Confer: end-to-end encryption for AI chats

I have noticed a few “private AI”threads on the forum, but I hadn’t seen Confer mentioned yet. Moxie Marlinspike has recently released a few blog posts (like the following link) about an approach he is working on: Private inference | Confer Blog

I was curious to try this out, but it's kind of ironic that a privacy-focused service only has Google OAuth for authentication

Yeah, it’s a bit strange when they were talking about passkey-derived encryption. Maybe it’s not fully rolled out yet?

Still it’s cool to see AI using confidential computing more and more.

Seems a bit expensive to me.

Guest
Get started with basic features
$0/month
20 messages per day
5 active chats
Basic AI model

MemberFull access with 2-day free trial

$34.99/month

Unlimited messages

Unlimited chats

Advanced AI models

Interesting to have moxie (the original developer of the signal protocol) take a shot at this, worth to follow at the least.

The model can search the web and open web pages, I wonder how he achieves that privately, didn’t see it mentioned yet.

I could sign up with a normal email and then create a passkey.

When Proton announced Lumo I thought this is what they did. Kinda disappointed in Proton there.

Just checked it out again and noticed they’ve added email registration alongside Google OAuth, nice to see

I still don’t understand why email is needed, passkeys sync with your password manager across devices and don’t have any risk of being forgotten like passwords. A private AI shouldn’t be collecting any data.

Probably to prevent abuse considering it does have a free tier.

I’d like to try this but I can’t figure out how.

I use MacOS, Firefox, and Bitwarden. I can’t save a passkey. My YubiKeys aren’t Bio series so I can’t use those. I can’t use MacOS’s keychain because that requires iCloud, which I don’t use. Bitwarden isn’t supported. I think I could use a Chromium based browser and store the passkey locally in that?

Any ideas?

Oh great, another AI chatbot that misuse the term “end-to-end encryption”. “Confidential computing” is not “end-to-end encryption”.

I know what these companies are trying to do, but this marketing tactic leaves a sour taste in my mouth.

Confer isn’t the only one offer this kind of service. You can try Maple AI instead.

In only tried proton pass which worked on Firefox om desktop and Vanadium

I’m quite interested in this (and the various other projects working on similar things ^[1].

Currently it seems that details are very thin, and docs are seemingly non-existant. The github is pretty barebones in terms of documentation and comments.

I’m really hoping they will prioritize getting some docs written up and providing more detail. My interest is piqued because Moxie is involved, otherwise I think I’d be pretty dismissive of a project that chooses to release with sooo little documentation, or even an FAQ. This could be something cool and useful, but they need to put in the work documenting how it works and what it is.

In terms of plans, currently the options are:

• $35/mo paid plan = unlimited, and “advanced” (but unspecified) models
• Free Plan = 20 queries per day, basic model (also unspecified)

It frustrates me when projects won’t state what models they use. I don’t mind when it’s not publicized front and center in the UI, but it should be mentioned somewhere in the docs at least.

1. For Example: Maple AI or Nano-GPT’s TEE servers or PrivateMode.ai) ↩︎

I’ve been poking around on their github, trying to get a better grasp of the building blocks, and possibly what models are being used. I’m not a developer, so my ability to interpret what I’m reading is quite limited.

I’m seeing a lot of references to:

1. vLLM (a popular locally hostable inference backend^[1])
2. Together.ai (an LLM hosting provider^[2])
3. And various references to OpenAIClient
4. Web Search seems to be enabled by a service called Tavily

1. and alternative to llama.cpp, ollama, etc ↩︎

2. the same provider that Duck.ai uses ↩︎

I have the same problem. Haven’t tried too hard to figure it out yet. It did appear to ignore my chosen password manager (BitWarden) and try to involve Apple’s Passwords app - which I don’t use and don’t want to use.

ProtonPass on Firefox (on MacOS) worked.

It’s frustrating how these services never give you a simple ‘delete account’ option.

Out of curiosity are you attempting to add the passkey from a phone or computer? In my experience, the user experience can differ based on the device type.

I was doing this on my computer (latest macOS). Sorry, should have said that. Also Firefox latest (w/ BitWarden).

I looked through the Bitwarden forum and there were posts on issues with the Firefox browser extension as recent as Dec 2025.

The possible solutions mentioned:

1. Bitwarden employee mentioned the latest version that fixes this is 2025.11.2 (you mentioned you already updated - just sharing for awareness)
2. After updating, some users had to restart the browser before it worked
3. Make sure “Ask to save and use passkeys” is turned on. - this found in the browser extension: Settings > Notifications > should be a checkbox
4. Make sure no domains are listed in “excluded domains” - one user found google was excluded

Does any of this help your situation?

Until they have homomorphic encryption where the entire inference computation is performed on encrypted data I don’t think it is legitimate to call any of these services end-to-end.