WhatsApp's AI that respects your privacy: Here's how it works

Amid fears that artificial intelligence could violate privacy, WhatsApp has introduced "Private Processing," a new technology designed to deliver AI features without compromising end-to-end encryption. We'll explain how it works.

The integration of artificial intelligence into our everyday applications has raised a fundamental question: what about our privacy? For WhatsApp's more than 3 billion users, the idea of an AI being able to "read" their end-to-end encrypted conversations was a red flag. Aware of this, Meta has developed a technological solution that seeks to offer the best of both worlds: Private Processing.

This new architecture, presented by the company, is the answer to how to implement advanced AI features, such as summarizing chat threads or suggesting replies, without breaking the promise of privacy that defines the platform.

Until now, the most powerful AI functions, such as those using large language models (LLM), require enormous computing power that is only available in the cloud. However, sending encrypted chat data to an external server for processing would break the end-to-end encryption, as the company (in this case, Meta) would have access to the content.

On-device processing preserves privacy, but AI's capabilities are much more limited. Private Processing is a hybrid system designed to solve this dilemma.

"We set out to enable AI capabilities with the privacy people expect from WhatsApp, so AI can deliver useful capabilities without Meta or WhatsApp having access to them." – Official WhatsApp statement.

In simple terms, Private Processing is a confidential cloud computing environment. It works like a secure "black box" to which your phone sends an encrypted AI request. Neither Meta, nor WhatsApp, nor any third party can see what's inside that request.

The process, as detailed in Meta's technical documentation, can be broken down into the following steps:

• Encrypted Request: When you use an AI feature (e.g., "resume this chat"), your phone encrypts the request with a temporary key that only your device and the secure Private Processing server have access to.
• Anonymous Send: The request is sent through a third-party relay (using a technology called OHTTP), which hides your IP address. This prevents Meta from tracing the request back to your identity.
• Processing in a Secure Environment (TEE): The request arrives at a Confidential Virtual Machine (CVM), a type of Trusted Execution Environment (TEE). This is an isolated hardware space on the server that processes the data without anyone, not even Meta system administrators, being able to access it.
• Encrypted Response and Deletion: Once the AI generates the response (a chat summary, for example), it sends it back to your device, also encrypted. Immediately afterward, the request and response data are deleted from the server. Nothing is stored.

Initially, Private Processing will be used for optional features that require deeper analysis of messages, such as:

• Chat summaries: Generate a quick summary of long conversation threads or very active groups.
• Interactions with Meta AI: Mention @MetaAI in a chat to ask questions based on the current conversation.

It's important to note that the use of these features is always optional. Users will have full control and can opt out of features that rely on Private Processing.

Security experts have reviewed Meta's approach, and while the architecture appears sound, they note that user trust remains a key factor. The company has committed to "verifiable transparency," allowing security researchers to audit the system to confirm its privacy safeguards.

For users, the introduction of Private Processing represents a significant step. It demonstrates that it is technically possible to integrate advanced artificial intelligence into messaging apps without sacrificing the fundamental pillar of privacy: end-to-end encryption.