[jonahbenton]

This piece is mostly about enclaves, which are going to be little-r revolutionary.

Enclaves allow for nearly any kind of processing of an individual's data without making that data directly available to either the algorithm provider or the cloud host. The enclave's public key is provided to the data holder. Their data is encrypted, sent to the enclave, decrypted with the enclave's private key, processed in the enclave, then results are encrypted with the data holder's public key for return to the holder. Other kinds of IO generally not permitted in the enclave, preventing leakage.

A lot of ergonomic details remain to be worked out but the underlying machinery is quite interesting.