2.’ When it starts, the TEE produces an attestation that includes a measurement (think: a cryptographic ‘fingerprint’) of the exact app code + key settings. ‘Genuine’ means: the attestation is signed by the real hardware/firmware keys, so the bank knows it’s an actual TEE on a real device (not a fake program pretending). ‘Unmodified’ means: the fingerprint matches the bank’s known-good fingerprint for PaySafe v1.2.
How could a system be “modified”?
“An attacker patches the code to skip PIN checks or send keys out. They swap in a ‘look-alike’ build (same name/UI) with an extra backdoor function. They change key configuration (e.g., allow debug mode, or weaken security flags) so secrets are easier to extract. If any of that happens, the measurement changes, and the bank refuses to send secrets (like signing keys or account tokens).”
So I guess the key strategy, plus the remote attestation, does give a pretty good protection from prying eyes.
Library Wars
As a little addendum here, I was also reading about some of the kerfuffle between various archives and “shadow libraries” operating on the web: in particular, the fight between WorldCat and something called “Annie’s Archive,” where the latter is accused of “scraping” the former’s data. You can read about it here, but it exemplifies the kinds of struggles that emerge when IP or anything else is not secured and protected from unauthorized use.
