← back
The Unofficial Guide to Apple's Private Cloud Compute - Jmo, CONFSEC
Original: The Unofficial Guide to Apple’s Private Cloud Compute - Jmo, CONFSEC
Takeaway
PCC's stack — OHTTP, blind signatures, secure enclaves, code attestation — is a reusable blueprint for making remote AI compute provably private.
Summary
- Apple's Private Cloud Compute meets five requirements: stateless computation, enforceable guarantees, non-targetability, no privileged runtime access, verifiable transparency.
- Achieved with six components: oblivious HTTP via Cloudflare, blind signatures for anonymous auth (the 'arcade tokens' analogy), secure enclaves, code attestation, no-disk/no-SSH images, and transparency logs.
- DeepSeek leaked 100M chat records this year and OpenAI is now forced to retain chats — motivates why privacy guarantees matter even for non-paranoid users.
- Talk extracts patterns developers outside Apple can adapt — TPM-equivalent hardware, OHTTP as a tor-like third-party launderer, and code-attestation before key release.
- Speaker is building Confident Security to bring PCC-style guarantees to other AI providers.
privacysecurityapple
Original description
In October 2024, Apple released a new private AI technology onto millions of devices called “Private Cloud Compute”. It brings the same level of privacy and security a local device offers but on an “untrusted" remote server. This talk discusses how Private Cloud Compute represents a paradigm shift in confidential computing and explores the core advancements that made it possible to become mainstream. We’ll explore its novel architecture that allows developers to run sensitive, multi-tenant workloads with cryptographically-provably privacy guarantees at scale and at reasonable cost. Attendees will leave with an understanding of how to leverage this technology for data and AI applications where privacy and security is paramount. About Jonathan Mortensen Jonathan Mortensen is a technology executive and founder with expertise spanning AI, data infrastructure, and cybersecurity. Currently serving as CEO of a stealth AI startup and Founder Fellow at South Park Commons, Jonathan previously founded bit.io, a multi-cloud serverless PostgreSQL platform acquired by Databricks. As bit.io's CTO, he built innovative database technology that handled hundreds of thousands of databases securely across multiple cloud providers. Prior to founding bit.io, Jonathan led data science and engineering teams at BlueVoyant, where he designed high-volume data pipelines processing 50 million events per second. He holds a PhD in Biomedical Informatics from Stanford University and combines technical depth with leadership experience across engineering, revenue, and operations. Recorded at the AI Engineer World's Fair in San Francisco. Stay up to date on our upcoming events and content by joining our newsletter here: https://www.ai.engineer/newsletter 00:00 Introduction to Apple's Private Cloud Compute (PCC) 00:58 The Motivation for Privacy in AI 02:20 The Core Problem: Balancing AI Compute Needs with User Privacy 03:59 Apple's Five Key Requirements for Private Cloud Compute 05:22 Conceptual Architecture of the PCC System 08:06 The Six Core Technical Components of PCC 10:22 Deep Dive: Remote Attestation 11:52 Deep Dive: Transparency Log 13:22 How Remote Attestation and the Transparency Log Work Together 15:09 Gaps, Downsides, and Trade-offs of the System 17:33 How Developers Can Use Similar Privacy-Enhancing Technologies 19:17 Industry Trends in Private Processing