A blog post currently making the rounds hard on Lobsters AI has struck a nerve in the security community. Matthew Green, professor of cryptography at Johns Hopkins and one of the sharpest critics of the tech industry on privacy issues, has published a lengthy and well-crafted takedown of Apple's AI privacy promises — and the conclusion isn't flattering for Cupertino.

The core argument is this: Apple has done a lot of things right with Private Cloud Compute. They run inference in isolated environments, they don't log requests, and the architecture is substantially better than competitors'. But when AI assistants start acting on your behalf — ordering things, sending emails, coordinating your calendar — "we can't see your content" no longer cuts it. The behavioral pattern itself, the timestamps, which services are contacted and in what order — all of this leaks information about who you are and what you're up to.

Encrypting the message isn't enough if someone can watch every door you knock on.

This isn't paranoia. It's a well-documented problem in cryptography called traffic analysis, and it has existed long before AI. What's new is that agentic systems make the attack surface dramatically larger.

So what's the solution? This is where it gets technically interesting. The research community has been working on two approaches: secure multi-party computation (SMC) and fully homomorphic encryption (FHE). Both theoretically allow you to run AI inference without the server ever seeing your data in plaintext. Meta's CrypTen framework has demonstrated that SMC can operate faster than real time for certain models. But for large language models — transformer architectures in particular — the performance overhead is still a serious problem. FHE can, in the worst case, make operations 10,000 times slower than normal. That's not exactly what you want running Siri.

Apple's privacy promises don't hold up: cryptographers are furious - Bilde 1

Green is clear that this isn't a criticism of Apple alone. The entire industry is offloading privacy responsibility onto users by offering half-measures and calling it "privacy-first." What's needed is an honest conversation about what is actually technically possible today — and what isn't.

Why should you care right now? Because we're in the middle of a wave where all the major players — Apple, Google, Microsoft — are pitching agentic AI services as something you should trust enough to let act on your behalf. The questions Green is raising aren't academic. They're the ones you should be asking before you let Siri book your vacation.

Note: This is an early signal from the cryptography community and the tech underground. None of the claims here are peer-reviewed in the classical sense, but the source is one of the most credible voices in the field.