This episode explores how Open Secret is leveraging AI to revolutionize business building, tackling data privacy, decentralization, and the future of secure computing.
The podcast explores how AI is revolutionizing business development, focusing on Open Secret’s mission to provide developers with privacy-preserving tools without sacrificing usability. A key theme is AI’s impact on jobs, with the discussion favoring the idea that AI enhances productivity rather than eliminating roles, allowing developers to shift towards strategic decision-making. The hosts emphasize the urgent need for a new data privacy standard, contrasting Open Secret’s secure enclave approach with AI platforms that exploit user data. Drawing parallels to HTTPS encryption, they predict confidential computing will reshape AI and cloud security. They also reflect on Open Secret’s pivot from Mutiny Wallet, recognizing a broader opportunity to build infrastructure that protects user data across applications. Lastly, they highlight AI’s growing role in workflow efficiency, from automating coding tasks to optimizing decision-making processes.
This episode explores AI’s impact on privacy, work, and the future of digital security, highlighting Open Secret’s evolution from a Bitcoin wallet to a privacy-first AI platform. The discussion emphasizes the growing need for secure enclaves as a new standard in cloud computing, allowing users to control their data without relying on corporations. AI’s role in reshaping the workforce is also examined, stressing the importance of adaptation and upskilling rather than fearing automation. The hosts argue for cryptographic guarantees over blind trust in data handling, envisioning a future where AI can be used freely without compromising privacy. Open Secret’s mission goes beyond technology—it aims to redefine digital interactions by making security and transparency the foundation of AI-driven applications.
0:00 - Intro
0:36 - Positive vibes
3:37 - Grok 3
7:16 - Tony's approach to AI
10:46 - Fold & Bitkey
12:28 - How AI will change jobs
16:48 - The art of prompting
24:08 - Using AI to build OpenSecret
29:01 - Unchained Announcement
29:39- From Mutiny to OpenSecret
36:13 - Issues with security
47:40 - Explaining secure enclaves
53:22 - Shifting the relationship with user data
1:02:14 - Problems with “private AI”
1:13:16 - UX
1:19:54 - How much AIs know about you
1:25:59 - If you’re not paying attention…
1:27:47 - App developer reactions
1:30:35 - Try it yourself
(00:00) with secure enclaves we have introduced a new category of AI now it has the power of the cloud it has the privacy of your home laptop and you can verify it cryptographically that we are not logging we're not keeping track of anything and it opens up a whole new world of conversations you can have because you don't have to trust us you can verify it yeah not only that you're not logging or tracking but that you can't even do it if you wanted to right yeah well I don't want to knock on my door at 3:00 a.m. from some government
(00:26) agency saying hey you have these users in your database hand it over ah Gentlemen let's say I got a Contex switch for this conversation I was taking a pee right before I came in here and Anthony the unveiling of the real name yeah so you ready for this conversation I was like I was actually just taking a piss thinking this is like the biggest context switch I've had to make in one day for a conversation talking about natalism the future of humanity and getting the birth rate back up to privacy Nitro enclaves not nutrino
(01:05) enclaves yeah Nitro enclaves I'm sorry for that slip up right and Nitro is just one brand of Enclave but yeah that's what we're using I mean security and privacy I mean that's needed for the you know new Humanity going forward we especially with AI we did touch on that topic mhm which was uh privacy to transact too like outside the perview of the surveillance state is important mhm but we need to white pill the world if people are going to want to reproduce right yeah if it's all doom and gloom no privacy in the future why do you want to
(01:33) bring kids into this world exactly that was it was a very white pilled podcast like we're not going to Doom and Gloom it's easy to JY and Gloom it's too easy these days yeah it felt like you were falling down the Doom Loop for a little bit there so doomed you were you were you were Doomer there for a while yeah you got a fresh haircut you're losing weight new positive outlook on life is it is that true is that ear I do think so I mean you know who knows what's going to happen but like I don't know the last 6 months I mean since the pivot
(02:01) since everything like unfolded like the last 6 eight months it's just been like okay what can I control in my life and then just focus on what I can control and make that the best is possible like even startups and everything like that like there's only so much you can actually control there's like a million different things happening at once and you're trying to find your niche in the startup space and the economy um but who knows if you'll get it right but like everything else in life or everything you do building up to that just has to
(02:27) be like honed in and like okay I can make positive impacts here and there and then just make those impacts and just you know a little bit just hope things work out yeah no it's been fun and I don't know gratifying is the right word CU I don't know why it has been gratifying to watch you transform like the the group that you guys have to track your calories and make sure that you're losing weight like that's been inspiring I think is the word not gratifying yeah dude it's like there's a there's a tweet that lives rentree in my
(02:58) head uh for like the last five month months it's just been like uh the tweets around all the developers I know are getting buffed as [ __ ] because of the AI coming in the future it's like okay what what can we do we're just going to have to be strong men right like this this AI is just going to take over right so we better everyone everyone better get buff bulk up take your creatine eat your protein learn how to fix like a leaky pipe in your house I need to get better at hard skills my wife thinks I'm a [ __ ] cuz when it comes to that uh she's
(03:30) like yeah oh you can't change the I'm getting better well use AI to teach you right you can do it yeah what were you guys thoughts on gr did you watch the uh live stream last time yeah I watched the live stream it was great um I mean they obviously took the best benchmarks that they could find and said we are better than the others like you're going to be selective about that um I like that they uh I like how they open source the old model so Gru is going to be open source I think that's a decent way to try and
(03:57) like give back to the community and then they're doing their own kind of deep research feature that chbt has so you'll be able to use grock to do like full-on industry analysis and stuff like that so I think that's cool yeah um but really the hardware part of it is very fascinating like building out I don't know did you watch it at all I I did catch I was in and out but the hardware part of the Q&A section where they described the Memphis facility how quickly they buil it and yeah it was like 22 days or something they build out
(04:26) from like start to finish it's impressive no and it was funny um somebody's been in the Bitcoin mining space for six years I was like how do they pull all that energy that quickly and I mean they explain it like they set up generators like outside MH the facility and they I guess they're still waiting for connection interconnect to the the substations in the grid but yeah that is a creative way to solve that problem like they applied offgrid Bitcoin mining solutions to this this large cluster that they built lar how
(04:58) many Bitcoin miners are pivoting to AI tennis centers too uh I think it's more of a I think it's more of a narrative than an actual so like core scientific definitely has Diversified and is building on infrastructure for core weave um you got iron that says they're doing it I don't know the specifics but what they Mark themselves as it is a different competency I mean the just on the network side uh the gpus need to be connected and um and Elon and the xai team were describing last night like the they had to put the Tesla batteries in
(05:34) the factory too cuz the modulation of the energy pole and I was thinking like and this idea of the mullet Miner I think makes a lot of sense because that ramping up and down of the gpus for training an inference like one would think like oh they can participate in demand response but like they need to do that when they need to do that and they're using Tesla batteries as a way to sort of smooth out that that ramp up and ramp down where Bitcoin miners could probably fill that that um that sort of gap for them and
(06:07) they could make Revenue mining Bitcoin instead of just using the batteries who knows maybe the batteries will be able to get interconnected and serve electricity back but I doubt it will be as efficient yeah it seem like it was more of a stop Gap while they wait for the utility to catch up yeah I mean it's kind of like what you were just saying about your personal life where you know they they looked at the situation and said we need this outcome what can we control and what's out of our control so they knew they couldn't build a building
(06:31) from scratch they knew that all the other people said 18 to 24 months to give them what they need so they said all right go find an existing building let's bring in generators let's bring in the batteries and just kind of went problem to problem and said let's solve what we can and and just do it for now until we can get something better that was really interesting way to approach it I know elon's a very controversial figure but I think it's impossible to deny that is very impressive that he's doing all this [ __ ]
(06:59) at once yeah and they're going to 1.25 gigs for their next gws for their next yeah he was trying to quote Back to the Future but couldn't remember 1.21 gigawatts yeah that's the Back to Future line yeah that's what they're aiming for it is insane and that's I mean we're going to get to Open Secret but uh I want the world to get to know you guys better because that's again being here in the Commons being able to observe building on the topic of AI I don't know if you know this but like I use you as reference point not
(07:30) explicitly but I say like I'm talking to a lot of teams out there and like some developers are walking around talking to Whispers feeding things to curser and um really I'm the Su developers yeah yeah well why don't you explain that like workflow that you've been iterating man and it's I used to be like anti- aai like in the early days like oh it's not going to replace my job it's not going to help me out it's got it's got to be outputting crap code like I can do way better um that was was like you know a year or two two ago for me at
(08:02) this point but like it has just gotten so good now I mean I'm using I'm using it all basically I'm using cursor with CLA I'm using perplexity for some just online searches I'm using um uh 01 Pro from um open AI for some of their um more like in-depth thorough analysis and then there's deep research that just came out and then I'm using that to just like um you know gather I'm using it all in like the development to Tool chain I'm like Gathering um feature requests and feature requirements and like you know how to architect things properly
(08:38) with one tool then I'm tur it around and give into cursor to actually Implement those those features and I'm turning around um and have everything like PR reviewed um or like you know fact checked by 01 Pro once that's done with and then I go back and I you know submit a pull request on GitHub and then like I have another AI code rabbit come through and just like give like in-depth thorough nitpicks or like you know improvements it actually like understands my code base really well so then it just like gives me little knits
(09:06) and then I turn around and give that the cursor like it's kind of insane like most of of Open Secret like I would say like I don't know the first first like three to five months has just been like me coding by myself like no AI assistance and then once you get to a certain point like um especially if you're you're doing it in your own particular ways and like your own programming style and all the particular you know features once you start building up enough context and enough history and enough um memory so to speak
