It’s frustrating that I can’t find any information on which LLMs Confer provides.
1 Like
I like the idea. AI is becoming harder & harder to avoid altogether while remaining competitive in the workplace. Efforts to build a version that offers some semblance of privacy are appealing
I do wonder whether this model is practical. It’s no secret that mainstream, cloud-based AI uses your data to further train itself. It would follow that ‘private’ AI would not have this ability. Will this limitation prevent a private AI from ever approaching the capabilities of its invasive competitors?
Pending any exploits, it should prevent anyone else from being able to see your requests.
Another publicly available LLM offering E2EE is Lumo, provided by Proton, a European company that’s behind the popular encrypted email service. It adopts the same encryption engine used by Proton Mail, Drive, and Calendar. The internals of the engine are considerably more complicated than Confer because they rely on a series of both symmetric and asymmetric keys. The end result for the user is largely the same, however.
This part is kind of bogus, they use zero-access encryption so Proton still has access to the data before it’s encrypted. They don’t use any TEE for now to prevent that, although it seems like their scheme tries to prevent them from accessing the data as much as possible as they can. I would prefer if they used TEEs though, Apple, Google, and multiple smaller AI companies like Confer here are all doing confidential computing, so I’m not sure why Proton isn’t yet.
1 Like
Thanks for sharing. If it were anyone other than Moxie, I’d be worried—there are plenty of ways it could go wrong. That said, I’m excited to watch what comes next.
1 Like
Signal were pretty early adopters of Intel SGX all the way back in 2017, so I think it’s safe to say Moxie has confidence in the tech.
2 Likes
It’s still a little frightening to consider all the things one has to keep in mind with AI. Fortunately Moxie handles it, and the previous projects are as good a testament as one could hope for.
edit: I honestly can’t imagine all the different ways myself.
I think you meant Confer, not Venice, but if you did mean to refer to Venice.ai, then: Pricing | Venice API Docs.
If you did mean Confer, I haven’t been able to figure out what models are being used either.
I think you may be misunderstanding the business model. The providers focused on ‘private’ cloud hosted AI, are not generally the one’s who are building and training the models. They do not have the same need for training data as the big companies who develop and train the models.
2 Likes
Ah, I see. I reread that news piece and for some reason, I completely misremembered the “Venice” part at the end. In reality, it’s only Confer that holds any interest for me.
@em quote in the wild 
Data privacy expert Em (she keeps her last name off the Internet) called AI assistants the “archnemesis” of data privacy because their utility relies on assembling massive amounts of data from myriad sources, including individuals.
“AI models are inherent data collectors,” she told Ars. “They rely on large data collection for training, improvements, operations, and customizations. More often than not, this data is collected without clear and informed consent (from unknowing training subjects or from platform users), and is sent to and accessed by a private company with many incentives to share and monetize this data.”
6 Likes
I think it’s an interesting offering. In comparing Confer to Proton Lumo, they both claim to be E2EE, and yet the performance of Confer is much faster. I expect speeds to be slower overall when full encryption is done properly given the extra computational power required.
What does everyone think about this? I know Confer isn’t open source but Moxie has also a great reputation for trust when it comes to stuff like this.
Add: https://tee.fail/
I still don’t think that relying on remote hardware you don’t control is sufficient ground for claiming e2ee (unless the marketing is hiding that the ends are “you and server” and not “you and you”).
Will wait for homomorphic encryption.
1 Like
True, I definitely wouldn’t call it E2EE. I would say it’s a huge improvement over not having it however.