This article builds on a recent study by Theodore Christakis, “You Trust Your Chatbot with Everything: Should You? Part 1: How the Controller Uses Your Chat Data.” For access to that full article, click here. For the shorter version published by IAPP, click here.
The new article analyzes Meta’s announcement, on 13 May 2026, of Incognito Chat with Meta AI, the most significant structural move in consumer chatbot privacy of the past two years. With this announcement, the architecture that Part 1 of Christakis’s study on consumer chatbot confidentiality has been calling Sealed Mode ceased to be a research aspiration and became a deployed mass-market product. Users of WhatsApp can now chat with Meta AI in a mode in which the provider cannot read the conversation, in the closest functional equivalent to the way Meta cannot read WhatsApp messages between two users. The protection is architectural rather than contractual: the chat is processed inside a Trusted Execution Environment in which Meta has renounced, by hardware design, the capacity to access content.
This paper offers a first analytical reading of the announcement. We examine the cryptographic architecture and the external audits that support the trust claims; why this is best understood as a Sealed Mode deployment in the embedded-in-E2EE environment that Part 2 had identified as the most architecturally exposed; the moderation question (“cannot read, cannot moderate” on the provider side, with automated moderation continuing “inside the bubble”); the legal-architectural consequence (“no knowledge, no liability”); the new dimension the announcement opens in the long-running Going Dark debate; the constraints the architecture imposes on training and conversational memory; and the questions that the announcement leaves open, including whether the standalone chatbot providers (OpenAI, Anthropic, Google, xAI) might follow Meta’s lead for at least some of their services.
To read the new article on AI-Regulation.com, click here.
To read the new article on SSRN, click here:
* * *
These statements are attributable only to the authors, and their publication here does not necessarily reflect the view of the Cross-Border Data Forum or any participating individuals or organizations.
