We present foundation language models developed to power Apple Intelligence features, including a ~3 billion parameter model designed to run efficiently on devices and a large server-based language model designed for Private Cloud Compute. These models are designed to perform a wide range of tasks efficiently, accurately, and responsibly. This report describes the model architecture, the data used to train the model, the training process, how the models are optimized for inference, and the evaluation results. We highlight our focus on Responsible AI and how the principles are applied throughout the model development.
A thousand years ago, there was a cooking show on TV called Chef Tell (real name: Paul Friedman Erhardt). My teenage kids and I enjoyed watching him for just four words he would say, after making something too complex for any of us to bother with. In his thick German accent, he would say “Vewy simple, vewy ee-see.” When, again, it was not. So whenever something complicated needed to be done, one of us would say, “Vewy simple, vewy ee-see.”
I bring this up because I want tech support to be like Chef Tell. For example, today, when I mostly failed to solve an email problem. What follows is a diary of what I’ve been through on this thing.
The primary email app on my laptop (a 2023 M2 MacBook Pro) is Apple’s Mail.app. It’s not ideal, but I like it better than Thunderbird and Outlook. I use it for five email accounts: my main one with Searls.com, my gmail one for Google stuff one can’t avoid, the Apple one a customer gets anyway (actually three, ending in .me, .mac, and .icloud), my Indiana University one, and a new one just for MyTerms stuff. That last one is hosted by Fastmail.
So one day the MyTerms email account on Fastmail account stopped working. The password and login work fine with the Fastmail app, and with Fastmail’s webmail on a browser. But not with the Mac app. Working with our MyTerms.info admin person, I generated and tried some number of new passwords, made sure the logins, the TLS, and the ports were all correct. No soap. So we concluded, at least provisionally, that the problem must be with Apple’s Mail.app. I then spent most of this afternoon on three calls with AppleCare, not taking to one human being. Apple seems to have nothing but AI agents now. (Not true, but I’ll cover that in another post.) The final advice from the final robot was to contact Fastmail.
For guidance toward that, I went to the Fastmail app, and saw an email from Fastmail. It said,
The above login failed because your regular password doesn’t work with third-party apps. This keeps your account secure. Instead, you can make a unique app password to use your account with the app securely.
Your regular password can be used to create new users, change your settings, or cancel your account. It’s important to protect this, which is why it can only be used to log in to fastmail.com and the Fastmail app.
We offer setup guides for most popular e-mail clients, such as Outlook and Mac Mail. These will take you through making an app password and using it for client login, step-by-step. Go to Settings → Migration to get started with a guide.
The first link there took me to a page that says.
Every third-party program or app needs its own app password to access your information. For the Fastmail app, you need to use your normal password. If you use your normal password or your Fastmail two-step verification password on an external account, syncing to an external service won’t work and you will see a password error.
This led me into a maze of instructions for setting up two-factor authentication that required an authenticator app on my phone. Fortunately, I know what that is, because Indiana University requires the one called Duo for doing the two-factor dance with its email maze.
After I got Duo set up, I still didn’t have an app password. I found a clue for that on another page that said this (among much else):
If your app password is for an Apple device running iOS 11+, you can use the QR code to automatically set up your email on your mobile device. Please note that the link provided via the QR code can only be opened via the Safari browser. Through Safari, you should then be able to download the auto-configuration file to your device. Our Help Center has help pages with more information on Apple auto-configuration for based on your device’s iOS.
The help page opens on every app I have other than Safari.
Under Automatic setup tool on one of the Fastmail help pages, it has nine steps one must go through. Somewhere in there, I got to the New App Password page, where it said, under Setting up this Mac,
Open this configuration file to set up everything automatically. Learn more.
I clicked on the “Open this configuration file” link, which downloaded a file to my downloads folder. Clicking on it brought up a little window that said,
**Profile downloaded.
**Review the profile in System Settings if you want to install it. [OK]
I hit OK. But where would it be in System Settings? Digging around in Fastmail, something said I would find the profile in General—>Device Management.
It was there. Among other things, it said “Double-click to review.” This brought up a window that said Are you sure you want to install this profile? So I hit “Install…” and it seemed done. Above it, next to “Work or School Account,” a button said “Sign In…”. This brought up a window that said Sign in to a Work or School Account. Above my email it said “Your email address will be sent to Apple to check device management enrollment eligibility.” In blue, it said “Learm more about device management…” Clicking on that brought up a window with a lot of words that I got rid of by hitting OK, so I was back to the last window, where there were buttons for Cancel and Continue. I hit Continue.
This got me to
Sign in with your managed Apple Account.
Enter the password for your Apple Account (the email address) provided to you by your organization.”
The password was back at my Fastmail app, under “Your new password for Apple Mail.app is::”
I copied it and pasted in the field in the Sign in window and hit Next. This turned the window into a wider one that said, in red,
Your Apple Account does not support the expected services on this device. Contact your administrator to sign in.
My administrator is in London., where it is now 1am.
I’m giving up now.
Lost patience rates may apply
One of the biggest reasons I own Apple stuff is that AppleCare seems to care. They have human beings for that. I’ve been using them since the service first showed up in 2001, along with Apple Stores and their Genius Bars. The agents on phones have always been helpful. They differed a lot in levels of expertise, but on the whole were very good.