(09:36) about this then AI is gotten really good at just like replicating what you've done like if you think about an average developer like how much of it is like copy and pasted code you know maybe you wrote it in a different project or maybe you know you're just like trying to get some random function to do I don't know sorting algorithm or just anything like how much of it is already like copy paste code or you're adding a new API it's like okay well it's going to use all the other stuff that use and then you know with the these little features
(10:03) um when you start like iterative programming on top of your own stuff AI is just it just picks up things naturally um and then it just improves things from there so it's like I've gotten to the point now where it's like yeah I'm doing 100% of my code um just by myself to like probably AI is like 90% of the code that's written now I'm like I'm spending a lot of time on prompts like there you're not just going to just like write a sentence and get what you want I I think there's like false expectations of how much is
(10:31) required for like the joke is prompt engineering as a as a job Ro but like it's 100% a real thing a prompty yeah so you're a prom a professional prompty now I you know it's it's sad to say but like that's probably what it is now Su freaks do you have a credit card are you getting cash back or Airline points or points for some other service guess what those are shitcoins you want to be stacking Bitcoin and I have some groundbreaking news for you the team at fold has finally released the Bitcoin rewards credit card they have a wait
(11:06) list going to be Distributing the cards later this year so you want to get on the weit list full Plus members are going to get unlimited 2% Bitcoin back on this credit card if you get on the weight list they're up to $200,000 in prizes they're going to be given out so get on it as quickly as possible go to tftc doio fold and get on the wait list there if you're on the wait list you have the potential to win some of the prizes check it out sup freaks this rip of tftc was brought to you by our good friends at bit key bit
(11:38) key makes Bitcoin easy to use and hard to lose it is a hardware wallet that natively embeds into a two three multisig you have one key on the hardware wallet one key on your mobile device and block stores a key in the cloud for you this is an incredible Hardware device for your friends and family or maybe yourself who have Bitcoin on exchanges and have for a long time but haven't taken a step to self- custody cuz they're worried about the complications of setting up a private public Heir securing that seed phrase
(12:07) setting up a pin setting up a pass phrase again bit key makes it easy to use hard to lose it's the easiest 0o to one step your first step to self custody if you have friends and family on the exchanges who haven't moved it off tell them to pick up a big key go to bit keyworld use the key tftc 20 at checkout for 20% off your order that's bit keyworld code tc20 what are your thoughts on the debate about whether these tools are going to destroy jobs or just make people in positions that much more productive and actually lead to
(12:40) some sort of job creation yeah I mean I I think there's a push and pull with with both of those terminologies like you know some jobs are going to get cut and then some jobs are going to get um you know some new jobs in the process and then at the same time the productivity so I think it's like the combination of them all I mean you can't have new without jobs being taken away like I mean sure there's going to be unemployed people in the world that could fill those spots but they're also probably not filling those spots in the
(13:09) first place um so I think like new jobs are going to be created and people are going to shift out of old roles into new ones and then also like it's going to change the you know jobs don't even necessarily have to be lost they're just redefined like you know a software engineer has been a software engineer for the last like you know 40 50 60 years but what it's looked like has changed drastically it's like a tool right like construction workers didn't go away when a hammer was built right the construction workers started using
(13:36) Hammers and then power tools and then you know and then cranes and bigger things like that so I think it's just going to shift and then also like project management itself I think there's going to be I think you're going to have to be more of a jack trades a little bit but an emphasis on communication and project management I think is going to like even just for normal you know you could be a designer you can be a software engineer you can you know you can be any job rooll support agent you know like it doesn't
(14:00) matter what it is you're going to have to get better at you know at AI is not going anywhere at this point it's only going to get better and only going to get you know uh put in everything you just have to be good at communication because like the prompt engineer you know the prompter um you have to communicate so well and you have to be accurate with what you say like I I'll see people you know say oh well I had a bad experience with AI it did this or like I'm telling someone my workflow and then they try to reproduce it I'm like
(14:26) okay they're like oh no it failed and and do it right I was like well let me see your prompt what did you do and I was like oh that's a skill issue like you told it to do that and it did that it just wasn't what you expected because you didn't tell it what you were expecting so it's like I don't think I don't you know jobs will get taken away a little bit but I think ideally um it just redefines what someone does and and we'll just make more things like right there'll just be more companies more people more Industries building more
(14:55) stuff because we have these tools yeah and I could see I I think the Jerry is out and the data is yet to be collected and but I could you can see where leads a better quality of life where people are actually working on things that are interesting them they don't have to do that low-level yman work uh let the AI do that and you can think creatively and um build products that you would never have had the time to sit down and build from scratch just not just that but like um a little bit on the contact switching but also um you
(15:28) know the resistance to doing hard things right like you know we all have a task that are like oh it's going to be so hard I don't want to start it yet almost like writer block a little bit um but like when I have a thought about you know a new feature we need to build and I'm like Ah that's going to be so hard like I don't even want to think about that right now I'll just like use voice use like a voice AI assistant tool to just like communicate my thoughts and like my worries and like what I think needs to happen then I'll send it to
(15:52) like deep research or something and it'll spend anywhere from like you know 10 to 30 minutes like on you know doing deep res search and then it comes back I'm like oh cool it did did all that thinging for me like I didn't have to worry about it anymore I give it to cursor and it starts you know so I think this a synchronicity to AI can like let us you know just give it our thoughts and then let it take over and then like you know come back to it later especially for a code review I've had one um I'm working on a on a feature
(16:21) right now it's about it's already like almost 6,000 lines of code now already and like I've been working on it for like a month or two at this point and I'll be doing all kinds of other stuff throughout the day throughout the week and I'll just like I'm like oh man I forgot where I left off and then I'll just like give it to 01 Pro and then I'll be like hey here's my current diff here's my you know feature set that I've been implementing um what's left what's been done so far and what's left and then like I pick up where I left off and
(16:46) it's kind of amazing at that too it's pretty fascinating can you give an example of what you would deem to be a high quality prompt to get the results that you're looking for there is a there's actually a mass so there you know we we've known a lot of AI models to be very chat-like so chat CBT um you know um some of those others right where you just like have a long-going conversation with them and now there's these new reasoning models like um 01 Pro um deep seek um a few other reasoning models that are out
(17:19) there they're starting to roll them out more um where it changes the thing I found them to be very bad at conversations in fact like I only use reasoning models for like a prompt and and but I spend a lot of time on that prompt and it gives me a very thorough answer so it's like um going what was your original question the what's a good prompt um there's a m there's this guy I forget his name um I'll have to give you the article later but he lays it out it's like you start out with a very simple sentence or two about what you
(17:50) want and again this is only reasoning models only um that I do this for you give it like two sentences about what you want and you you you don't have all the details there but it's a very basic thing like you let's say I want to add a new API call for a login method um and you just leave it at that um because there's caching that prompts do as well so if you leave it at a simple sentence like that like there's a lot that the AI could reference as like oh a login method okay and then you start out with and then after that sentence or two you
(18:19) talk about like what it's really important to or you you ask it what it should return to you so that way it knows what kind of feedback to give it to maybe you're trying to just get like a product description or like you know just some some feedback about the feature maybe you're trying to implement that code but you say like important like or no no not important yet you say I want you to return me the code changes I need in my code base in order to add this method so it just gives you the code you want at the end then you say
(18:47) important and then you give it any other very important context I wouldn't put everything in there but just like it's like hey this needs to be using like encryption methods for this um or or things like that that it really needs to get right and then you give it all the context and so for coding I'll give it um if I'm already working on that feature I'll give give it the uh code differences I've made so far um and then I'll give it as many files um that's relevant to it and and that that's the key too like you don't want to give it
(19:15) your whole code base because then it's just like there's a lot of things that don't matter a lot of code that that it'll get confused on or hung up on or think it needs to change you only give it the files that are absolutely important to your feature um and then at the very bottom after you you give it all that context then you just give it like your own personal this is where you can just like ramble off it's like oh okay yeah I've thought about making the method look like this um and having these parameters in it or like oh well
(19:41) you know need to make sure that if the user gets their password wrong we communicate that they have a wrong password um things like that so you just kind of like blurb all your random thoughts but you save all that extra context for like the very end and then you hit send and then just let it rip so like there's a um and I think uh open I came out with some like prompt guidance too on these new reasoning models but that's basically what what I do on a normal dayto day for prompting these reasoning models it's a simple broad I
(20:10) need this more specific implemented in this way important context and then additional context about the taste and flavor yeah basically interesting it's fascinating I need to get better at prompting it's crazy most my prompting happens in a mid Journey when I'm making thumbnails you can even sometimes I will get cursor to help me write my prompt that I'll give to the reasoning model because it'll it'll be like this is what I want but I need you to gather the research gather gather the relevant code and give me the prompt back so it's it's
(20:45) called meta prompting where you actually get another AI to write your prompt for another Ai and it's it's crazy and eventually you have agents to just transfer those prompts right yeah I mean a yeah the whole mCP protocol that's coming out or like this new agent based world is going to be really interesting this year where you just you know you have you have agents that are specialized in specific parts of the code or specific tools that you need so that way you don't have one generalized AI trying to do everything you have like
