- WhatsApp is trying to integrate AI functionalities without compromising user privacy
- The company has introduced Private Processing
- It aims to provide users with AI-driven features while promising to maintain end-to-end encryption
AI has been the talk of the town for over two years now and almost every big tech company has either introduced AI features for their users, or has begun using the technology internally. Meta-owned WhatsApp is also trying to integrate AI functionalities without compromising user privacy. The popular messaging app has unveiled a new system called “Private Processing.” This technology aims to provide users with AI-driven features like message summarisation and writing suggestions, all while promising to maintain end-to-end encryption.
“We’re excited to share an initial overview of Private Processing, a new technology we’ve built to support people’s needs and aspirations to leverage AI in a secure and privacy-preserving way. This confidential computing infrastructure, built on top of a Trusted Execution Environment (TEE), will make it possible for people to direct AI to process their requests — like summarizing unread WhatsApp threads or getting writing suggestions — in our secure and private cloud environment. In other words, Private Processing will allow users to leverage powerful AI features, while preserving WhatsApp’s core privacy promise, ensuring no one except you and the people you’re talking to can access or share your personal messages, not even Meta or WhatsApp,” Meta’s recent blog post says.
Understanding Private Processing
Traditional AI models often require access to user data to function effectively, posing challenges for platforms like WhatsApp that aim to prioritise user privacy. To address this, WhatsApp’s Private Processing system employs specialised hardware known as a Trusted Execution Environment (TEE). This secure enclave processes AI tasks in isolation, ensuring that neither WhatsApp nor its parent company, Meta, can access the data being handled.
The system operates by obtaining anonymous credentials to verify legitimate WhatsApp clients and establishes an Oblivious HTTP (OHTTP) connection between the user’s device and a Meta gateway via a third-party relay. This setup hides the source IP address from Meta and WhatsApp. A secure application session is then established between the user’s device and the TEE, allowing encrypted requests to be processed without exposing the data to any unauthorized parties.
User Control and Transparency
WhatsApp ensures that the adoption of AI features remains optional. Users can opt-in to use tools like message summarisation and composition. Additionally, a new “Advanced Chat Privacy” setting allows users to restrict others in group chats from exporting conversations, auto-downloading media, or applying AI features to shared messages. This setting is visible to all participants, promoting transparency within group interactions.
Security Measures and Future Plans
To amplify trust in its new system, WhatsApp is inviting third-party audits of Private Processing components and incorporating them into Meta’s bug bounty program. The company also plans to open-source elements of the system, allowing the broader security community to verify its integrity.
While initial expert evaluations of Private Processing have been positive, some security professionals caution that any off-device data processing introduces potential risks. Cloud-based systems can become targets for cyberattacks, and the effectiveness of TEEs in preventing data breaches will be closely monitored.
