Moxie Marlinspike, the creator of the Signal messaging app, has introduced Confer, an open-source AI assistant designed to prioritize user privacy in conversations with large language models. The tool encrypts user data and interactions so that only account holders can access them, shielding them from platform operators, hackers, and law enforcement. This launch addresses growing concerns over data collection in AI platforms.
Moxie Marlinspike, known by his pseudonym as the engineer behind Signal Messenger, is applying lessons from secure messaging to artificial intelligence. On January 13, 2026, Ars Technica reported the debut of Confer, an open-source AI assistant that ensures user data remains unreadable to anyone except the account holder. The service runs on verifiable open-source software, with conversations encrypted in a trusted execution environment (TEE) on servers. Encryption keys stay on users' devices, allowing secure storage and syncing across devices without compromising privacy.
Like Signal, which simplified end-to-end encryption for messaging and prevented even operators from accessing content, Confer makes private AI interactions straightforward. Marlinspike told Ars Technica, “The character of the interaction is fundamentally different because it’s a private interaction.” He highlighted stories of users having “life-changing conversations” enabled by the secure environment, where they could share sensitive information freely—unlike with platforms like ChatGPT.
Current AI assistants from major providers, such as OpenAI's ChatGPT and Google's Gemini, face criticism for data practices. Courts can subpoena logs, including deleted chats, as seen in a May ruling against OpenAI. CEO Sam Altman noted that even psychotherapy sessions might not remain private. Privacy expert Em described AI models as “inherent data collectors,” often gathering information without clear consent for training and monetization. Users frequently treat these tools as confidants, sharing personal thoughts and secrets, which Marlinspike likened to “confessing into a ‘data lake.’”
Confer uses passkeys for authentication—generating unique 32-byte keypairs stored securely on devices, supporting biometrics like fingerprints or face scans. Its simple interface decrypts chats in two steps, with forward secrecy to protect past and future sessions if a key is compromised. Servers employ TEEs with remote attestation, verifiable via digital signatures and a transparency log.
While alternatives like Proton's Lumo and Venice offer encryption or local storage, they differ in complexity. Big platforms provide opt-outs but include carve-outs for human review or legal access, leaving privacy vulnerable amid subpoenas and breaches. Confer, with native support on recent macOS, iOS, and Android (and extensions for Windows and Linux), aims to set a new standard for secure AI use.