(21:16) hey you're an AI That's like only good for code reviews or you're an AI That's like good for like runny linters and commands on the computer that you may need to run to assist with the programming and stuff or search the web too yeah one nice little hack too is if you get deep into a conversation into a chat with an AI you can just ask it hey what's a prompt that like give me the prompt to get back to the spot or give me a prompt to do this again in the future and I'll be like oh tell me to do it this way in the future if you want to
(21:46) get this kind of output so like for example my day always starts with me going into AI I have a prompt to say like I want to prioritize my tasks for the day and then I say I'm just going to ramble to you and I hit the microphone button and I start talking as if I was talking to like an executive assistant and it's like here's all the thoughts I have for the day here's the stuff from yesterday I didn't get done please use my specific priorit prioritization model to like give me what you think I should focus on for the day um and I'll ramble
(22:15) on for like 20 minutes sometimes 5 minutes you know whatever like whatever it'll be like in the car I'll just hit record um and then it spits out a really nice prioritized list that I can then you know work off of um but I've developed that prompt over a few weeks to make sure it's good I think that's key too what you said about the executive assistant like actually talk to the llm like you're having like you're actually paying for an executive assistant to do this and you want them to get it right without you having to go
(22:42) back to them later to fix all the things like it's not like treat the AI like human because like they might take over the world someday like treat them like a human because like if you want the job done if you want a human to get the job done right you have to give them all this information um you know you we have a friend who like started Outsourcing their executive assistant task to like some person in India or something and it's like they're just they're just spending so long getting them to like actually do something useful for them um
(23:11) but like the amount of level of details you have to give that human the executive assistant it can be a lot sometimes yeah but you should give that same level of detail to an AI if you want to get it right too that's one thing I need to get better at is particularly I I have not played with the the voice like voice to to executive assistant yeah well you don't even have to use the fancy stuff like chachy BT I just so here's my little shill from Maple right so you know I just go in and iOS has that little microphone button that just uses
(23:41) the device to do speech to text and so that's what I do with Maple so I'm in the text box I hit the microphone button and then I just talk and it transcribes it right into Maple's text way better than me typing it and I give it more details than if I were typing it right yeah I can just ramble on um and so I I I feel like that's just really effective um and the thing that I love about doing it in Maple and not doing a chbt is I can get very personal I can say anything I want to and know that it's private and
(24:05) encrypted to the GPU yeah providing a good segue but before we get to Open Secret Maple I guess this is the segue to it like how has this accelerated your ability to build out this product Suite yeah I mean on the business side I have I've this is my first time being a founder of a company right I've been an early employee of multiple startups and so I've seen kind of close sometimes in I was in the room sometimes I was in the room when these big decisions are being made and so now as something comes across you know my my email or my desk
(24:40) whatever I can just go into Ai and be like all right this is happening this is our cap table or this is whatever like help me figure out this next step and it used to be you go on Google and search and you get some Investopedia blog post right and you're like going through all the ads and you're sipping through everything now I can just chat with someone as if they are my co-founder buddy you know I don't have to bother Tony all the time or I don't have to bother the lawyers or that kind of stuff so it's just really good for
(25:06) like getting that knowledge but having that back and forth constantly yeah on the development side it's insane like instead of having contractors I mean right now like um I'm the only de so it's just us two now at this point at Open Secret and like I'm doing all things from front end to deployments to I mean yeah everything on my plate and I don't feel feel overwhelmed it's just like I just send things off I work on a lot of different features at the same time and just send them off um and have the AI do it so it's like the zero to
(25:38) one right now for like building apps or even Pro you know proof of Concepts you know are great too where it's just you know I'm about to have to make a new landing page for a new branding right and it's like I haven't done a landing page ever um but it's like hey I could probably get AI to do that like you know we don't have to hire a contractor pay him like 5 to 10K um for a month's worth of work to do our any page it's like okay I could probably I could probably do that yeah and like we love to talk about that phrase zero to one for a
(26:04) startup and it's like with AI you're not starting from zero anymore you're like 0.5 to one or maybe even 0. n to one like it's it's all this knowledge based just like encapsulated you just have to know how to ask at the right questions give it your context and then you can leverage that I mean we've talked about how we've been like projecting what would our hiring needs be for the next few years if we want to raise some money like how much money do we need to raise and with AI like both of us are able to do more jobs than than we would have
(26:31) been able to do previously with the number of hours we have in a day so we can hold off on hiring which is scary to some people because they think okay that means no jobs are being created but that frees up resources that we would have hired those people could go do something together and start a business and making something totally new and I think there's a lot of kind of synergy for lack of a better word that goes on with that where we end up with more businesses that are building what they want to build rather than just going to
(26:57) work for someone else who's going to tell them want to do yeah it's so equally exciting and a bit not scary but just like uh there's a great unknown out there that's just being explored Uncharted Territory yeah it's been again like I said it's been fun to watch YouTube particularly because I think out of everybody there's um like we were at that event uh you were there in in October and there was a whole um whole track on AI and how to implement into your business flow we had like a 101 and this was what four or
(27:32) five months ago and it seems like just the landscape is think how much has come out since October yeah it's true well okay one industry that I think is totally screwed is IND industry research like the people who would go out and do all this research and assemble it into a report and sell it for like ,000 uh just this morning uh so we have these stats that we share from 2023 here's how many data breaches happened in the US how many companies were affected how much money it cost them you know it was like $4 billion in 2023 um
(28:02) for data breaches and then it's like well the the report I read hasn't updated yet for 20124 so I just went in chat gbt I I formulated this really nice prompt I gave it the 2023 report gave it a few other suggestions and said give me something for 24 and it came up with what looks like really legit I was able to go look at all the sources that it pulled I'm like yeah that that seems accurate so I don't have to wait for some company to give me a new report on to pay for one on commission one I can just run this and as long as I can
(28:28) verify the sources that it's pulling are are factual then I can move on with my day yeah it's again incredibly bullish yeah that's what we're we're trying to get smarter on implementing it here at tftc and we've done it in many ways but like that's one thing I'm really want to focus on moving forward is like research um like how can we pull up interesting stats about Bitcoin about markets about that and I was perplexed that he just launched a deep research product last night actually and I was playing around with
(29:00) it I was like oh [ __ ] this is really cool suff freaks the rules of the game have changed the first 30ty days of the Trump Administration have ushered in a massive shift in Bitcoin policy regulatory Clarity is emerging institutions are stepping in and America could be on the cusp of a national strategic Bitcoin Reserve join unchain for an exclusive online event with Connor Brown Council to US senator Cynthia lumus Preston pish and Matt Pines from the Bitcoin policy Institute on February 25th at noon Eastern the
(29:26) event will cover what's changed how it impacts your generational wealth and what might be coming next don't get left behind secure your spot now sign up at unchain docomomo Open Secret I think let's take a step back from like what you guys are doing like implementing the code and creating these workflows like let's talk about the journey to the product that is open seers obviously started with Mutiny wallet you guys I'll let you tell the story but just to frame it for anybody watching or listening you were trying to
(30:04) solve the problem of self- custodial Bitcoin um particularly over the lightning Network integrating ecash as well um discover has a hard problem to solve Tom timing may not be Market may not be ready for a product like that but through building that product you created The Primitives for uh what is Open Secret and uh the the backend processes and sort of tech that you built to ensure that people were using Mutiny privately and sovereignly sort of led to what Open Secret is today which I think has a much more broad application
(30:41) yeah yeah I could start a little bit with that and some of the problems we had and let Marx take it over from the New Direction but um yeah we we were building out Mutiny I think for over two years now or you know maybe a year and a half before we shut it down but not a long lifetime for a wallet but like you know I think we saw really early on you know everyone you know there's a lot of Bitcoin developers out there and we all kind of gravit gravitate towards like wallets and stuff like that CU it's an interesting problem to solve plus you
(31:11) know you get you can get a lot of users you can get a lot of um people using your apps and loving it and making payments all over the world um so there's a there was a lot there with building building up Mutiny that was like really fun and entertaining and we always wanted to do it in like the most private but yet that easily accessible um and secure way possible so um you know we built a lot of the tech that we built out with Mutiny so we were like uh Bitcoin lightning wallet you know with with ecash and fedy Min later on too um
(31:43) but wanted to start like on the web too so that way we can be accessible to anyone that can just like go to a website and start paying with lightning like you don't need to download an app you don't need to get started with it that way um you just like you know copy your 12 words and you're good to go and there was so much friction around well you know lightning is is you know even though Lightning's been around for what eight nine years now at this point it's uh been a while um it's there's still so many problems with it and there's still
(32:10) so many ways where you know people lose money you know it's not even it's not even just like bugs or anything that like we could solve it's just like there's so many gotches and lightning that liquidity issues mainly liquidity issues there's you know locked up funds there's like forc Channel closures there's like um you know fee rates and you know we when we launched we launched immediately into like you know uhal F and so it was just like it was just like hell from day one to be like day one launch to be honest I mean building out
(32:40) everything was fun and great and we had you know we had thousands of of users um using us and like sometimes like a thousand users a day using mney wall which was which is crazy um but like it just started getting to the point where it's like I we we hit our cap I think of being able to like Reach people people um being able to have something solid that actually works you know 99.
