Privacy

46564 readers

701 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

I don't understand how Moxie Marlinspike's Confer "Private LLM" works (piefed.social)

submitted 1 month ago* (last edited 1 month ago) by artifex@piefed.social to c/privacy@lemmy.ml

25 comments fedilink hide all child comments

So I was reading this article about Signal-creator Moxie Marlinspike's new project, Confer , which claims to be a verifiably E2E encrypted LLM chat service. There are a couple of short blog articles that give the gist of it, and some github repos including this one that includes scripts for producing the VM that will run your particular LLM session. But if I'm following this all correctly, it implies that every chat session (or perhaps every logged-in user) would have their own VM running their own LLM to ensure that the chain of trust is complete. This seems impossible from a scalability perspective, as even small LLMs require huge quantities of RAM and compute. Did I miss something fundamental here?

you are viewing a single comment's thread
view the rest of the comments

[–] teolan@lemmy.world 2 points 1 month ago

For both MobileCoin and Signal the TEE are not relied upon for the security of the general application but only for some convenience feature that are required for mass adoption but that you can go without using them.

Also, while TEE are not bulletproof, in such a server situation, it means that getting user data means much more invasive compromise than just querying the database. It's an imperfect solution, but an improvement nonetheless.