But now I only get AI agents. This has led me to wonder if they are replacing humans with AI agents. But I don’t know. They are recruiting service and support people. But not for front-line triage work, they’re using AI agents. Interesting that every one has a different voice. And in some cases they have been helpful. But not today. The one time the AI agent said they would forward my call to a person, I got about a minute of silence and then the call dropped. An Apple robot did call back, but I had given up at that piont.
The NBA draft is tonight, and will be hugely interesting for fans, because this year's class coming out of college is unusually thick with talent.
But what's happening with trades is more interesting to me right now.
The Miami Heat just traded most of its team and some valuable future draft choices to the Milwaukee Bucks for Giannis Antetakuompo and Bobby Portis. Among the traded Miami players are Kel'el Ware and Kasparas Jakučionis, both of whom I got to see play in games here at Indiana University. Ware was on the Hoosiers, our home team. Jakučionis was on the Illinois Fighting Ilini. I saw one game in which Ware did not miss a single shot, including threes, and ruled the floor. And I saw Jakučionis pick apart the Hoosiers defense. They're both very good, with high ceilings.
Giannis is a near-perfect basketball player, with enormous size, muscularity, and court smarts. He is also 32 (almost elderly for a big guy) and has been injured a lot in recent years. That's the biggest risk for Miami.
The putative losers in this trade were the Boston Celtics, which were prepared to trade Jaylen Brown and some other players and/or draft picks to Milwaukee. This was never a good deal for Boston. In fact, I would hope that Brad Stevens, the General Manager, was only responding to outreach by Milwaukee rather than shopping Jaylen Brown, who has done nothing but improve through his ten years with the team. He has also been All-NBA multiple times, won a championship as the MVP, and was sixth this year in league MVP voting. The only thing arguing against him is that he said some unwise (and I think completely misunderstood) shit on a twitch stream. And now some of the talk on the sports podcasts is about how Jaylen is miffed that he was offered in trade at all. But this has happened before, and he knows the only way he'll be traded is if they get more back. I don't see that happening.
Boston also has a great team. The only better ones, as it stands now, are the San Antonio Spurs, the Oklahoma City Thunder, and the New York Knicks. Odds-makers currently place the Celtics third, behind the Thunder and the Spurs, to win the title in 2027. They place the Knicks fourth, which is nuts.
I put the Knicks first, because they are the best team. By far. The way they dominated the championship playoffs this year was a nonstop demonstration of how great teams win games that great players alone cannot.
I hope for the sake of both the Knicks and the Celtics, and their longtime rivalry, that they both keep their rosters intact.
My wife’s Mac laptop has ‘All Sent’ listed under ‘Favorites’ in the left panel of her Apple Mail app. Everywhere my Big AIs and I looked online, however, we didn’t see a way to add it, until ChatGPT suggested I mouse over the Favorites heading to see what appears. The two items that showed up were a folder icon next to a down (v-shaped) symbol for collapsing the list below. When I clicked on the folder icon, I got the window above. ‘All Sent’ was among the choices under the pop-down menu. When I clicked on that, it was added to my Favorites and grayed out in the menu. So now this small instruction is out there for search engines to find and for the AIs to notice as well. Hope it helps other people looking for the same thing.
BTW, there were other choices above On My Mac in the menu above, but they were all personal items I don’t want to share. The point is still clear.
#2 is the one extracted today. It will get replaced. Same happened with #6 a few years ago. #17 broke, got yanked out, and is a blank space now.
Something not to chew on. Or with.
To dentists, teeth have numbers. They start on the top right, so your wisdom tooth there is #1. The numbers continue around to #16: your left wisdom tooth, then down to #17 below, and around to #32, your right bottom wisdom tooth.
I’m losing #2 today at 1pm. It feels fine, because it is dead: had a root canal a couple weeks ago. Turns out it’s kinda rotted, though, and will get worse. The rot is too low for a crown, so it has to go. The plan is to go for an implant after the wound heals. Meanwhile, a gap.
It took longer and was more complicated than I expected, mostly because I’m opting for a replacement tooth, rather than a gap or a bridge.
During prep, the nurse told me that fresh “bone matter” would be packed into the root cavities. The idea is that my skull will adopt the bone matter, make it my own, become skull, and then support the post that will be drilled into a solid mix of new and old bone. A new fake tooth will be emplaced on the post about nine months from now. In the meantime, I will chew on one side and mostly gum on the other.
“Where does this bone matter come from?” I asked the nurse.
“Cadavers,” she replied, adding that some corpse’s bone bits may escape from spaces between the stitches from time to time. Swallow it, and I’m a cannibal.
Also, no solids for several weeks. Also yum.
In the meantime, I have pain, addressed by my first opiates since getting my hip replaced eleven years ago. I’m not a fan, but we deal. Wish me sleep.
I can’t call mine on Father’s Day. Pop died in 1979, eight years younger than I am now. Were he alive today, he’d be 117 years old. I only knew him for 32 years, but I can still hear his voice clearly, and would know it anywhere. Mom‘s too. And Grandma’s. Maybe I’ll hear them all before my end comes. That possibility is suggested by The profound meaning and mystery of deathbed visions, in Friday’s Washington Post. If you can get past the paywall, it’s a good read. Also, call a dad today.
So now’s the time
Buying a Used iPhone Makes More Sense Than Ever, Wired says. New ones are going to be more expensive soon (says The Wall Street Journal, and old ones are mostly just fine. Unless you’re doing fine-art photography or video, the differences between an iPhone 13 and everything since are not huge. I stuck with an iPhone 11 until the battery was crap and I got a 16. My wife got her iPhone 16 after her iPhone 6 finally died. The next iOS version, 27, will work on every iPhone going back to the 11. Naturally, markets being what they are, used iPhone prices will soon start going up too.