(33:05) 99% of time like there's just then it's just like unmaintainable it's just like we can't go further I don't think we can go further and yeah there was some Doom and Gloom about it at all but like you know as Founders like you're so emotionally tied to like your product and like the reception and like the support um and all of that it's just and it just like things were just degrading and user EXP experience and then like as wallets were shutting down around the world yeah it was just like our you know we would get more inbound but that inbound like had no idea how to use like
(33:37) a self- sovereign lightning wallet um it was just completely different from the custodial mindset and so there were so many issues from day one but a lot of the tech that we built wasn't even around um like the Bitcoin wallet itself it was around like okay how do we do encrypted sync properly so that like you can log in on one device you can go to another device and like log in and you lose no data with lightning it's like critical that you never lose your state and you always have the same state no matter what or the you know the latest
(34:05) version of the state so like we had to build a lot around en crypted sync um which now incorporating our new stuff um and then also like we started looking at like okay well what would it look like we always talked about Mutiny like what would it look like to have like a single sign on experience where you just you know hit login with apple or login with Google or like you know normal email password login or even Pass key or something like that or some Toof to like have a lightning wallet or have a Bitcoin wallet and what would that look
(34:35) like and how can we make that as secure as possible um which has led us to building a lot of things inside of secure enclaves which I can we can talk about later but just so much of the tech from like you know what is login experience what is like you know from Soup To Nuts using it having Multi-Device sync and like doing everything as secure and privately as possible and with that mindset when we're evaluating okay for sh that muy wall like what are we going to do next should we just shut down the company should we like take a lot of our
(35:03) learning should we like pivot in different areas so like we took all what I think we learned and some of the tech that we built out and some of the tech we hadn't built out yet but wanted to for M it's like okay let's go try this and let's just not make it only for like Bitcoin apps and Bitcoin wallets and stuff like that like this could be you know you could build the next like obsidian like the an encrypted ch um note taking app you can build another like something for your health data like everything to like any app out there
(35:30) that like is just sharing user data everywhere and you know it's just being stored plain text in database it's like okay what we can do something better here and like actually secure and and privately post our data um without having to self-host because like self-hosting things is also a pain in the ass I self-host so many different things so many different things I shut down because I'm like this is unmaintainable this is unsustainable like I can't maintain like 20 different apps that all have different update
(35:58) schedules and things break all the time so yeah it we just wanted to find like a good midal ground where it's like okay it's it's pretty secure and um and it's actually really usable and so we just want like hey let's start here it's like a great middle ground yeah no definitely um and then also like focusing on the ux aspect of it there's kind of this meme within the Bitcoin development community of we aren't going to win because we have like privacy right we're not going to win by selling users on privacy the
(36:27) the next million users the next billion users aren't going to be like oh this is really private let me use it we're going to win by just making the most like easiest to use product you know something that's just really simple they can get in and they can have maybe some self- sovereignty so that's the approach we've taken is how do we take this like scary onboarding process of here's a private key make sure you write it down stick it in your safe don't lose it because if you lose it you're going to lose access to all your funds um so we
(36:51) wanted to build this really simple login process but then also we don't want to be responsible right for any of the data it's your data not ours so that's where it's like okay let's use this new technology of secure enclaves in the cloud and let's build something where we can generate a private key for you and uh but it still belongs to you we we can't see it we can't act on it at all yeah and I this is I think you you're both in here like three weeks ago we were having this conversation about Nitro en clay it was
(37:22) right after there was a day after you released Maple and I was testing Maple and I remember there was cuz you guys were us using a llama model people were asking me uh after I tweeted out like I just bought a annual Maple subscription you should check it out too people were like immediately prompting it like who do you send your data to and llama because it was made by meta like they just had the rot sort of Doc script in it like it goes back to Facebook and the somebody asked me why are they going back to Facebook I was like oh
(37:51) it's llama it's open source um the maple can't see your data and then he asked me like how do you know that and I use literally use maple to do research on Nitro enclaves and I was like a refresher and a deep dive and you guys were in here the day after we're talking about like I think I like the way that you phrased it Marx was like this transition like where we had the internet's gone through these iterations at different layers that ultimately led to encryption at these layers more privacy for end users and
(38:26) similar to when we had the transition from HTTP to https you think uh a similar transition is going to happen in the cloud yeah definitely driven by these enclaves yeah so like in the 90s you know we all got our AOL CD and we loaded it in and we were just going to websites and they were all just clear plain text and it that was okay because we weren't sending username and passwords we were just like pulling up a web page that was already public but then when we started doing banking or eBay or PayPal that kind of stuff it's
(38:55) like okay we need to get this little lock icon secure Communications um but then if you look at like look look at Snowden for an example you know what what Edward Snowden exposed was that yeah your data is you know in transit is safe and encrypted but once it lands there it's just in this big honey pot of a database and uh a third party who wants to pay for that content can come in and get it or a hacker can come get it right and so what we need now is we need this next step where we en encrypt everything in the database per user
(39:30) because you don't want to be you don't want to have your data just like exposed if someone else gets hacked um and they get access to the database and they get in through someone else and now everybody is you know vulnerable at that point so I think that uh what we have on Maple is we have this like verified badge and you can click on that and you can see the ATT testation and this shows you what the The Enclave that you're talking to what the uh fingerprint um the check sum of the software that's running on there and then you can go on
(39:58) to GitHub and look at our open source code and you can like download that you could run a build we've got all the instructions on there you can build it and then you can compare those check sums with each other right and then you can say okay that's verified um the the cool thing we were just chatting about this morning is you don't have to be a software engineer anymore to do that verification process uh a lot of the the Bitcoin world you know these these Hardware wallets and other things we kind of trust that there will be some
(40:25) industry Watchdogs that are like looking at the open source code finding the bugs and raising red flags but now literally you know if we push a new build to our servers you as a non-programmer could download the latest update from GitHub and then give it to chat gp01 Pro and say hey are these people logging anything did they insert a back door in this latest change and it will like run through all the code and it can tell you like if we've done anything nefarious right so you don't have to like Trust on some you know you know software engineer
(40:55) to do that for you you can just do that verification yourself if you want to or you can just trust a verified badge there but it makes it it puts that many more eyes on our open source code to verify it I think is really cool AI come to rescue I mean that's I mean another big meme when it comes to verifying the code it's like all right you got the pgp signature like download like a pgp app on your on your computer and try to verify it and I've done I and up I think I pgp verified uh some Bitcoin soft for like once in my life
(41:28) cuz it's just too too hard to do m not only that but like we even soan even going back to the shift and like encryption and the shift in like cloud services stuff like that like um just the fact that you know there are ways where you can have specific code you know push it to a server inside of it secure enclave and then actually like and from there once it's running like it's basically impenetrable at that point it's like it's like in The Enclave it's it's running you can actually verify that's running like it's it's a
(42:00) huge plus like you have no idea what you know code is running in the cloud today yeah so let's explain it like I'm five to the audience listening in like how compared to Let's explain I mean you sort of alluded to it with the text is encrypted in transit but once it gets to the server it's not encrypted um let's elaborate on that model a bit how it's been susceptible to nefarious actors or companies that secure that data secure that data selling it um and then what when did the introduction of these secure enclaves
(42:37) happen where are they available and how does it change that interaction between end user and their data on these databases in the cloud yeah so um I'll talk maybe like the consumer app perspective and then if you want to go into the Enclave stuff you can but um all of these apps that we have on our phones in our pocket are just they're kind of leaky data constantly right they're sending data into the cloud it's being stored in a database and we are just trusting these developers you know these these companies um to not do
(43:07) anything bad with the data and maybe they're totally benevolent right but we don't know the 30 people that work there are the 50 people that work there um we don't know what they want to do with the data who their third parties are that they're inviting in to look at the data and so if you are you know let's say you're using an app to track your runs that you do in your neighborhood um they're storing your location data in a database somewhere and you don't know if there's some employee at that company who's like oh I want to see where this
(43:34) person goes every single day um and or there's a hacker that gets into the the system and now downloads all that and so your home is now vulnerable right because they can tell you do this daily run around this neighborhood um a very real world thing that I experienced one of my first jobs I worked at was an online backup company so you would install our software on your computer you would backup your entire computer to our cloud and we had the same exact concept of we had a shared key where everybody's stuff was just dumped in our
(44:03) database and it was open to employees that had elevated privileges or for those who were very concerned you could generate your own private key and so you would encrypt all your files on your computer before send them to our servers and then we couldn't access the files we just had a bunch of bits there uh but because that private key is this long complicated text string and then we have these big scary warnings that say make sure you back this up because your files will not be downloadable and restorable if you lose this uh only about 10% of
(44:31) our users use the private key so most of our users they would hit us up on support and be like hey yo I need to restore this is not working and it's like okay let me go download your family photos for you and help you restore that and it was kind of this weird privacy problem where we could just see everything um so I think that we have just become accustomed to trusting others with our data and we think that it's more secure than it is but really it's not and I don't want to paint developers in a bad light but they are
