Moxie Marlinspike

@kevinakwok You can cut out the middle man: confer.to :)

Lawyers have ultimate defensibility in attorney-client privilege. Which means soon we will all be knowingly and happily paying our lawyers to talk to chat/claude for us

There were a lot of terrible things about “crypto,” but there was also some really hardcore nerdery in there. Every so often I stumble upon some random pile of very esoteric now semi-abandoned code from that period, and I think “wow, these people really nerded pretty hard here.”

I didn’t go to college, but I did once unexpectedly end up at Princeton University’s “reunions weekend.” The way they do it, every 5th year class has their reunion on campus at the same time. So every year, on one weekend, the Princeton campus will be filled with people celebrating their 5th, 10th, 15th, and so on class reunions— all the way up until there’s nobody alive anymore. The beginning of reunions weekend kicks off with a parade! It is a parade of the Princeton graduates: featuring themselves, in honor of themselves, for… themselves. It works like this: all the graduates pack the sidewalks of the parade route, but ordered by graduation year. The recent graduates are standing at the end of the route, and the oldest graduates are at the beginning. Then, the parade begins. The oldest living graduate steps off the sidewalk and leads the parade. When everyone older than you has gone by, you step into the street and become the parade. Until you become part of the parade, you’re cheering the parade. You cheer and witness everyone before you, and then you are cheered and witnessed by everyone after you. It is a bizarre ritual. To see it, though, is like seeing the entire fossil record of Princeton graduates. The person leading the parade — the oldest living graduate in that cohort — is a white guy. And then, for a reallllly lonnnnnng time, it’s just white guys! After 30 minutes… a woman! A white woman. With people in the parade maybe holding signs like “first coed graduating class!” And then another 30 minutes of slowly, incrementally, more white women in the parade. And then… the first black man! Another 30 minutes of slowly, incrementally, more black men. And so on. By the end — the most recent class — is the exact opposite of the beginning. A mix of everyone you can think of. For some reason that parade really stuck with me. It’s simultaneously a representation of how much the world has changed, but also a representation of how many “minutes of parade” are still walking around having lived and ended up where they are under very different circumstances.

Confer now supports images in chats, so you can add photos to your encrypted conversations: confer.to

@blacktop__ Just waiting on apple review!

@moxie That’s huge!! (Now eta when iOS app? ;))

Confer's privacy technology is coming to Meta AI. We're integrating private AI and end-to-end encryption into Meta's products: confer.to/blog/2026/03/e…

@milianstx @vitorpy confer.to/blog/2026/01/p…

@vitorpy Yep. What you mean confer?

Venice is not really private. ( $VVV ) To be clear, Venice itself doesn’t log user data, and there isn’t a centralized company harvesting prompts. But inference is handled by GPU DePIN networks like Akash and Hyperbolic, where individuals like you and me, or data centers, provide spare compute. That means the machine executing your prompt is not under your control. And without cryptography, there’s no way to prove that those machines aren’t logging anything. Provider rotation reduces persistent tracking, yes. But rotation is not the same as privacy. The computation itself isn’t encrypted. The node processing your prompt can see it. And remember: the cloud is just someone else’s computer. If you want actual privacy for AI inferencing today, the strongest option is running models locally via something like @Ollama. It’s straightforward to set up, but larger models require beefy hardware. The next best path is encrypted inference. Open-source models can be hosted on platforms that run inference with privacy-enhancing technologies underneath, so you still get a ChatGPT-like experience, but the execution remains encrypted. I’m not saying Venice is malicious. I’m saying there’s a difference between “we don’t log” and “it’s cryptographically impossible to log.” This was a big topic last year. More context below.

@KennyAJoseph Unfortunately @Bitwarden doesn't support passkey prf. They use it for their app, but don't support it for other apps once they've replaced the platform authenticator. You can disable BW and use the platform authenticator, or replace it with a different PW manager though.

@moxie Why doesn't Confer support BitWarden for storing the passkey? Is it notably harder to support and/or have security concerns?

Sure, they don’t ask how you’re doing. They don’t engage with your other tweets. But they will defend a cloud messenger with the eerie consistency of someone who just discovered copy-paste. And that's at least... engagement?

If you're feeling lonely on X, just post about how Telegram isn't an encrypted messenger. It'll reliably fill your mentions with 40 accounts named 'Priv8User420', all sharing made-up cryptography facts and Telegram memes. It's the closest thing X has to a support group.

With the basic Confer infrastructure in place, it’s pretty exciting to start exploring what can be integrated. There are so many data sources that are going to be super powerful to hook up, but would be otherwise insane to connect to an unencrypted model provider.

Confer now supports encrypted attachments. Explore medical records, financial statements, legal documents -- without transmitting any of it to the data lake that will be plumbed by future subpoenas, hackers, and advertisers.

@Edward505695734 Real soon now!

@moxie appreciate your work! when can we get an app for Android/iOS?

@jurvistan `env -i` resets the environment for the process (vllm)

@moxie hm, there's still `secrets.env` which could still vllm args, right? a possible fix here could be to move parsing to an attested launcher in rootfs that reads the secrets file with strict allowlist of envvars. the will make it verifiable that logging flags can't be injected.

@moxie quick q on Confer. it looks like the image ships Vector with a journald sink to ${LOGGING_INGEST_URL} (#L51-L62" target="_blank" rel="nofollow noopener">github.com/ConferLabs/con…). since vllm logs to journald, how can users verify that prompts/responses aren't logged?

@0xferrous There is no upstream! The model runs inside :)

@moxie looking into confer, very interesting! is the code running inside TEE just the confer-proxy? doesnt the upstream hosted AI API providers still see the whole conversation?

@D8N13L_TH0M85 No, except you can define custom instructions per-folder that go in the context for each chat in the folder

@moxie Does putting the chats in the folder change the context window?

Confer now supports branching conversations from assistant responses and from editing user messages :)

Confer now also supports the ability to bulk move many chats into a Folder. Something people have been asking for to help organize chats imported from ChatGPT / Claude.

Confer now also supports keyboard shortcuts from desktop!