The message in the medium called AI is in its first name
Worse, Big AI is a giant digestive tract, extracting value from all the stuff in the world, hoovered up so its giant brain can make faked-up answers to anyone’s questions, make faked-up writing, faked-up code, faked-up music, faked-up art. It can fake all kinds of human output that does not require a human body. Lots of that shit is useful, helpful, and hell, amazing. (I use it every day.) But it’s not our shit, even though it can serve a zillion prosthetic purposes.
That leveraged what we might call the Carlin Paradox: “Ever notice that all your shit is stuff and everyone else’s stuff is shit?” I thought that paragraph veered away from the thrust of the post, so I relocated it here, so I could tee up the headline of this post within a post.
Listen to what George says, if you haven’t already. You can stop about two and a half minutes in, after he talks about how all your shit is stuff and everyone else’s stuff is shit. Because that’s the reason Big AI will never be personal AI. Big AI is not a place for your stuff. It’s a place that’s full of everyone’ else’s stuff. And yours too, probably.
But it should be clear by now that we need AI. It’s too useful not to use, especially to make sense of our stuff. Which is what?
A couple of years ago, I asked ChatGPT to generate an image of a woman having her own AI for her collection of stuff. I gave ChatGPT some categories for that stuff. The result was the image below. This was in the Olde Days of AI, when ChatGPT hadn’t yet learned to spell. So I added the words using Photoshop:
Interesting that ChatGPT thought the place for her stuff was a coffee cup. But at least it was a physical thing. In reality, what would that physical thing be?
Apple gave us the first model for one, back in the late ’80s. It was called the Knowledge Navigator:
Hats off to Tor Hagemann for pointing us to it. Really, check it out. The video is less than six minutes long and describes the kind of thing we need: A device, not just a service.
The place in that video is a professor’s study. For you and me, it might be a workshop or a cabin. Whatever the metaphor, we need a home on the Internet range: one as comfortable, safe, secure, familiar, and as much ours as our home in the natural world.
Our digital stuff (such as in the graphic above) is what techies call “unstructured.” It’s many different kinds of data, organized in many different ways. AI is good at dealing with unstructured digital stuff. We just don’t have AIs of our own yet, or a place for our digital stuff. But work is going on. Let’s review some.
“Personal Intelligence that answers only to you.” It runs on one’s own machine, with local models of your own choice, privacy by default, and a cloud option. Here’s a grab from the website today:
OpenClaw is a personal AI assistant you run on your own devices. It answers you on the channels you already use. It can speak and listen on macOS/iOS/Android, and can render a live Canvas you control. The Gateway is just the control plane — the product is the assistant.
If you want a personal, single-user assistant that feels local, fast, and always-on, this is it.
Kwaai is an nonprofit open source personal AI R&D shop with a large and active community. I volunteer there as Chief Intention Officer—a title that plays off The Intention Economy, which at least partly inspired the company. Kwaai’s main work these days is KwaaiNet, which its Github page describes this way:
KwaaiNet is a decentralized AI node architecture for Layer 8 — the trust and intelligence layer above the traditional network stack — built by the Kwaai Foundation, a 501(c)(3) nonprofit AI lab focused on democratizing AI.
Each KwaaiNet node combines:
A decentralized trust graph (cryptographic identity, verifiable credentials, local trust scores).
Shared, sharded LLM compute over heterogeneous CPUs/GPUs using Petals-style distributed inference. Apple Silicon Macs use llama.cpp with Metal for 30+ tok/s local inference; Linux nodes use CUDA-accelerated block sharding.
Secure multi-tenant knowledge storage via Virtual Private Knowledge (VPK) with encrypted vector search.
Intent-based, peer-to-peer networking that routes based on “what I need” (model, trust tier, latency), not just IP addresses.
From an app’s point of view, KwaaiNet looks like a familiar chat-completion style HTTP API. Under the hood, it is a person-anchored Layer 8 fabric where every node is tied to an accountable human or organization.
It’s just spread across documents, notes, meetings, messages, and old decisions. Companion Intelligence brings that context together, so your agent can find what matters and help, more effectively, from where you left off.
Most AI tools are temporary, and interchangeable. They answer a question, finish a task, and forget the larger story. Companion Intelligence gives AI a private home base: a place to understand your files, projects, routines, decisions, and history without making someone else’s cloud the center of your life.
Agents for Companion Intelligence can come from elsewhere. They note two so far: Hermes and OpenClaw. They also promise “universal MCP Support for OpenCode, NanoClaw, Claude, Codex, VSCode & more.”
By offering you a server (actually a repurposed Mac Mini), Lovarys is similar to Companion Intelligence, but aiming for the professional market. Its tagline is “Professional Accounting and Legal Intelligence.” It’s a project of Tor Hagemann. Here’s his Github page.
Around all of those efforts is an emerging ecosystem that (to me) seems to be trying to turn AI into an operating-system layer. Examples include:
This is the big one, and it just dropped a shoe the size of a continent:
No, this isn’t it true personal AI yet. But it is beyond significant.
Siri is Apple’s Clippy. Maybe worse, because it’s still alive and unloved after fifteen years of relentless promotion and disappointment. (Start reading down from the Reception subhead on Siri’s Wikipedia page for a partial account of Siri’s failings. A lot there.) But never mind that. Instead, mind these two words:
Meaning private.