(45:00) holding on to this giant liability where they might be on the hook for like you know 9 million dollars of costs if they have a data breach into their database and they spill all these you know private uh you know data points online so um we're trying to build a platform kind of to encapsulate Open Secret we're building a platform where an app developer can just talk to a normal backend that they're used to through normal apis but everything is done responsibly behind the scenes so every user is put in their own private Vault
(45:28) their own data bucket but your code you just write it and interact with that data as if you could see it all um and so we want to make it really easy and hopefully usher in this new this new generation of apps that have encryption turned on by default and user privacy turned on by default not because it's something that uh they really care a lot about it's just because it's it's the right thing for all of us to do and then they can absolve themselves of some kind of liability down the line yeah it's it's like the whole point of like like
(45:57) you know I think we can get that same level of usability where the developer is you know they're going to be using you know you know some off service you know maybe off zero or something for their user login so they're going to be using you know super base for their database and everything like they're going to use all these like tools and services and apis available anyways it's like let's just like we'll match their you know level of developer experience and we'll provide the same things except like whenever a user is logging in you
(46:27) know all of these like off services online they always have this mode where you can like you know impersonate a user so and then at that point you just see exactly what the user sees and you know for some of it exactly god mode like Twitter has that you know like like every off service that exists every you know major company that exists has something like this and for one like sure it can you can probably catch bugs easier that way if you see everything the user sees and you can run into their bug easily or something like there are
(46:56) some improvements there uh where you can make it better but like you know all like it's basically like free game for every developer and every company that has users loging in so like we're specifically targeting like app developers first is because like we can provide their users the better security while using the same level of like tooling and apis that they need it's just like Mark said like the encryption happens by default there's no way to have like an impersonation mode there's no way to just like see that private
(47:25) data that the user is like storing encrypted it's all like client to server and to end encrypted and the developer with their client code is just like helping facilitate that on behalf of the user so it's like really giving users the agency on behalf of the developers that are building these apps for them so let's dive more into like the technical details like where the secure element comes in how the user interacts with that and how the app developer is able to interact with that and then maybe the cloud provider too yeah yeah to even um
(47:58) to just like introduce the concept of of secure enclaves like we all have these like secure elements on on our phones for once for like that's the easy example like you know whenever whenever you're on iPhone on iOS and like it pops up that little face ID thing is because like that's actually like built into the hardware like you know whatever you're trying to access or whatever passwords or or data you're accessing it's actually like protected by the secure element on the phone so like this is why um you know
(48:27) uh Apple has always taken a and you would know Apple more than me so correct me I'm wrong he's X Apple um but like they have taken the stance on on privacy and security and then making that easily accessible by users like they really championed like uh you know local phone secure enclaves or secure enclaves on the MacBooks um it's built into the hardware itself in a way where like not Apple not even Apple can can get into it like very often they are not able to whenever like law enforcement requests come in now of course they're can always
(48:57) be hacks right um there's always companies trying to exploit things um and Hardware itself but it's like you know from day one they're trying to like build it into the hardware in a way where like you know whatever data is in that secure element that secure Enclave like it can't be accessed um at least you know not reasonably um you know there's you know it's a billion dollar industry for trying to like break into hardware and stuff like that and so much successful but um so I it's not foolproof by any means but it just like
(49:26) raises the bar of Entry by 100x and you know for instance like now we're starting to get into secure elements and secure enclaves in the cloud itself which is really cool because um you know Carl dong talked about it with this obscure podcast that you you just did last week um you know he said that he was like Yeah someone uh told him hey take a look at like what Apple's doing for their like private routing stuff or their private AI that they the private relays all that privacy stuff and like you know he looked at it and we also
(49:55) looked at it too around around like a year ago and it's like oh they're they're doing things right they're having servers with these secure elements on them um and what happens when you use when you do it at this point uh on your phone when you want to store data privately or like be able to log in or something like that it all goes into the secure element and you have to like face ID it and it's checked by the secure element with with servers you like you take specific code that you know is like good and correct um and you
(50:24) put it into the enclave and when it's inside of that cure element the actual Hardware itself you can't penetrate it from then on like that code is running you can't like memory inspect it you can't memory dump it you can't like you know run different code on top of it once it's in there so it's like it's a way to you know for for users with their iPhones they're sticking data in there and they're having the like face ID or you know put in the correct password to actually get into it and it's like a hardware lock at that point um you can
(50:54) do the same thing with code now and running servers inside of it too so any code that is running in there you can verify and we do all client side verification too so like in the maple website um which is the first app we built on top of Open Secret to like prove this concept we do all of the checks client side so like if they were to fail for whatever reason if if the code does not match what we expected to run and like all enclaves you know give this like attestation report to like verify and it's built into the hardware
(51:25) of it to verify that like I the hardware is running exactly what the hardware says it's running um if that were to fail for whatever reason uh then then no calls would proceed forward we have like this check on the front end that just will fail and you users can see that like you know there's errors processing the request because like it doesn't match up so it like stops as soon as it like has like unexpected code running in the server um which I think is a really nice featureing like you know it it not only protects us to make sure that like
(51:55) no one got into the supply chain is running different code on our servers like it would already benefit companies to like make sure that they're running the correct code no matter what like you know there could be back doors in there they don't want me know about it um but not just running the correct code but now users of their software can verify it too which is really cool yeah there's that concept of a canary that people will put on their websites to say you know I'm being I am not being uh you know investigated by the US government
(52:25) and then if that Canary every disappears you know that they are being investigated well it's a kind of a s similar concept here where you know that we have not inserted a back door into the code because there's that verified badge and the the software actually talks to the server if we were to insert a back insert a back door run new code or someone in the supply chain inserted one and ran different code Not only would the verified badge go away so the canary you know dies but the software just won't even talk to the back end
(52:54) anymore um and then in the in the event that maybe it does and you know it it's a a new codeup that gets pushed it is verified because we're trying to be an aerious well then you go look at the code and you throw it into Ai and say hey what's is there a back door in here and it's like oh yeah you know they they inserted this thing right here so it's uh we're trying to protect users protect ourselves and just you know create a much uh I don't know a more positive interaction with your data yeah and then how does this change the relationship
(53:28) for the app developer and their users data like you mentioned you may want god mode to be able to find bugs some people want the data to be able to sell it to third parties is there um does this create a a new variable for app developers that makes them seriously think like do I want to use this more secure more private way because I don't have access to this stuff is I guess another way to frame it is the the security and privacy improvements and the abdication of that that liability they described earlier marks like um like a big enough
(54:10) cell for app developers to begin implementing this yeah so when you're doing a pivot or when you're doing any kind of startup you talk to a bunch of users right and you just put your idea out there and you get feedback on it so I think since the beginning until now we've probably talked to 20 or 30 different developers and um early on especially we ran into was probably split 50/50 half of them were like hell yeah I want to like have stronger privacy and security the other half we like no part of our business model is
(54:38) taking this user data and selling it or they work in an environment uh like education for example where they the the institution needs access to all the data so it would be bad if it was all in private vaults so there there definitely are people who have built a business model that way and to to some of those like they just won't be interested in doing this and that's fine but for others I would kind of push back and say well is that a good business model for you moving forward and is it worth the liability that you're taking on of
(55:07) housing all this user data you know that could be leaked and at some point yeah I think I think it's a big enough market for people to want to secure their um their users data and I think like there's many developers out there and then users of these apps that are like I I do want more private way to do things and so it's like we're always I think the hope is like we can appeal to them but I don't think we're going to appeal to everyone um building these apps but at the very least like I want to build it in a way where it feels like
(55:40) they're using any other third party service out there um so that you know maybe developers don't need to carry like developers that aren't going into it with like oh yeah I'm going to sell all this I don't I don't think I don't think most developers when they're building an app go you know oh yeah I want to build this cuz I want to collect all this user data and sell maybe that happens later um but like if we just start them out of the gate like oh this is easyuse platform for building apps oh and all the you you know all the user data isn't
(56:10) being spied on not only by the developer the platform hosters but by me it's like yeah that you know the hope is yeah that sounds great let's use this and then you know they can't sell that data later in the future and there's a middle ground to it also where you still can aggregate data in your your back end if you want to so um there's there's this concept I ran into it a lot at Apple but there's there's like industry standards around this where there's different levels of personal information right pii personally identifiable information and
(56:40) so um the higher the level then um you know the more secure it needs to maintain so like the the base level of personal information is like maybe an email address or something um whereas you get higher it's like their weight their height um you know know what kind of medications they take so if you're building an app yeah maybe there are parts that you want to have personalized but then you need to aggregate information across all your users so you can build kind of a nice social cohesive app and so developers can make that
(57:11) choice for themselves and for their users but we would like them to start with everything locked down first and then only only open up what they need to whereas right now it's the inverse everything is open up by default and then they have to actively choose to lock it down and a lot of times they don't even think about it until it's too late yeah that or make it like user explicit right like you know we want to have like some modes where you can like maybe share some data with like another friend or something where like maybe you
