We're excited to introduce Message Summaries, a new option that uses Meta AI to privately and quickly summarize unread messages in a chat, so you can get an idea of what is happening, before reading the details in your unread messages.
From what I gather the texts are encrypted and sent to their LLMs that process it with some mechanism to verify the code being run in the cloud to process the texts is one that the WhatsApp app agreed to.
But they could just as well start siphoning the data after changing that code. Everyone will be able to see the cloud code changed if/when tbat happens but I don’t think there’s a way to differentiate that from a regular update.
Fascinating. Just based on your comment and nothing else, sounds like it could be something like a CPU Enclave like Intel SGX. Basically a remote client can validate that an application runs in a secure part of a remote cloud computer. The stated goal of SGX is that you only have to trust Intel and if you trust Intel and say run program X in the enclave, then only that part of the CPU can access the data, not the applications running in the non-secure enclave.
Now that brushes over some things like you still need to trust the client and IIRC in a WhatsApp situation, you don’t really know what enclave does, but the communications between the enclave and the host OS are heavily restricted. LLMs also require lots of CPU and are usually run on GPUs, so not sure how that works yet.
They might publish components of it enough to verify that the processing code is not emitting any data but as others said - it could’ve been done locally on the phone
I’m interested in how they’ve allegedly achieved this working without anyone but you having access to the unencrypted messages.
Don’t get me wrong, I want none of this shit in a messaging app, but I’m at least interested in how that is supposed to work.
From what I gather the texts are encrypted and sent to their LLMs that process it with some mechanism to verify the code being run in the cloud to process the texts is one that the WhatsApp app agreed to.
But they could just as well start siphoning the data after changing that code. Everyone will be able to see the cloud code changed if/when tbat happens but I don’t think there’s a way to differentiate that from a regular update.
Don’t think theyve opensourced any of this
Fascinating. Just based on your comment and nothing else, sounds like it could be something like a CPU Enclave like Intel SGX. Basically a remote client can validate that an application runs in a secure part of a remote cloud computer. The stated goal of SGX is that you only have to trust Intel and if you trust Intel and say run program X in the enclave, then only that part of the CPU can access the data, not the applications running in the non-secure enclave.
Now that brushes over some things like you still need to trust the client and IIRC in a WhatsApp situation, you don’t really know what enclave does, but the communications between the enclave and the host OS are heavily restricted. LLMs also require lots of CPU and are usually run on GPUs, so not sure how that works yet.
They use GPU based enclaves. They have a white paper available. I just seemed it but they mention AMD and NVIDIA enclaves.
They might publish components of it enough to verify that the processing code is not emitting any data but as others said - it could’ve been done locally on the phone
It could run entirely on-device.
Hahahahaha. It doesn’t.
https://engineering.fb.com/2025/04/29/security/whatsapp-private-processing-ai-tools/