Apple is huge on personal privacy. In case you’ you’ve missed Apple’s many ads and videos, you can get the gist of the company’s privacy case here, here, here, here, and here. A couple of years back, in response to the first of those, I wrote here and here about how Apple comes up short on the privacy front, despite its many promises. But I give it points for staying on the case, which will get a lot bigger with this next operating system.
An aside:::: It’s hard to sell privacy when the person can’t easily tell whether or not they’ve been exploited or protected. Both happen mostly out of sight.
Will what Apple brings us in version 27 of iOS and MacOS at least start to give us a place for our stuff? A truly private place? Let’s look—
1. On-Device “Personal Context”: A new architecture (not the old Siri) maps your device locally, using Apple Silicon’s Neural Engine to index information across your Apple applications: contacts, calendar, reminders, messages, emails, documents, photos. As for your non-Apple stuff, such as my million-plus photos that are not in Apple’s Photos app, it looks like it’s already on the case. When I search for “tunnel” across my photo directories with my laptop (2023 MacBook Pro running Tahoe 26.5.1), I get every shot where that word appears, plus lots of stuff that is either a tunnel or looks kind of like one. Example:
Clearly an AI does some pattern recognition there, but is that “personal context”? I dunno,
It has “Semantic Indexing,” which makes informed presumptions about the meaning of your data, and not just your keywords. Big AI does this now, but Siri will do it just for you, on your stuff, inside your place for it. Note what it says under the “Apple Intelligence in Apps” subhead here:
Express yourself through photos and images, save time with Safari, and get more done with Apple Intelligence seamlessly integrated into your everyday apps and experiences.
But do we want “seamless” everything? We need edges, boundaries, to make sense of the world. Right now I just want the option to turn that off, or not turn it on. Unless it’s the thing that sees tunnels. I don’t know, and that’s a problem.
2. Private Cloud Compute (PCC) is how Apple describes another place for your stuff: kind of a private office in Apple’s hi-rise downtown. Specifics:
For advanced features that need to reason over complex data with larger foundation models, we created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing. For the first time ever, Private Cloud Compute extends the industry-leading security and privacy of Apple devices into the cloud, making sure that personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple. Built with custom Apple silicon and a hardened operating system designed for privacy, we believe PCC is the most advanced security architecture ever deployed for cloud AI compute at scale.
The authors of that text are Apple Security Engineering and Architecture (SEAR), User Privacy, Core Operating Systems (Core OS), Services Engineering (ASE), and Machine Learning and AI (AIML)—all inside the company. They say lots more at that last link, all helpful to know. So is Expanding Private Cloud Compute, by the same teams.
3. Systemwide app actions: This new assistant can, for example, cross-reference a tracking number from your email and a message thread to find who asked for it, pull out other relevant information, then automatically drop it into a reply for you to review or edit before you send it, all in your virtual cabin (device) or office (private cloud).
4. Controlled federation, anonymized gateways, a privacy shrowd, and other jive required to make this work:
I gather, from Apple’s literature, that Siri strips out your IP address and personal identifiers before making a query to an external AI. The external AI agent sees only the isolated query. This prevents the external AI from examining the personal stuff in your online home.
5. The Mac Mini, or some new dedicated place for your stuff.
Tom’s Hardware: Apple warns Mac mini and Mac Studio shortages could last for months — local AI boom and memory crunch drive demand beyond Apple’s manufacturing capacity. (May 2, 2026)
Given all this news, I will be amazed (but not surprised) if Apple doesn’t push the next Mac Mini as the personal AI machine, meaning the place for your stuff.
Okay, so here is a table of what we’ve reviewed so far:
System
Owner
Memory
Outside AIs
Sovereign?
Character
Apple Intelligence
Apple/person
Deep
Yes
Partial
Private cabin inside Apple’s estate
Personal AI
Company/person
Deep
Limited
Partial
Digital twin in the cloud
OpenClaw
Person
Deep
Yes
Mostly
Self-hosted AI stack
Jan.ai
Person
Moderate
Yes
Mostly
Personal AI workshop
Companion Intelligence
Person
Deep
Yes
Mostly
Personal homestead
Lovarys
Professional/person
Deep
Selective
Mostly
Private study or office
Kwaai
Person/community
Intended deep
Yes
Aspirational
Cooperative village
Friend
Company
Moderate
Yes
No
Companion in somebody else’s house
Here is a tough question: What if only a giant can put together most or all of what we need? Three giants currently furnish most of our personal spaces in the digital world:
Apple (iOS and MacOS devices, Safari browser, etc.)
Google (Android devices, Gemini, Chrome browser, etc.)
Microsoft (Windows OS and devices, apps, etc.)
With iOS and MacOS 27, Apple moves to the front of that pack in the personal AI space, and will likely be the only giant to offer something that looks like a place for your stuff. Given its role in the surveillance fecosystem, Google can’t be trusted. Microsoft still has Micro in its name, but it has become much more of an enterprise company in recent years. So, among giants, Apple is it.
Now let’s talk about agents.
Apple sees you with just one: Siri, or whatever Apple lets you call it. But you will probably need many agents: one or more for health (in various specialties), financial (banking, investment, credit), travel (airlines, car rental, hotels), home economics (property, stuff in storage, scheduling the kids, keeping the car working), legal (all your contractual commitments, plus much better customer-company interactions than are possible today).
Here’s the thing: if a single chatbot request is too risky to run unverified, what does that say about agents?
