Hello all, I’ve been lurking on this forum for a few months now and have decided to finally contribute.
For some context, the threat model to be considering for this question is low, generally, primarily seeking to avoid data collection, targeted ads, and passive surveillance.
I am wondering about the level of privacy claimed by Maple AI. I’ve only recently heard of it and haven’t done too much digging so mainly wondering if anyone feels comfortable using it privacy-wise and quality-wise.
An obvious problem today is the lack of consumer self-hostable AI models that can do anything useful in terms of advanced reasoning. They require too much power, too much money, and too much technical expertise for the common person. I have previously attempted to use duck.ai, yet it lacks in the cutting-edge work you can do with the latest models and still isn’t as private as Maple AI claims to be. I have work and personal projects that would greatly benefit from higher quality models, but it eats at me to give in to just buying in to chatGPT. Its like the forbidden fruit.
But anyway, apologies for the rambling, I wanted this to be somewhat open-ended and just get peoples thoughts on both Maple AI as well as the core issue surrounding private, self-hosted LLM models that run on consumer-grade hardware vs the alleged privacy respecting proxy services like Maple AI and duck.ai.
Thanks for any responses, I appreciate this community greatly.
It looks interesting, I’m happy to see they’re using confidential computing to protect your queries. It’s not going to be as good of a guarantee as proper E2EE but it’s about as good as you’re going to get with cloud AI for now.
I noticed they have an “Anonymous” sign up option which doesn’t ask for an email which is really rare to see, although it doesn’t seem to support passkeys which is a shame.
Maple co-founder here. We looked at the landscape of AI tools and saw that the big AI labs collected as much data as possible, that proxies added a bit of anonymity but still handed your query content over to big labs, and that local AI was too underpowered to keep up (for now).
Confidential computing let us build e2ee AI on top of full size open models. Queries are encrypted locally with a private encryption key. They are only decrypted in the cloud within the secure enclave. The response from the LLM in the secure enclave is encrypted before being sent back and decrypted locally. Using this encrypted backend nature it allows us to sync your AI between devices as well.
We open-sourced our stack, both client and server because we want users to see how their data is handled. The client does a security check with the backend to make sure it’s running the same code that is published on github. If it’s not, the client refuses to connect.
The anonymous account is quite popular. Curious your take on passkeys, though. We haven’t added them yet partially because the UX for them isn’t great. We will probably add them, but talking to users, they end up being a point of friction more often than people expected.
I think the phishing protection of Passkeys is a huge benefit to the average person, especially if you expect to grow larger and/or people trust you with more sensitive data in their chat histories, which might make you a bigger target.
I don’t see any MFA settings in Maple, so I guess there is no protection against this unless I choose to use GitHub/Google/Apple?
It would be nice to see FIDO2 security keys and Passkeys as a 2FA option, but I’d really love to also see a usernameless Passkey login option where you don’t need an account ID or email and password to sign in at all, just your Passkey.
I am also curious whether you’ve looked into accepting Monero in addition to Bitcoin, and how you see your service in comparison to Confer.to.
That’s a main reason we would add it. The goal of Maple is to make encryption and privacy easy for the average person.
We have MFA through GitHub/Google/Apple, so it’s a matter of adding it to the Email and Anonymous account options. We have plans to increase security options in many ways. Like your example, a user could pair Passkey with the Anonymous account and get a great privacy option for AI.
We get requests for Monero. It’s on our list, but low at this time. We are focused on building out a product that competes at the level of ChatGPT. Adding additional payment options adds complexity to our billing software and creates risks. It’s just a matter of focus right now.
Confer is getting lots of publicity because of who is making it. I’m glad he’s bringing so much attention to the space. We are by far the most powerful and fully featured TEE AI out there, so we have much more to offer users than Confer. Largest open models, document upload, image analysis, Teams plans, etc. I imagine he will continue adding to Confer and begin catching up. Lots going on in this space.
I’ve been interested in Maple and OpenSecret since listening to your interview on Opt-out. But I can’t personally justify spending $20+ a month for my moderately light use of AI. Any chance that Maple will offer an alternative to the monthly subscription? (e.g. a pay per token / pas-as-you-go model)
Also, since you are here, would you be willing to talk about the limitations (as well as strengths if you like) of your design model (and the use of TEEs with AI in general). Where are the areas where customer privacy is still reliant on trusting you (Maple). What would need to happen for Maple/OpenSecret or for AWS (or a malicious 3rd party that compromises one or the other) to be able to observe private conversations or other sensitive information? I find services, that think hard about and talk openly about the trade-offs and limitations of their design decisions to be a big ‘green flag.’
(basically what I’m asking is to what degree is using TEEs for inference approaching a trustless design, and in what specific areas does user privacy still rely on trust)
Understand that subscription isn’t the preferred path for some users. That’s how we’re structured because we want Maple to be the personal AI that users know is always there for them when they need it. We have users who say they prefer that over pay as you go. No plans to change that at the moment.
TEEs use hardware encryption with continuous security updates, making attacks require sophisticated physical exploits. Financial institutions are actively adopting TEEs for sensitive workloads, which means the stakes are high for AWS to actively protect and update their security.
The most private AI is the local one that isn’t connected to the internet. The next best is open-source TEE AI with hardware attestation that cryptographically verifies what code runs in the enclave.