The Man Who Encrypted WhatsApp Is Back to Do the Same for Meta AI

Privacy's Favourite Troublemaker Returns

Moxie Marlinspike has form when it comes to making Big Tech awkward about privacy. A decade ago, he helped Meta bolt end-to-end encryption onto WhatsApp, giving billions of users conversations that not even Meta could read. Now he is back for round two, and this time the target is AI.

On 17 March 2026, Marlinspike announced via the blog of his company Confer that its encryption technology would be integrated directly into Meta AI. If it works as promised, the AI-powered conversations of millions of people across Meta's platforms could become genuinely private, processed inside secure hardware enclaves that neither Meta nor anyone else can peek into.

What Confer Actually Does

Confer is Marlinspike's end-to-end encrypted AI assistant, launched in December 2025. Think of it as ChatGPT's more paranoid cousin. It runs on open-weight models inside Trusted Execution Environments (TEEs) using AMD SEV-SNP and Intel TDX hardware, meaning your prompts and responses stay locked away from prying eyes during processing.

There is a free tier, though it is fairly stingy at 20 messages per day and five active chats. The paid plan runs to $34.99 per month, which is noticeably pricier than a ChatGPT Plus subscription. For the privacy-conscious, that premium might feel justified. For everyone else, it is a tough sell when free alternatives are everywhere.

The Meta AI integration changes the equation entirely. Rather than asking users to switch apps, Confer's encryption layer would come to them, baked into services they already use.

How It Builds on Private Processing

Meta has not been sitting idle on this front. Back in April 2025, the company unveiled its Private Processing infrastructure for WhatsApp AI features, employing anonymous credentials, Oblivious HTTP (OHTTP), and remote attestation. Meta even published a whitepaper at ai.meta.com inviting independent audits.

Confer's technology slots into this existing framework, reinforcing it with the same kind of cryptographic rigour that made the Signal Protocol the gold standard for messaging security. Marlinspike himself drew the parallel in his blog post, noting that this mirrors the approach he took with WhatsApp a decade ago. Confer will remain an independent entity rather than being swallowed by Meta, which should reassure those who worry about the fox guarding the henhouse.

The Elephant in the Room

Here is where things get properly awkward. At the very same time Meta is trumpeting encrypted AI conversations, the company is removing end-to-end encryption from Instagram DMs, effective 8 May 2026. You read that correctly. One arm of Meta is strengthening encryption while the other is ripping it out.

It is difficult to view this as anything other than contradictory. If privacy matters enough to encrypt AI chats, why does it suddenly stop mattering when teenagers are messaging each other on Instagram? The optics are, to put it charitably, not great.

Add to that the March 2026 incident where Meta AI smart glasses were found to be sending intimate videos to human moderators, and you start to understand why Marlinspike's involvement might be less a luxury and more a necessity for Meta's credibility.

Why This Matters for Everyday Users

The AI chatbot market is shifting fast. Google Gemini has surged to 21.5% of AI website traffic, up from just 5.7% a year earlier, while ChatGPT's share has dropped from 86.7% to 64.5%. Competition is fierce, and privacy could become a genuine differentiator rather than just a marketing buzzword.

For UK users in particular, where data protection expectations remain high post-GDPR, knowing that your AI conversations cannot be harvested, read, or leaked by the platform hosting them is meaningful. Whether you are asking an AI to help draft a sensitive email or summarise medical information, encryption is not a nice-to-have. It is table stakes.

The Verdict

Marlinspike's track record speaks for itself. He managed to encrypt WhatsApp without Meta acquiring Signal, and he appears to be pulling off the same trick with Confer. The technology is sound, the independent structure is reassuring, and the need is genuine.

But Meta's simultaneous decision to strip encryption from Instagram DMs casts a long shadow over the whole enterprise. Until the company can explain why privacy deserves protection in one product but not another, scepticism is not just warranted. It is essential.

Read the original article at source.