The explosive rise of large language models (LLMs) is now history. But the bang still echoes throughout the tech sphere.
What began in late 2022 when OpenAI's ChatGPT burst onto the scene, the launch quickly captivated millions with its ability to generate human-like text, answer complex questions, and assist with everything from writing to coding.
OpenAI's creation sparked what many call the "LLM war," igniting fierce competition across the tech industry.
Almost immediately, major players rushed to release their own versions: Google unveiled Bard (later rebranded as Gemini), Anthropic introduced Claude, Meta launched Llama-powered tools, and Microsoft integrated similar capabilities into Bing and its ecosystem.
Each new entrant promised smarter, faster, or more specialized features, but most followed a similar playbook: harnessing vast cloud resources to deliver powerful AI while collecting user interactions to refine models, fuel advertising, or comply with legal demands.
This rapid proliferation came at a cost.
Users soon discovered that their seemingly private conversations with these AI assistants were often stored, analyzed, and potentially vulnerable. Incidents like court-ordered data retention by OpenAI, accidental exposure of chat logs, and the use of anonymized transcripts for training highlighted a troubling reality: interacting with mainstream AI often meant confessing thoughts to a vast, searchable "data lake" that companies, advertisers, hackers, or governments could access.
Signal creator Moxie Marlinspike wants to change that.
I've been building Confer: private AI chat where your conversations are end-to-end encrypted so that only you can access them.
It's still new, but I've been using it every day and beta testing it with friends. Let me know what's missing!https://t.co/EsRRPWWpYj— Moxie Marlinspike (@moxie) December 23, 2025
And that is by announcing 'Confer,' an AI-powered Chatbot, but with a privacy approach like Signal.
The idea is that, other chatbots that do have privacy settings, but they are opt-out features, or defaults favored data collection to sustain free or low-cost services. Confer on the other hand, aims to deliver an experience that looks and feels like ChatGPT or Claude: intuitive chats, powerful responses, but with privacy baked in by design, not as an afterthought.
At its core, Confer treats conversations with an AI the same way Signal treats messages between people: fully end-to-end encrypted, where only the user holds the keys.
Prompts and responses are encrypted on the user's device before ever reaching the server, using secure passkeys stored solely in protected hardware.
On the server side, Marlinspike wrote in a blog post that all AI inference happens inside a Trusted Execution Environment (TEE), a hardware-isolated enclave that prevents even administrators from peeking inside. Remote attestation lets users cryptographically verify that the exact promised code is running, uncompromised, while the full open-source software stack is published and digitally signed for transparency.
This architecture means Confer cannot read, store, train on, or hand over user data, no matter the request.
It eliminates the risks of data monetization, subpoenas, or breaches that plague other platforms. Chats can even sync securely across devices without the company ever gaining access.
"For Confer, we face the same core dilemma: we want users to seamlessly access their chats from any device, including a web browser, while ensuring those chats are end-to-end encrypted so no one else—not even us—can access them," said Marlinspike in another blog post at Confer.
While the free tier offers limited daily messages, a paid subscription unlocks unlimited use, advanced models, and personalization, all while preserving that ironclad privacy.
In an era where AI interactions can include any topics imaginable, Marlinspike argues that nobody should be able to read whatever prompts users make with a chatbot.
From work-related tasks to personal feelings, to intimate demands and more, this kind of things demand real protection.
By putting end-to-end encryption to the way Confer works, Confer doesn't just compete in the LLM war. Instead, it tries to redefined the battlefield by making privacy the default, not a compromise.
For those wary of handing over their thoughts to yet another data-hungry giant, it offers a compelling alternative: one built on the same principles that made Signal a trusted name in secure communication.
Then comes the drawbacks.
Using encryption means that Confer needs to operate inside a closed-loop ecosystem.
According to early feedback and reports, Conder's free tier base model often feels less capable or "sparky" compared to leading frontier models. Responses can also carry recognizable hallmarks of older-generation outputs, like formulaic phrasing, occasional inaccuracies, or less nuanced reasoning.
This is making it lag behind the cutting-edge intelligence users have grown accustomed to on platforms with massive proprietary training datasets.
Since Confer cannot access, store, or train its AI on user conversations, the AI certainly misses out on the continuous improvement loop that powers rapid advancements in closed systems. Without the ability to harvest vast amounts of real-world interaction data, model evolution relies solely on publicly available open-weight foundations and periodic updates, which inherently puts it at a disadvantage in raw capability and speed of iteration.
Then, the TEE also creates constraints and overhead, because the confidential computing setup, while cryptographically verifiable and resistant to even operator snooping, is more resource-intensive and costly than standard cloud inference.
Practical usability also comes with hurdles. The encryption relies heavily on WebAuthn passkeys, which work seamlessly on modern mobile devices and recent macOS versions but require workarounds (like password managers) on Windows or Linux. This can make setup feel less frictionless for some users compared to one-click logins on other platforms.
Additionally, the free version imposes daily message limits to manage costs, pushing heavier users toward a paid subscription for unlimited access and potentially better models.
It has been amazing to hear so many stories--just in a week--of people using Confer and having life changing conversations they previously wouldn’t have engaged with in a non private setting, or experiencing breakthroughs using data they wouldn’t have been able to share
— Moxie Marlinspike (@moxie) January 9, 2026
Confer deliberately avoids revealing exact backend details publicly, but reports indicate it draws from a rotating selection of different open-source models tailored to various tasks.
Marlinspike has emphasized a "no-model-selection" experience, which is similar to how Signal hides cryptographic complexity. He hopes that the approach will make users focus on utility rather than choosing between options like LLaMA, Mistral derivatives, or other open-weight foundations. This abstraction keeps things simple but leaves power users without fine-grained control over which LLM handles their query.
In the broader landscape, these disadvantages reflect a deliberate trade-off: Confer prioritizes unbreakable privacy assurances, zero data retention, no training on chats, resistance to subpoenas or breaches, over peak performance.
For sensitive or deeply personal use cases, this makes it stand out as one of the few truly "zero-access" cloud AI options.
Yet for casual, high-volume, or bleeding-edge needs, many still turn to less private but more powerful alternatives. As the service matures and open-source contributions grow, some of these gaps may narrow, but the fundamental tension between privacy purity and frontier-level intelligence remains central to Confer's identity.
It has been cool to see so many people using Confer over the past few weeks, and I've been working to keep scaling up the backend!
I remember the early Signal 24hr sustained traffic milestones (1 msg/sec, 10/s, 100/s, ...) and its fun to see traffic climb through those again— Moxie Marlinspike (@moxie) January 13, 2026