A chatbot is one request in, one answer out. An agent runs that risk in a loop: reading email, opening files, calling tools, handing work to other systems, unattended and at machine speed.
No breach required. An agent doing exactly the job you gave it moves your data constantly into places you don’t control and mostly can’t see.
Now wire thousands of agents together, the way every enterprise is planning to this year. Whatever the per-step risk is, compounding turns it into a certainty.
Apple just deployed Confidential AI to protect the smallest risk surface in AI. Enterprises are wiring up the largest with nothing underneath it.
Opaque doesn’t care about you or your “smallest risk surface in AI.” It sells arms to enterprises. But it does make a good point in its opening sentence:
“Apple looked at a simple chatbot, the single most contained form of GenAI there is, and decided the data it leaks is too dangerous to ship to their customers without Confidential AI underneath it.”
To Apple, the more personal the context, the higher the privacy stakes. That’s why it believes personal AI has to run—
on-device (the place for your stuff) and
in a privacy-walled cloud infrastructure (your private office in Apple’s high-rise cloud)
The former can actually cover a lot of ground in your life, just by helping you get on top of all the stuff in your digital home. It can also handle some simple interactions with outside entities, such as MyTerms ceremonies and record-keeping.
But you’ll need much more from your personal AI if you’re going to scale your life out into the larger world, where nearly every company, every government agency, everything you might subscribe to, and even every church and nonprofit, wants to have AI agents for interacting with the you and your digital agents.
Apple Intelligence is a generative AI (GenAI) service provided by Apple on its devices. While offering a similar set of features as other similar GenAI services, Apple Intelligence is claimed to be designed with an extra focus on user security and privacy through a two-stage authentication and authorization design using anonymous access tokens. In this paper, we present our investigation into this token issuance mechanism with a goal to reveal possible vulnerabilities using traffic analysis, reverse engineering, and cross comparison with Apple’s public documentation. Specifically, we present the Serpent attack, the first practical cross-device token replay attack against Apple Intelligence that allows the attacker to steal the access tokens from the victim’s device and utilise them on a different device, with all usage rate-limited against the victim. We have achieved successful attacks on the latest macOS 26 Tahoe and demonstrated that an attacker, who even has used up its own allowance, can immediately regain access to Apple Intelligence service. We have responsibly disclosed the vulnerabilities to the vendors and received confirmation from Apple with CVE assigned and bounty given. Our results highlight a general lesson for built-in AI services: Anonymising identity does not by itself make the AI service secure; Enforcing non-transferability requires cryptographic binding to the rightful user.
We assume that Apple is addressing those concerns, plus a near-countless number of others, with MacOS 27 and iOS 27. We’ll see later this year, presumably. (Apple is better with promises and forecasts than most others, but not perfect.)
Humans invented privacy with the technologies we call clothing and shelter. We don’t have clothing yet in the digital world, or we wouldn’t be walking worse-than-naked across the Net, covered with thousands of invisible data-sucking ticks called cookies and tracking beacons: parasites that report who-knows-what to god-knows-who, across thousands of unseen and unknown paths.
But we might get shelter, or the beginning of a working model for it—a place for our stuff—from Apple and these other companies and projects.
Apple seems to understand some of this, at least architecturally, to some degree. I think others (including those listed above) understand it more deeply. But none of them have Apple’s heft.
As for the enterprise side of this, there are growing bodies of work coming from Nitin Badjatia, Iain Henderson, and Jamie Smith. All three see empowered customers coming to the marketplace with agentic AI capabilities that will strip the gears of existing enterprise systems, including those with AI agents.
Apple just set the bar every enterprise will be measured against
Escape velocity is the moment a category stops needing evangelism, when the question flips from “do I really need this?” to “why don’t you have it?” Three things flipped it this month.
First, the existence proof landed at the hardest difficulty setting. Apple just rolled out the largest Confidential AI deployment in history: every iPhone, at consumer latency, consumer cost, consumer scale. Every objection enterprises have leaned on, too slow, too expensive, more than we need, just got falsified a billion times over by a phone.
Second, this is already how the giants operate. Meta runs WhatsApp message AI through private processing. Google built Private AI Compute so Gemini can process your personal data in a sealed environment that, in Google’s own words, not even Google can access. Anthropic and TikTok run their own implementations. And Microsoft, Google, and NVIDIA ship the underlying confidential infrastructure across their clouds and silicon. The pattern is consistent: every company with world-class security talent, when forced to put AI against sensitive data at scale, lands on the same architecture. When that many teams solve the same problem independently and arrive at one answer, you’re looking at convergence.
On our side—the customer’s side—we need confidential personhood, based on personal sovereignty: root for the person. In other words, personal AI needs to be operated by the person, not just for the person.
So let’s suppose Opaque succeeds perfectly. Enterprises will have attestable hardware, secure enclaves, confidential containers, encrypted memory, verifiable runtimes, machine-speed agents, and other whatevers we’ve been reading about.
We will need the same. The flow should go like this:
Natural person ↓ Personal AI ↓ Personal terms (MyTerms) ↓ Confidential runtime ↓ Outside agents and services ↓ Network
Note also that the flow here is top-down from the person, the individual—rather than bottom-up from “the consumer” or “the user.”
