[RadiozRadioz]

How does this work technically?

I am unable to go to their website because:

> "This application requires passkey with PRF extension support for secure encryption key storage. Your browser or device doesn't support these advanced features"

Is this really necessary for a product's webpage? I would understand for the application itself.

[3s]

It uses confidential computing primitives like Intel TDX and NVIDIA CC, available on the latest generations of GPUs. Secure hardware like this is a building block to enable verifiably private computation without having to trust the operator. While Confer hasn’t released the technical details yet, you can see in the web inspector that they use TDX in the backend by examining the attestation logs. This is a similar architecture to what we’ve been developing at Tinfoil (https://tinfoil.sh) if you’re curious to learn more!

[TimC123456]

There's a more-recent post on the same blog that gets into the details of how they're using the WebAuthn PRF extension to store key material, but for platforms and browsers that don't yet support the extension, you'll need a password manager that does. There's a table midway down the post with details: https://confer.to/blog/2025/12/passkey-encryption/

[abeyer]

This kind of insistence that their way is "better" and thus justifying removing agency from the user is the exact same thing that's kept me away from signal, too. Even their own blog post acknowledges a perfectly good current method for supporting what they want to do without any of this, yet they reject even allowing it as an option because they don't like the ux.

This arguably is more interesting than yet another closed messaging platform, but still not gonna use it with this requirement in place.