$OPG #OPG
been sitting with the way OpenGradient Chat handles privacy for a couple days now and i keep coming back to the same thing its not realy a privacy feature, its a privacy architecture....
heres the mechanic. your message gets encrypted localy on your device before it ever leaves the browser. the keys dont go anywhere ,.they stay with you. then it routes through an Oblivious HTTP relay that sees your IP but only receives ciphertext. the downstream gateway sees the plaintext but never your IP. no single point in that chain can correlate who you are with what you asked....
two jobs,not one.
and then the third layer-+the TEE gateway. prompts only get decrypted inside a trusted execution environment with remote attestation. the enclave is atested, so you can actualy verify the guarantee yourself rather than take someones word for it....
i actualy find this reassuring in a narrow way. most privacy claims are policies. this one is enforced in the architecture.thats a diferent category of promise....
but i wont pretend TEE attestation is immunity. if a fundamental hardware vulnerability surfaces, the whole enclave trust model shifts. thats worth keeping in mind....
i learned this distinction the expensive way. about a year ago i was using a private AI tool that had a great policy but no verifiable infrastructure. the data showed up somewhere it wasnt supposed to. started taking architecture seriously after that....
what i still cant resolve is whether the OHTTP relay separation actualy holds under a coordinated attack where both the relay operator and the gateway are compromised simultaneously??
chat.opengradient.ai