Almost everybody talking about agentic AI today is looking only at the lower half. But that half won’t run without our permissions from the upper half. That’s why we (the working group I chaired) worked for nine years on IEEE 7012-2025—Standard for Machine-Readable Personal Privacy Terms. Its nickname is MyTerms. As I say there, MyTerms is the only way we’ll get personal privacy in the digital world. Apple, please adopt it. Everyone else, jump on board too. It’s a radically simple to implement. From that last link:
MyTerms are contractual agreements about personal privacy that you proffer as the first party, and the company agrees to as the second party. With MyTerms, you don’t “consent” to the company’s privacy policies or whatever they say about their use of cookies. They agree to your privacy requirements, which will limit the use of cookies and tracking tech to only what you allow. You are not a mere “user” or “client.” You are an independent human being operating with full agency.
In a way, Aaron Fulkerson’s post argues a need for work on the upper half. Because, while he says, “the request never travels on trust,” our social and economic lives are based entirely on trust: contracts, promises, agreements, agency, representation, delegation.
If my personal agent books a hotel, negotiates a subscription, grants limited use of my health data, tells my bank to move money, buys something, or participates in market intelligence that flows both ways, those acts and processes aren’t just computations and transactions. They are relationships. And those require identity, delegated authority, obligations, records, audit trails, and remedies. Those all need to start with My Terms.
I suspect Apple, Opaque, and MyTerms are each solving a different problem posed by a place for my stu ff:
Layer
Question
Example
Confidential computing
Can I trust the machine?
Opaque, et. al.
Personal context
Does the machine know me?
Apple, et. al.
Personal sovereignty (confidential personhood)
Does the machine represent me?
MyTerms
Dispute & accountability
What happens when things go wrong?
ODR
In each case the place for my stuff is a machine. My (or your) machine, and possibly your private cloud. Nobody today is building that whole stack. Nor should anybody. Not if we want each layer to scale.
So here is a question. What if:
Apple provides the shelter (then competitors follow),
Opaque (and its competitors) provides the locks,
Linux and open source hacks provide the plumbing, and
MyTerms provides the constitution—or at least a solid ground under a new constitution for personal agenc, independence, and privacy online?
If personal AI becomes ubiquitous, agents will do things that matter legally and socially. The questions that matter then become, “Under whose authority?” and “How is that authority secured?”
The answer to both require contracts in which the person is the first party. Fortunately, contract law is well established everywhere, and contract itself is specified by Article 6 of the GDPR as one the the lawful bases for others to process one’s personal data. (Dive deeper here if you like.)
So, while we wait for Apple to drop the other giant shoe, let’s get its alternatives farther downstream, and start putting MyTerms to use. Our home—places for our stuff—on the Net won’t be secure without them.
Rumors have it that Giannis Antetokounmpo is headed for the Boston Celtics in a complicated trade that will send Celtics stalwart Jaylen Brown to Milwaukee or elsewhere. I doubt this will happen, simply because at this stage in their careers, Jaylen is a far more reliable player than Giannis. Sure, Giannis—The Greek Freak—is one of the greatest players of all time, and a lot bigger than Jaylen. But Giannis hasn’t stayed healthy for years, and is unlikely to ever return to peak form. Meanwhile, Jaylen is ridiculously well-conditioned, improves his strength and skills every year, and is two years younger than Giannis. The only thing arguing for a trade is that Boston has two very expensive players on max contracts: Jaylen Brown and Jayson Tatum, and Tatum is slightly better. This means the best the Celtics can do with those two players on the team is pack small contracts around them. The new model, thanks to the salary limits and extreme “luxury taxes” for exceeding them, is to have just one player on a max contract, and a bunch of less expensive players surrounding him. This is the Knicks’ model with Karl-Anthony Towns. Jalen Brunson famously took less money to make room for Towns, Bridges, and others. That’s why I expect the Knicks to stay cool while the rest of the league heats up around trades.
Imagine a thick crowd coming at you. Also a soccer ball.
The only college sport I ever played was soccer, on the new club team my small college put together during my sophomore year. I only qualified because I showed up and didn’t suck at it. Two weeks after starting practice (which was fun and I loved), I got kicked off the team because the coach discovered I was on academic probation.
But some skills don’t go away entirely, and that’s what mattered on an August day in 2015, at age 68, when I was limping slowly down the 184th Street tunnel (above) to the A train’s 181st Street station in New York. That’s the tunnel, above. At the far end, two guys were kicking a soccer ball back and forth, and didn’t stop when a thick crowd, fresh off a train headed uptown, filled the tunnel, moving in my direction.
A few weeks earlier, I’d had my right hip replaced, and I was just beginning to become fully ambulatory. So I was hoping not to collide with the crowd—and that the ball would not find me. But it did. By reflex, I trapped it with my right (bad) foot, and then shot a perfect pass through the crowd to one of the two guys. After the crowd passed, the two guys came over and enthusiastically began talking to me in Spanish.
I smiled, said “Muchas gracias,” and continued limping toward the train. But it felt good to enjoy a moment of apparent competence in a sport at which I was not yet entirely lame.
Adrian Gropper in the AI corner of the New England Journal of Medicine:The Medical AI Assistant as Publication, Not Device — Why Peer-Reviewed, Open-Source AI Belongs in the Standard of Care. From the abstract: "I argue that when a physician publishes a MAIA’s architecture, retrieval methodology, and validation results in a peer-reviewed journal, the published MAIA enters the medical literature as any other clinical methodology would. Physicians who subsequently adopt this methodology are not operating a medical device — they are practicing medicine informed by the published literature."
This Knicks NBA championship run is the greatest of all time. Reasons:
They won sixteen of nineteen games through the playoffs, including two sweeps. They only lost the first two games in the first round, each by one point, and then one game in the Finals by not much, and their city blames Trump for jinxing them for that last loss—one where his presence was hugely inconvenient and distracting, for which he was clearly not interested (except in self-aggrandizement), and during which he fell asleep.
