I had a look at your offering, and unfortunately I’m not convinced. Obviously you need to send plain text to the actual AI model in use, which is confirmed by
> Sending a message involves transmitting the message to the server in plaintext over TLS encrypted connections. Your plaintext message is encrypted with the conversation public key and saved before being forward to your AI model of choice, again in plaintext over an TLS encrypted connection. When the AI model has generated a response, this is returned to our server. This response is also encrypted with the conversation public key and saved before being forwarded back to you.
The model operator still gets everything, just not trivially traced back to the user and not collected in one place; in addition you get everything and there’s no way to verify you’re not inspecting and/or storing clear text user info, or hacked to do so. It’s basically a pinky promise from an unknown entity (no offense but you can see that from the user point of view) whose main value proposition is that pinky promise.
Thanks - I appreciate the honest words and no offense taken.
Yes I try to make it as obvious as possible that this is not end-to-end encrypted. Using provider APIs over their products (e.g. ChatGPT) does already offer some privacy benefits and I do give the user transparent choice over where to send their prompt.
But I am (currently) an unknown entity. How could I improve my offering to build up that trust?
I'm happy to even have a video call to answer any questions if that would help :) I see myself as offering a similar service to ProtonMail so perhaps I also need to look at how they built up trust in the early days too.
> How could I improve my offering to build up that trust?
I don’t know, it’s a hard bootstrap problem. With ProntonMail, even if the privacy promise isn’t upheld, at least they’re another email provider, and ProtonMail to ProtonMail emails probably doesn’t end up with Google, so it could still be slightly better. Here your service is a middle man, so if the privacy promise isn’t upheld it’s sort of strictly worse.
Maybe you can play up the multi-provider aspect? But that market has fierce competition from existing, often deep-pocketed alternatives, e.g. Quora’s Poe. They’re more convenient too since they don’t try to be private.
Yes multi-provider is fairly entrenched at the moment.
With this MVP I wanted to see if there was demand for something where privacy and encryption were enough of a USP to attract some early adopters. Maybe to also cross that hurdle I need to go fully transparent and open-source as well so that those with the technical knowledge can verify themselves that I am doing what I say I'm doing.
I'll also write up a long-form article with more details on the security and the encryption.
Mid-to-long term (and if there was demand) I could also get security audited & certified and hopefully build an increasingly trustful relationship.
Side note - somebody else replied to me drawing my attention to DuckDuckGo also releasing a Beta AI chat recently. It offers no storage, client or server, so if you refresh the page your chats are gone. I would imagine they are also testing the market for something like this.
> Sending a message involves transmitting the message to the server in plaintext over TLS encrypted connections. Your plaintext message is encrypted with the conversation public key and saved before being forward to your AI model of choice, again in plaintext over an TLS encrypted connection. When the AI model has generated a response, this is returned to our server. This response is also encrypted with the conversation public key and saved before being forwarded back to you.
The model operator still gets everything, just not trivially traced back to the user and not collected in one place; in addition you get everything and there’s no way to verify you’re not inspecting and/or storing clear text user info, or hacked to do so. It’s basically a pinky promise from an unknown entity (no offense but you can see that from the user point of view) whose main value proposition is that pinky promise.