(no title)

Only messages that actually mention @AI are sent in plaintext to us, and then to OpenAI's API. All content shared between people without invoking the AI is fully end-to-end encrypted. Our servers don't have access to any users' private keys -- those are generated on each client and never transmitted, except in the case when a user logs in on secondary device and uses our QR-code transfer flow (in which case the sensitive information is communicated peer-to-per in that QR code). We'll share much more on this when we publish our tech blog in the coming weeks.

Regarding privacy around strangers joining a group -- Wavelength supports locking down groups to the degree the group creator chooses. You can disable history syncing, so that new members don't get a copy of prior history (which, when enabled, is reencrypted and sent by prior members of the group) when they join. And groups only grow to a size where there would be people you don't know in them, if someone chose to share an invite link semi-publicly, or allow all members to invite new members (which is also a setting the creator can toggle). Personally, I'm in a number of quite large groups including people I don't know in real life, as well as plenty of groups with 2-10 friends I know in real life, where I obviously trust everybody not to screenshot/share what I'm writing, and I appreciate having strong e2ee.