They are The Formerlies. Except for Mitchell Robinson and some benchwarmers, they were all acquired off the Used Player market.
They played in the East, considered the weaker conference, and won only 53 games in the regular season. Detroit, Boston, and Cleveland all won more. But the playoffs are clutch time, and nobody has ever been more clutch when it mattered most than these Knicks.
They have no top-tier stars. Only Jalen Brunson is all-NBA, and he’s on the second team. They also have no “big two,” or “big three.” They have a big ten: Jalen Brunson, OG Anunoby, Josh Hart, Mikal Bridges. Karl-Anthony Towns, Miles McBride, Landry Shamet, Mitchell Robinson. Jordan Clarkson, and Jose Alvarado (in declining order of minutes played in the playoffs).
They are best team of the modern era, exemplifying what Bill Simmons calls “the secret.” Specifically, “The secret of basketball is that it’s not about basketball.” It’s about players caring more for each other, and for the team, than for themselves. It helps that three players (Brunson, Hart, Bridges) won championships (plural!) at Villanova, and call each other “Brothers for life.” Watch them for a while, and it becomes clear that the team is like a family. It also helps that Rick Brunson, Jalen’s dad, is an assistant coach with the team, and that the coach, Mike Brown (another Formerly) seems more like an uncle.
In the playoffs, they became all but unbeatable. Losing is out of character for them. They could fall behind by any number of points, and their eventual victory still seemed inevitable. In the final game, when the Knicks were within seven points, it looked to me like the game was over already: the Knicks would close the gap, take the lead, and win. They know how to do that, over and over. They are glued, experienced, determined, and locked in. You can see the other team start to melt.
Jalen Brunson, Captain Clutch, proved he was the real league MVP. By miles. None of his moves look especially slick or athletic, but he is so good at getting open, slipping past defenders, shooting fallbacks, and getting layups no matter what, that it’s crazy to think the guy is just 6’1″ (okay, with a 6’4″ wingspan) with no shoes on. He is a great leader, an unselfish teammate, and very dependable in the clutch. OMG, and tough. I just heard Bill Simmons call Brunson the toughest guy in the league. Who’s tougher?
In the Finals, they beat the best collection of players in the league, starting with Victor Wembanyama, who will likely go down as the greatest player of all time if he stays healthy, learns from his failings, and wins a bunch of rings.
New York showed it’s the Greatest City in the World. You could feel the love the team and the city have for each other. I grew up a Knicks fan in New Jersey, across the river from New York. Used to go to Knicks games for $5 a ticket, many decades ago. But I’ve also spent a lot of time in Boston, San Francisco (where I had season tickets to the Warriors), and Los Angeles. Among major cities, only Boston compares to New York for the level of civic devotion to the team. Both also share a subway culture, which heats up fandom, heart-to-heart, despite all other differences. But New York is a lot bigger. (And yes, San Antonio is a great basketball town too. But it’s a town. A great town. But not New Yawk.)
The Knicks victory was great for basketball. This year’s Finals was hugely popular. Ratings across the four-game series averaged 19.6 million viewers, +116% over 9.1 million for last year’s Thunder-Pacers series. This was the most-watched Finals in the current millennium. There was also a spike in younger demographics. Viewing among teens (12-17) jumped by 138%, and young adults (18-24) spiked with 147% compared to last year.
All this is debatable, of course. Just not right now.
I started to write something here, but turned it in to a whole post on its own: Customer Service Sample of One. In response to that, Don Marti pointed to Skylabs Audio and its YouTube channel. As it happens I was an audiophile many decades ago. Worked weekends at an audio salon in Chapel Hill. Had some good gear, all bought cheap or built from a kit. Anyway, I got over all that stuff long ago, but I still care a little.
But mainly I live in the now, when things are a lot more complicated, and customer service is kind of a ballet in which both customers and companies dance with a character named Murphy.
Edit
I moved my Knicks post to its own page, titled The Formerlies.
Our Samsung TV* and our Samsung soundbar/woofer no longer connect over bluetooth. Well, they do connect—both displays say they are connected—but the TV only plays through its own speakers. I called Samsung for help with this, but the phone maze robot said only texts would work at that time. Here’s the text monologue from Samsung:
We will get you to the next agent as soon as possible. Your wait time is 27 Minutes and there are 90 customers ahead of you.
Apologies, due to abnormally high volumes, it is taking longer than expected to connect you to an agent. As soon as someone is available, we will connect you.
Thank you. You are connected with Theo James S from Samsung Care
Hello! Welcome to Samsung Technical support, This is Theo and I’m here to assist you. What can I do for you today?
It looks like you may be away. If you’d like to continue, simply send me a message, and I’ll be here to help.
Hello! Your support case is scheduled to close soon. If we have not resolved your issue yet, please respond to this message. Our Samsung Care Pros are available 24/7!
Survey has expired – Thank you for your feedback. Any time you need assistance, simply respond to this message. We’re here to support you, 24/7!
I gave up in the middle of that by getting help from ChatGPT that isolated the problem: The Bluetooth radios have successfully negotiated identity and relationship but failed to agree on purpose. In other words, they’re married but not speaking.
It suggested that I make an optical connection and give up on Bluetooth. Specifically, If optical works, I’d call the matter settled. If it doesn’t, then I would start suspecting the soundbar itself rather than the TV, because you’ve already done more systematic debugging than most first-line Samsung support agents would attempt.