(57:38) have an invite code and they can access like certain resources of yours and read only mode or or you know things like that so it's like you know we do want this like explicit user based consent too where it's like hey the user is opting to share with developers and like our you know Hardware attested code is like you know forcing this so if the user said no then it's like no we're not going to like share this data with you but if the user like you know logged in then click yes like I want to share it with a friend or like I want to let the
(58:07) developer you know have access to my location so they can send me like emails whenever there's you know weather storm or something like that then like yeah you could potentially do that in the future we haven't built out any of that sharing yet but now I've got a now I got my mind racing like uh building like the zap vertising model or yeah building on that model too like if maybe companies can still monetize user data but they just have to have the user participate in the act of sharing of that data and the person who's buying
(58:39) that data from the company basically you you send a message to all the users like hey this company is interested in purchasing your data and you just use the lightning Network it's like if you opt into this you'll get 500 sets whatever or uh 10 bucks if you're willing to share this data and they're going to use it to Target you with ads for products they think you may like maybe yeah because in that model it really is your data right and so you now you are being as a user you can sell your data and get compensated
(59:08) for it yeah yeah I think that's cool no I I think and we were discussing this again when you guys were last in here the day after you guys launch Maple really feels and I and again going with the sort of parallels that this has with HTTP and https like I feel like or at the beginning of stag of where like it should be recognized that this should be the standard way to do data collection and we were talking about it um that day in here you you had the US government um when China hacked all the telecom companies like actively send a
(59:44) warning out like [ __ ] they're in the Telecom databases they they have all your plane text messages that you've been sending like please use and an ened apps like signal hide your kids hide your wives yeah all that yeah after many years of the US government saying stay away from these apps like they explicitly said don't use NN encryption cuz they're only for criminals like that's what I love to say but now it's like oh okay now it's for everybody yeah yeah and then you think like hippoc compliance like that it feels like
(1:00:12) that's an area where it would be incredibly necessary to have that and obviously financial data financial apps yeah I would say like the biggest apps that we've seen in this so confidential Computing the secure enclaves like as far as the servers go have been a concept for I don't know like you know six seven years maybe um and we we when we've explored this Market we we've seen so many of these secure Enclave apps building uh these platforms building for specifically fintech Healthcare um financial data things like that and you
(1:00:47) know uh when we were wanting to build on some of these platforms too to do things it's just like not easily user accessible or developer accessible it's like they're targeting like you know multi-billion dollar companies that targeting Enterprises for this stuff and you know um I think that's like a top that we can achieve at some point and get all the compliances and like have you know prove that we're doing things in a in a secure way as well but I think we want to just like take a step back and be like well you we weren't able to
(1:01:15) use anything like as you know as Mutiny devs as developers like we this is not accessible for just like an everyday startup to like start using a more secure way so like we're targeting from the bottom up and it's like let's just like hit the developers that want to just secure their users data and just have a very low barrier of entry and then we can go up from there and start targeting fintech Hippa compliance stuff all the different compliances that you know maybe even at some point like um you know school systems and stuff like
(1:01:43) that secure their data like you know I think the bar is very high but like it's already being proved out that like Enterprises are using secure enclaves like you know there's teams from every you know Apple's been using it for their secure um servers like you know meta has a whole team working on this kind of stuff like there are Enterprises using it um and we'll talk to some big companies and like yeah we're we're we're using it we're not going to disclose how like this is very you know private to us and like our own internal
(1:02:11) juice to to get the ball rowing but like we're it's not open source not accessible it's definitely not user verifiable the thing about Apple like they they are doing a lot of things right with some of their like private AI stuff and private confidential compute stuff um but it's you can't see the code so you you as the user don't know what's running in it now they say they that security researchers have access to it um under Nas and everything but um you can't verify it as a user so that's like the tradeoff there and so like we're
(1:02:39) kind of taking the step back like no anyone anyone can verify this um from the ground app and so we're we're trying to Target with like um ease of Entry just for every app Dev that can use it and not just like oh you need like you know starting you know 100K contracts to get started building secure apps yeah and uh in our Discovery we talked to one of the app Builders who it's it's one of the biggest Journal taking apps or you know Journal writing apps that's on both the App Store and the Google Play store and on the web and obviously a journal
(1:03:11) is a place where you put a lot of personal information and so you could use their cloud service and just store your stuff there but they naturally had users who wanted to secure it more and so they built a private key feature into there but they put the you know they put the onus on the user to like maintain their private key safely and so they said well how can we make this a little bit better and they're using iCloud they're using Google Drive and they're doing some kind of web thing but they had to build for each one of those
(1:03:38) platforms and they had to kind of like roll their own technology um and this developer he said it took them about a year and a half to build this out you know in in this way whereas when we pitched our idea to him he's like oh my goodness it would have taken me like two weeks to support all three platforms iOS Android and web we and have this like really nice slick user experience where it's totally end and encrypted so we we're trying to take this technology that is only available to Enterprise to these like large large tech companies
(1:04:08) and we want to bring it down to just everyday app develop everyday app developers who are just either tinkering around or really trying to build just a kind of a lifestyle business for themselves yeah and you said every AI developer on accident but like every app developer yeah um not just so talking about enclaves more like you know Apple's WR out theirs like AWS has their Google cloud has theirs Intel has theirs AMD all these major Hardware companies have theirs um Nvidia has an enclave um offering to their gpus as well not all
(1:04:39) gpus um we use the h100s um but you can actually insert models AI models Into The Enclave of a GPU and have that all verified and and and and encrypted all the way to the GPU so like right now um if you're using open AI you're using CLA you're using any of these like they're they're seeing all your data and Claud has recently came out with their like um industry report about like how people are using their Ai and they they even framed it as like oh this is a privacy preserving analytics collection on everyone and
(1:05:13) it's like no it's not like you're literally saying like these are what all your users are doing and saying to the AI there's nothing private about this I'm sure if you strip out some pii maybe but like you're you're seeing all it's all coming in in plain text anyone running these gpus too um for inference they see this too so like there's some companies out there that are um saying that they're private AI but really what they're doing is they're a proxy and they just turn around and give that data to the chat gbt or open
(1:05:46) AI or clot or whatever anyway so it's like at the end of the day they'll see that data in plain text anyone running these gpus will see it in plain text but we take it a step further and like our model we have um llama 3.3 70b loaded in the enclave and so it goes um all the user requests goes encrypted to our enclave and then our Enclave verifies any GPU that we're using to verify that it's um protected as well and then we have that chain straight all the way to the GPU so even you know the GPU Hoster could be anywhere in the world it could
(1:06:19) be anyone really at that point we don't care because we know the request is going to be encrypted to the GPU and that it can't read our resp responses which even goes back to like you know censorship as well um you know one of the things that you know we've seen a lot is like you try to ask open AI a bad request or or or even deep seek with their China models that they run in China um you ask it about you know team square or anything and you're it's just going to air out it's going to just probably flag your account too open AI
(1:06:48) has flagged accounts for like asking you know how to do something bad um and and so it's like you know there there are certain levels to it like uh llama is probably one of the most base models that there is um it's not fully open source but you can run it yourself um you know I would say it's pretty open source there's there's degrees with anything open source it's like okay how do you train it you know are the weights open blah blah blah but anyways you can run it yourself um but there's still a certain level of censorship built into
(1:07:21) the model like if you think about like asking a human you ask a human hey how do I how do I you know do something bad and like they may not want to give you that answer they're not censoring you they just don't want to give you that answer so llms could have that too but at least like we're not applying censorship on top of what these Bas llms are and neither are the GPU models and we've said some you know we've tested um saying bad things to the models and like you know sometimes they won't answer but then you course it a little bit and it's
(1:07:48) like oh okay here's how to here's how to make napon like it's like okay cool great that's awesome um but like we we needed to test it to see how how based or not these are and to see if like you know there it is actually and encrypted and the GPU isn't like you know um you know they're not seeing our requests so it's like it it works pretty well and just the fact and not very many people are aware of the secure enclaves in inidia it's it's pretty new like I think it's only been like less than a year that like Nidia started rolling these
(1:08:18) out um so I think it's a great thing that that we now have like the ability to host models inside of enclave and a in a GPU yeah and again going back to standard like like we were talking about earlier just like the conversations you have the data you want to be like we were talking about like planning your day like what should I prioritize but you think there's people putting financials and business plans into these models unaware of the fact that it's just completely exposed yeah on the back end and you don't know what kind of
(1:08:48) response you're going to get like you know they can always put any artificial response to you no matter what so that and they could take the information and do with it what they will and like so like from a fiduciary perspective like you again going back to like why I'm really excited about what you guys are building because you could see it being a standard where if you're this intersection of AI specifically is like if you're running a business and you're using AI as a tool like at 1031 if we're using it to do industry analysis or
(1:09:19) company balance sheet analysis like imagine if we we don't do this because we're don't feel comfortable with it yet but like put a company's like were trying to do some analysis on a deck that was sent to us or some financials to figure out whether or not we should invest or how to help the company and you put it in there and open AI gets access to it and what if it's an AI focused company with the Bitcoin twist and they take that and just implement it into what they're doing like that's a lapse of fiduciary responsibility there
