Okay, I managed to find the source code, which was in an awfully named repository on Github called “OpenSecretCloud/opensecret”
The bad news:
- conversation contents are encrypted. Good.
- the encryption key for conversations is derived from an encrypted user key
- this is protected by the enclave secret, which is a fixed secret.
- this key is encrypted by a key in by AWS KMS 🤦
Anyone with the encrypted secret and a single second of access to AWS KMS can get the raw secret. This includes employees with IAM management access to push new builds
From there, you can decrypt any user’s conversations that were encrypted with this key, back to the last key rotation and until the next key rotation happens.
(Which seems that there is no implementation of)
A supply chain attack on a dependency of the backend or a malicious build pushed out by a privileged employee can also extract this secret.
The enclave also calls out to a lot of remote services, which could indicate that there is little-to-no firewalling to prevent exfiltration. Even then, many used APIs like the GitHub API can be used to exfiltrate data.
semisol
Maple AI is a funny product. They claim it’s private and protected by TEE but the code running inside the TEE is closed source so you don’t know what it actually does.
And they can push updates whenever, including one that exfiltrates your data.
I asked them 2 times and got answers 0 times how it was verifiable.
Anyway it looks like they outsourced all their inference anyway to
https://tinfoil.sh
Replies (31)
Or, to put it simply, a bog standard court order can force Maple AI to reveal your conversations without any trace (except an AWS CloudTrail entry they won’t share with you) or detectable impact to anyone
Is there any equivalent alternative service without these issues? That Tinfoil looks like it only takes KYC’d payment.
Routstr while nice in theory, any provider can see your prompts. So not good either + a lot of the resellers could be logging
What a repo names 🤣🤣🤣🤣
Use local LLM.
How on mobile?
Have you tried
@PayPerQ ? Has a handful of open source models that are E2EE.
Good to know. I won't renew next year or buy more credits. If I'm fucked either way, I might as well pay for a product that's already better.
@MapleThey resell tinfoil, acting only as a billing layer basically
Given the current landscape which ai model options give us the most control over our data?
Nominative determinism cannot be defeated!
Run local models if you dont' want anyone to know about you.
Use routstr.com if you are fine with anonymity. It doesn't offer privacy, it offers anonymity. People running nodes can see your conversations, but harder to know who you are.
Yes, but we make it incredibly easy to be anonymous. They can see your prompts but won't know who you are. Much harder to build profiles.
I just added support for Venice TEE E2EE support, that means resellers won't be able to see anything anymore. But you have the same problem as Venice.
Woudl you say Tinfoil E2EE support is best rn?
ppq.ai uses tinfoil for TEE models.
Tailscale/nostrvpn 😉
Hermes agent should be your local interface, it'll help setup remote access this way.
Thank you for doing your research on this and sharing the results 🫡
I’d say skills, paths, etc. when combined are very identifying information, even if there is no user ID field.
Venice’s TEE system is a whole load of baloney it seems, as you check a verified boolean from the server, and you can’t actually see the images.
Tinfoil seems best.
Yes, it is easy to build a profile on you if you run agents on your local machine. I'd say, it's best to always use sandboxing for both security and for anonymity. It also depends on what you're doing with AI, if it's an open source project you're publishing as Semisol, it shouldn't matter at all.
If you want to anonymously contribute to, say Routstr, you can start doing it from inside a sandbox and do PRs on ngit. (we should move to ngit first lol).
We make it so much easier to do this.
I noticed they mysteriously upped the token burn rate. I did a monthly renewal and with the same usage that got me through three weeks of prompts I’ve burned through in 3 days with minimal usage.
Those low prices were to just get ya hooked…
Kind of makes a guy think twice about advising customers to integrate with core business processes. Rug waiting to happen.
I consider it a form of dishonesty when companies do that. It's a lie. You should tell me up front what you needin return to offer me a service. If it's hidden or subsidized, and you know that will end, you lied to me.
Subsidize the subscription price tag (50% off first 6 months for example) instead of a rug.
I would only do it if I could hot swap services or host my own. Otherwise way too risky unless it's a tiny company that couldn't afford it. I guess it is what it is in that case. I don't like single points of failure in life.
Exactly. That's totally ethical to me. Doing a silent rug actually makes me actively against you for absolutely no reason.
I would rather say pseudonym. Enough data or right data might identify you.
Yeah. I'm also struggling with the right description.
Would you say 4chan is pseudonymous because they can map you out to an identity based on your interests?
I was thinking like it's pseudonymous if you yourself assign a name to an identity. On Routstr you don't assign a name to your requests. Every request is different and cannot be linked to the next request (if not part of an agentic session that is) in the xcashu mode.
I guess you cannot make it fully anonymous, because agentic sessions contain the whole history, your system prompt, and your skills and pathes.
I guess you can use Tor, you can use a sandbox, but your history and skills will be there, and you cannot use a different node at each request forever. And when you reuse, due to the history, your api calls can be connected.