*This is the only link online to the TV we have. We bought it from Amazon about a year ago, for less than the $849 Walmart is asking at that link. We got is slightly old (2024) model because for the space where we wanted it, 43″ was the right size, and for picture quality we wanted 4K OLED. Samsung no longer offered 4K OLEDs in sizes under 55 inches. (Here’s their current product spread.) Nor does anybody, I think. Wall-sized TVs are now The Thing.
†It doesn’t. The $6.29 optical cable bypasses the Bluetooth problem. The soundbar and the subwoofer both sound good, so that problem is solved. Display is a minor issue. Where the numerical volume level used to appear on the TV screen when you pushed the control up and down, it now appears only in small print behind the soundbar grille, where it can’t be read from more than two feet away. We can live with that.
Unless I write something new and provocative enough to generate fresh traffic, most visits to this blog come from searches on topics for which Google believes something I've written is relevant. Such is the case with a 2015 post called What are the balls on Prague’s spires called? I have a better answer now than my readers and I did then, and in the years since, mostly from Towers with Golden Orbs. Motif of CupolaedSpires with Spherical Supports, by Zygmunt Łuniewicz, of the Faculty of Architecture at Wrocław University of Science and Technology in Poland. I have not yet found evidence that any of the balls in question contain mercury, but I have found plenty of mercury glass finials (which contain no mercury) that resemble those on the spires of Baroque buildings in central and northern Europe. So I suspect that this may be where the claim that the architectural balls contain mercury may have originated. But I'm open to whatever.
Worth early rising
This Washington Post story lays out exactly why, in summertime, and year-round in tropical settings, it is best to fly in the morning. The simple reason is that thunderstorms are the enemy of commercial travel, and they typically build up during the day. By late afternoon and evening, flying becomes bumpy, delayed, and otherwise difficult. I call early morning flights "clear-eye," because that's when skies are clearest.
The Chicago skyline, shot through haze on approach to O’Hare, a couple of hours after I wrote the first item below.
Sigh high
Nearing the end of my current travels. Sitting at Logan, about to board for O’Hare, and then the hour flight to Indianapolis, during which we will be in the air for nineteen minutes. Looking out the windows at planes taxiing, landing, and taking off, while container ships slide in and out of the Bay: the many-hearted drummings of commerce and transport. Civilization’s thrum and hum. I love it. And it will be good to get home.
Thanks to her wise, literate, grounded, and funny videos (plus her music and much else), I have fallen in like with Elle Cordova. She's brilliant. Casually so, which makes her even more brilliant.
In The World has Moved On, Cory Doctorow offers a vigorous and well-sourced take-down of conservatives. I still prefer George Lakoff's take in Moral Politics: What Conservatives Know That Liberals Don't. It's not a stretch to say that George got Obama elected. I have many more thoughts about all this, but I won't go there, because algorithms.
Another pull quote: "The biggest risk of all is only talking about the risk."
In her lunch interview at ODR2026, Beth Noveck just used the term "expertocratic" to label the way culture elevates academics (such as the many who are gathered here in a nice new building at Harvard). She also reminds us that "democratize" refers less to the democratic electoral process than to empowering individuals. She also just quoted somebody calling social media "democracy's dumpster fire." Dunno what of this I might bring up when I talk later, but I don't want to forget them.
Beamforming, as introduced in WiFi 5, requires clients to broadcast observations of their channel characteristics. This introduces a new information source for WiFi sensing with privacy threats that have not been explored, so far. With WiFi networks being ubiquitous in our everyday lives, the impact of unknown privacy threats is likely severe. To investigate this concern, we introduce BFId, the first identity inference attack using BFI-based sensing and evaluate its efficacy on a novel dataset containing WiFi recordings of 197 individuals. We show that we can infer the identity of individuals with very high accuracy, across different walking styles and perspectives, even with large sample sizes.
This isn’t a fen, but it is an antenna growing in the wild.
Digressing we shall go
I find myself in Boston, home of Fenway Park, in the Fenway-Kenmore neighborhood, half-named after The Fenway, now a parkway that runs along the Back Bay Fens, which is a jewel in the Emerald Necklace of Boston parks. I arrived at this digression while thinking of a title for today’s bloglings while housed for the moment in a subterranean studio apartment in Boston’s North End. I can’t yet find a direct connection in all these writings, but I presume the Fens of Boston were somehow given that label by a person recalling the fens of England, which are a form of “transitional” wetland. (They transist into peat bogs, agricultural land, landfills, suburbs, or shopping centers.) Anyway, this all has me reading interesting shit rather than working on interesting shit. I shall now transist into working shit.
The Knicks, down 29, came back to win by one: The biggest comeback/choke job in playoff history. What an exciting game. They were getting creamed. Hugely creamed. They were buried, deeply buried, from the end of the first quarter to the start of the fourth. But they cannot be buried. Simple as that. They are all but unkillable. And now they lead the finals 3-1. Was there a hero? Yes: the team. The winning basket was an amazing from-nowhere put-back by OG Anonoby, the third, fourth, or fifth-best player on the team. And that was on a miss by their best player, Jalen Brunson. And the goat on San Antonio was their GOAT-in-the-making: Victor Wembanyama, missing two free throws that would have saved the game. But the unkillable Knicks came back.
The next game is in San Antonio. If the Knicks don’t win there, they will win Game 6 in New York. Count on it.