(1:09:46) yeah and I mean that's that's one possible scenario right is that they might act on it I think the more realistic thing that'll happen is one of your competitors will now benefit from that information because chat GPT is going to train on the information you gave it right so chat GPT knows 1031 is investing in Bitcoin companies they're doing startups they have this portfolio and then a competitor comes along and says hey I'm doing analysis on this thing six months later where chip is now trained with your data and even though
(1:10:13) it doesn't tell this competitor hey 1031 is making these moves it will be able to give them a better answer that is that understands industry better because you helped it be smarter and so you're actually hurting yourself by and you know strengthening your competitors when you share this information so like with Maple we actually have a team account where you know you get you can add seats onto there so you can have multiple users on there and you get a ton of compute credits for doing Ai and you can share it among all your people but you
(1:10:44) can share like actual and all of our plans have this to be honest you can share company information in there knowing that it's n10 encrypted all the way to the GPU and so we don't have access to it and we can't train on it we're not going to train our our llm off of your company Secrets um so it just creates not only for the personal sensitive information you have but also your company um and like if I was a business owner that had a business of you know 30 40 50 people you know I would be worried that my employees are
(1:11:13) you know without my knowledge just sharing company information with Chachi BT because they are incentivized to not only do good work but they want to get a promotion right they want to get a raise and this information that belongs to the company it doesn't belong to them so they're just like you know what's the Worst That Could Happen my boss finds out that I shared this company information and I get fired right whereas me as a business owner it's like well my company could get tanked if my information gets out there so um yeah so
(1:11:40) I mean I I would much rather use an AI that is entend encrypted um and if you look at the AI offerings out there you have kind of like the most privacy is you're running it locally on your device you download it to your laptop you run it you make make sure that there's no internet turned on right it's unplugged there's there's nothing going in out using little snitch watching all the stuff that's like the most private but it's also pretty slow because your laptop and maybe you built up this massive beefy server at home okay cool
(1:12:09) uh super expensive but that's like one extreme then you have chat GPT which is just kind of this open thing you're just trusting this company then you have these these private AI companies that Tony talked about and those are more like uh kind of like the Legacy vpns you know going back to you're that they don't log and you're just trusting that they're saying we're not logging your IP address and these these requests that you're making you're just trusting these private AI people with their proxies that they're not keeping track of it we
(1:12:35) can't prove it either way we don't know what code they're running um with secure enclaves we have introduced a new category of AI now it's it has the power of the cloud it has the privacy of your home laptop and um and you can verify it cryptographically that we are not logging we're not keeping track of anything and I think that's that's very power F and it opens up a whole new world of conversations you can have because you don't have to trust us you can verify it yeah not only that you're not logging or tracking but that you
(1:13:04) can't even do it if you wanted to right yeah well I don't want to knock on my door at 3:00 a.m. from some government agency saying hey you have these users in your database hand it over it's like well I don't have the keys like that you have to go knock on their door go go do your police work and go track them down and and get it well this is a good segue to like end user ux how do you make it so and then user is handling private key information in a secure way and how do you handle backups like giving the power
(1:13:35) of access to data in the cloud to the user yeah so so all sorts of apps can be built on open secret right you could build an AI app like we built we have no problem if somebody wants to come in and build a competitor to us that's fine um we're building the platform so you can build that you could build a Bitcoin Wallet app right um you could build a journal app you can build all sorts of things each one has its own risk profile associated with it so if you're building a a Bitcoin app that is meant to buy coffee on a daily basis and you're only
(1:14:06) people are going to be putting 50 bucks in the wallet then maybe you're okay with them just logging in with Google and that's it right so their Google account is securing this $50 that they're going to use to buy coffee but if you are you know trying to build something like Unchained or Casa or something where you're going to store generational wealth then maybe you want to have more inputs to the security model so you're going to require them to do like a login with Google but they also have to have a pass key or they
(1:14:33) also have to have an email authentication and so you require them to do like this multi-step process and then maybe that is just generating one of the private keys in a multi-sig and they have some other organization that's holding another key so you really can be flexible with this and build out a security profile for your app that is uh appropriate for what you're trying to secure yeah thought yeah and so it's like you're not it's not like in end users writing down a seed phrase to recover but they but they still can though yeah
(1:15:04) especially in the model where it is um yeah let's say it is lower stakes and it is just like you know you're backing up your uh you're just using it for just a normal note taking app or using it for a Bitcoin wallet U for hot funds um there is still that option where like you can request that the Enclave gives you the seed phrase through an encryp the channel um still verified by The Enclave but you can request that it pulls down and they can get a copy of that seed phrase so they can still do backups just fine but it's not like one of those
(1:15:34) scenarios where you know upon launching the app the first thing they have to do is write down 12 words and then repeat the 12 words back to them just verify that they have the keys it's like you know if you're just like trying out an app for the first time maybe just signing with Google and then you can change the login methods later or you can change the tofa to make it more secure or or you can back up the key right away or you can wait until you actually use the app and you're like oh okay I should probably back up my funds
(1:16:00) maybe you get a prompt in the app that's like hey it's time to back up your seed phrase and then and then you can do it right but it's not like let's say you do all of a sudden um forget your seed phrase or lost it then it's like okay you can sign back in with email password or you know Google ooth or GitHub ooth or one of the ooth methods and you get you get that access back again but only you can get that access back again um uh through the valid off method the same thing with like face idea it's like we're using the authentication to The
(1:16:28) Enclave has to happen um with something that you know and only you have um uh same thing with like face ID with like scanning your face so it's like only upon valid authentication can you get access to that private key in the first place and then at that point it's just you and The Enclave talking um so you can pull down the key if you want or you know or like Mark said you can have it as just like one of the key shards so backups would be a great scenario where you just you back up one key Shard um that can be accessed by logging in with
(1:16:57) Google or email and password um but then the other key shards you know one's on your Hardware wall one's maybe you know on chain protecting you know getting one key Shard too so you split it amongst different groups so like we can be one of the groups for key shards um if you want to go that step but you don't have to at the end of the day like I'd say like the reason we built out Maple um for one I think it's cool as we were talking to more and more developers um developers naturally are very keen on AI and using it for their workflows and
(1:17:26) they're like oh yeah like if we had a private a you're saying like one of the apps we could build is like a private a on top of it it's like I would use that right away so we decided to just build that right away as a pro concept of Open Secret for other uh apps that can be built on top of it but yeah I would say like you know just go try out you know Maple it's try maple.
(1:17:49) and you can go in like log in um with email you know Google GitHub any of all off methods and then just see for yourself like how the user experiences Like Only You are getting access to it you're talking to The Enclave from day one but you wouldn't even you wouldn't even know it if if we didn't like have the call outs of like hey this has been verified as running the correct open source code because it just feels like a natural experience and I have to say like since we launched a few weeks ago like it's been so refreshing building something that like works very well and
(1:18:19) like had doesn't have the friction and it feels like a normal app because like there has been like no support re like almost no support request that we've gotten from it everyone's like you know we we've had I think like 5 or 600 users now at this point in just the last couple weeks and it's just like we've gotten like no support because like maybe one or two a week of someone asking a question um because it just it just works and it's just and it just feels like any other app that's out there but it's like secure from day one
(1:18:48) well and that was uh that's like from the user perspective of how to back up your data we also don't want developers to feel like they're locked into our platform so one our server code is open source and then they can download a copy of all their data all the user data but it's encrypted so they can protect themselves should we go away at some point so they can they can have like daily or hourly or however many backups they want to make they can be do incremental backups and just have this kind of encrypted data store to sitting
(1:19:15) there in safe storage and then they can have the open source code also downloaded so they can have kind of like a warm spare ready to go so if Open Secret somehow disappears boom they turn turn it on they redirect their app to point to their own text stack and now their users can get back in and interact with their data now we would prefer that they use us because we're providing a whole cloud service for them we've got availability that's Global uh we've got like this AI service that they can tap into so I think there's a lot of
(1:19:43) benefits to developers using us but you know we need to have off ramps in case there's there's a catastrophic you know you have to have Disaster Recovery as part of your your strategy and we can provide that to them um so yeah I think that's a great thing that we offer um and then on the AI side if you're building an app let's say you're building a meal tracking app and you're like okay cool I'm bought it on Open Secret I want to build it so that when my users track their breakfast lunch and dinner all of the food they ate all the
(1:20:12) calories their weight is like encapsulated in their own private Data Vault but it would be really cool to have ai suggest something to them for the next day build a meal plan for them based off their data well if you send that out to Chachi BT suddenly you're like sending all this personal information to chpt so we have our private AI API in there where they can interact with it and keep everything within the enclaves keep everything private and so it's not just AI chat anymore it's like put AI into your app
(1:20:40) whatever you're doing you can now like enable extra functionality and over time within the app the AI will develop context for particular users in that Data Vault and be able to give better answers yeah in a private way yeahh it's already pretty scary when you you go and ask open aai like oh what do you what do you know about me you know I I have a friend this oh you can have it like build a dossier as if the CIA were coming after you you're like build a dossier of what you know about me and it'll like spit out a lot of private
