[darweenist]

Thanks for leaving the comment! We totally understand your concerns, and you're not alone! We ourselves are very privacy sensitive, and never liked the idea of hardware devices always listening to us. And, as you said, our integrations are dealing with the most personal of personal information.

We recently got our CASA Tier-2 compliance done (Cloud Application Security Assessment). We've also gone through Google's OAuth compliance process for every new integration we add that's related to Google. These assessments scan our app and make sure that our software meets pretty stringent standards when it comes to data security and encryption, and that we're not using the data for anything other than the specific features we promise (i.e. not sharing or selling to advertisers, etc.). You can read more about CASA here (https://appdefensealliance.dev/casa). We haven't gone through SOC2 yet, but planning on soon once we have a few more integrations.

[lulzury]

This really doesn't say much though. What specific measures are in place to ensure user privacy and data protection?

Does personal information get sent to OpenAI or Claude as part of the functionality? Can users request deletion of their data, and if so, what is the process? Are there specific protocols in place to ensure security? (i.e. Do you use encryption at rest?).

[talldayo]

> What specific measures are in place to ensure user privacy and data protection?

Unless you intend to personally audit their code, I'd argue it couldn't possibly matter. Even businesses like Apple publish all kinds of documentation that belies the reality of their infrastructure. The iMessage Security Overview doesn't mention the NSA's retention period for encrypted communique; the push notification documentation doesn't tell you about the government middleman processing each alert.

You either trust people blindly, or you validate them personally. Getting a pinkie-promise about privacy from the CEO is worth absolutely nothing in real-world security terms.

[floam]

But there is provable, verifiable transparency with what Apple is doing with private cloud compute.

https://security.apple.com/blog/private-cloud-compute/

[talldayo]

> We want to ensure that security and privacy researchers can inspect Private Cloud Compute software, verify its functionality, and help identify issues — just like they can with Apple devices.

So... in Apple's own words, they are allowed to cherry-pick who's allowed to read their code and audit their privacy, in the same way they strategically deny researchers the ability to audit certain iOS features.

You're still taking them on their word, here.

[floam]

Microsoft and OpenAI aren’t even providing users with services with any actual confidential compute architecture. You actually need to trust them, but they don’t even claim to do what apple does, so you would need to hallucinate they are making promises they aren’t and believe THAT, and also hope they aren’t hacked or served with a warrant. It’s a different matter with what Apple is doing.

[talldayo]

A different matter without distinction. Apple is equally as unaccountable as OpenAI and Microsoft, their only difference is their usual marketing strategy that the industry never took seriously in the first place. If it came out that they were sending the NSA all of your "private" LLM requests (like what happened with push notifications[0]), Apple would just sheepishly admit it and continue advertising their same security-oriented shtick. They're shameless.

[0] https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...

[kenips]

> Making the log and associated binary software images publicly available for inspection and validation by privacy and security experts.

The measurement logs will be publicly available.

[talldayo]

We don't know what those logs will tell us, and if it was designed with privacy in mind it shouldn't say much. Binary software images also don't tell us what the binary is doing, similar to how having all of the iOS files doesn't give you insight into how the OS was programmed. If the server source was fully open source and each machine could attest it was running an unmodified binary, then we might have a level of accountability. As-is, this is no better than Apple's "Trust me, bro" mindset they exercise securing iOS and MacOS.