(1:21:08) information yeah D it's scary and and that's all like information that they're keeping and they're tracking and they're building user profiles based on your request so it's like they're not just you know training AI models on your data um but like actively storing it so like an employee if they pulled up someone's user profile they' be like oh this is the kind of user I have a friend who like uh he's just using perplexity and he he's just asking a very normal request like oh hey like like create a this these are ingredients I have in my
(1:21:42) house I create a recipe for me and it's like creating a recipe for it and then it ends you know he's asking question like oh I I ran out of this ingredient can I use this one and it's like would it be bad if I use that one and and towards the bottom of it was like you know as as a as a Christian you shouldn't be worried about all this things it's like as a rust developer it's similar to like you know building things with type safety and it's just like wait what what are you what are you doing like you're creating a profile I
(1:22:07) mean injecting that into the AI request for my normal recipe making thing it's like that doesn't make any sense at all so it's already scary like the personal information that they're starting to like attribute to a user and keep track of and build profiles on like one of the stats I learned it very early on in computer science um in college was just like all it takes is like four purchases uh a credit card purchase for them to narrow it down to like just you it's like the amount of metadata points of just a profile like a human profile that
(1:22:39) you need just to like figure out who you are like the specific User it's it's is very low that's insane yeah like I mean think about your day think about the things you're interested in like if you just think of a couple things like oh yeah there's there's a lot of people that are interested in this but who's interested in like you know like farming and Bitcoin and you know I don't know anti-al actually probably all of us right but yeah but but if you think about it the more apps that use chat PT then suddenly you'll be on another app and
(1:23:10) that app will now know a lot about you that you gave to this other app that you were trusting thinking that like oh this app developer I really know them but what you gave them went into chat gpt's database and now some other random app that you logged into that maybe you were just trying out is like oh I know all this really cool stuff about you now so it's you're just kind of like creating this giant honey pot of your own personal information yeah and like the open AI of the world would frame that as making your life easier wherever you go
(1:23:39) um the AI knows exactly what you want and a lot of this stemmed from like ad tracking adte like this is almost like the Roo of the very beginning of the problem it's like so much money wining adtech that for creating incentivizing this correct me if I'm wrong but it seems like you can build an experience an intera experience if enough developers adopt the Open Secret platform where we could have a similar experience but have the assurance that like only you have access to that data right yeah that that would be something
(1:24:08) like later in the future um but the idea that like a user could have a open secret profile and they can log into multiple apps on their open seceret profile and then from there you can get into almost almost like a Google accounts experience like a Google science experience where like oh this wants access to your Google Drive do you want to give this app access to your Google Drive like things like that where at least now we can like make it more secure it's like okay the user gave access to this other app's drive you
(1:24:39) know for this specific purpose and still without giving that developer the raw access to their data it's all inside of an enclave so whenever user does a request it's like all that data sharing happens with inside The Enclave in a way where you know it doesn't get into the hands of the developer like you could build unique experiences just from that but that'll have to like we talked about it very on it's like okay well let's get some traction first and then and then you know Justus like right now we're you
(1:25:09) know end developer focused company not like a you know user consumer app like open Maple is but open Secrets meant for developers to build users their apps um but eventually if there's like enough users and enough interest for this kind of you know R scripted data sharing inside of an enclave bring your personal context with you yeah MH to all these apps which kind of stems into the whole like decentralized identity scheme too where it's like it's your data you own it and you're giving explicit permission to these apps to use it in a almost like
(1:25:42) data sharing kind of way like a St data standardization way where you know you have the same playlist why does it matter that it's on Spotify or apple or whatever what if you just want to log into like a you know title now oh I'd log in the title now all my playlists aren't here you know like if you just had a central location for all your playlists then you can log in one of these apps and still have it well correct me if I'm wrong to now I'm visualizing this like you could set up a way where like an app front end and back
(1:26:11) end essentially just creating like a function and you bring the different inputs and variables to that function and uh the app at the end of day will know that an output has been produced but may not know the value of the independent variables that you brought the context to mhm I mean that's that's kind of like enclaves in a nutshell right there the way that I love to explain it to people is if if you've made it this far in the in this in the episode and you still don't understand what the hell an enclave is um the way
(1:26:39) that I like to look at it is like this transparent box where you shove a bunch of code in there and then you lock it and you can look inside the box and see the code that's in there you can't touch it you can't do anything it's there but then the data that passes through you can't see there's some kind of privacy glass where you can't see the data coming in so say that you were cooking in your house you were baking cookies right well you take the recipe for baking cookies that's like cup of flour you know cup of sugar whatever chocolate
(1:27:04) chips that recipe goes into this box and you lock it but it has no idea what kind of flour you use you know did you use American flow did you buy the fancy stuff from France you know that's better on a digestive tract doesn't know what kind of what brand of chocolate chip cookies you use like so all the data that passes through is just invisible um and you know it's an opaque experience from there so I feel like if you are building these apps like um you can assure your users like hey you can I mean that's where the name open seeker
(1:27:31) comes from you can view in open the the the code that's running but you just can't see the data and so we try to have this open approach that's like your secrets are protect are protected because everything is you know the code is published out in the open and you can verify it bullish yeah let's make it the standard yeah let's do it what is the reaction uh from the launcher of maple AI particularly not from end users but from App developers seeing that as an example of something that can be built in the wild yeah I mean we've got uh just we
(1:28:06) have a few more developers that have jumped into our Discord to start chatting with us and um some of them are very active really excited and maple has just been this awesome tool to hand them and like it's a light bulb moment it's an interesting concept that a lot of developers kind of they can Gro when you first tell it to them but then they go use maple and like you said it feels like a normal app it doesn't feel like this really clunky thing where I had to do a lot of work to get it to work I just sign in boom I'm chatting
(1:28:33) with it like chat gbt and I get my output and so um you know this light bulb turns on and now we have these developers who just like okay I've got this idea I've got that idea can I build this can I build that and uh we're like well hold on we're still building the platform right we're still building the plane while we're flying um we don't want it to land and flip upside down Soo uh yeah too soon but um nobody died so we can laugh uh but um but yeah no so we have a lot of developers who are really excited about it and we're really
(1:29:02) excited to kind of get to the point where we can let people do it self-service style where a developer at 1:00 in the morning is just you know up late tinkering around and they stumble across us and they're like let me try this out and they can spin up their own app within like 30 minutes and have something up and running we would love to get to that point right now it's a little more handh holdy but um we we'll get there soon enough yeah and that's why we built May to to like dog fit it to we had a lot of developers even you
(1:29:28) know when we were talking to everyone just like okay cool like I want to use this right now it's like well we're still still trying to figure out what developers need um so we know we're building the right thing like the product Market fit and and the the product validation is like very important too so it's like that's why we started out building Maple making sure our platform can do everything that we wanted to do as app devs because you know we're apbs at the end of the day um well I am I was I'm not anymore yeah
(1:29:55) uh but um yeah we just wanted to verify that and now we're getting pretty close to being able to turn on um production for Open Secret itself we already have some some builders that are ready to launch with us so we're pretty excited about that so in you know few weeks to a month it should be live in production for app devs to get on boarded um by us until we turn on the self-service part hell yeah yeah and like really we have kind of two customer bases if you will right we have the developers who are trying to convince to use us to make
(1:30:29) their apps more private and secure but then we have their end users right and so we want their end users to come to them and say hey your app is a little too open for me like I would love to have something that's more secure and so I guess to people listening to this you know if you're not an app developer yourself like go to try maple.
(1:30:48) just try out for free you don't have to pay us any money but like get the feeling of what it feels like to chat with something that's truly private and uh you just you can't understand it until you've done it and then suddenly like you unlock this thing in your brain that's like oh my goodness I have been holding back this whole time when I've chatted with and interacted with other apps online I self-censor or you know maybe I have this Rogue idea that is not bad and nefarious but I don't want to share with anyone and so I haven't put
(1:31:14) it in there well now you can and it's like this very liberating feeling to have yeah well I know it's been a a long year for you guys and again it's been fun I know not always at times for you guys but uh watching from the corner of the comons if you guys have iterated and shipped and gotten to this point as you've gotten ripped and it's been it's been fun to watch I'm so pumped for you guys cuz it feels like launch of maple getting getting this developer sort of fervor around at least a small amount of fervor around it and again I think
(1:31:54) I'm an idiot I don't build apps but conceptually to me like the the progression uh of the web towards War private and the what you guys are building just makes sense to me intuitively that this should be a standard particularly I mean you've know we've been covering it on Rabbit Hole recap for seven years now like data breaches is like a section of the show and if you can build a product that makes data breaches hard to if not impossible I think the world's going to be a better place yeah yeah and instead of our like you know we were building
(1:32:28) out all the infrastructure of mutiny and then trying to make a great app user experience as well at the same time the front end app it's a lot to do both at the same time and then like how much is one app going to reach you know user wise at least like at the end of the day we do want users to have better data protection and better data guarantees so it's like at the end of the day we can reach many us like many app developers building for many end users and I think we can make a bigger impact on the world this way too yeah and it's it feels like
(1:32:57) a paradox but a more open internet needs to have strong privacy so we as individuals need to be able to lock things down in order for us to feel more free to communicate online yeah completely agree keep crushing it gentlemen go check out Maple AI TR maple. yep what's open Secret's main website open secret. cloudcloud yeah.
(1:33:17) Cloud I knew that was all that was available it playss it plays gentlemen you can find us on Twitter X Noster run all the places all right keep crushing it gentlemen thanks thank you Marty peace and love
