Traditional consumer computing in cloud services (e.g.

Traditional consumer computing in cloud services (e.g. Gmail) is like staying on someone's couch for free.

You're a guest in their house. You abide by their rules, and they're doing you a favor letting you be there in the first place.

Traditional cloud computing infrastructure (e.g. AWS) is like renting an apartment.

You have a landlord who owns the building, and could theoretically open your apartment and peek inside (and indeed they have the legal right), but it is reasonable to expect they wouldn't do that except in exceptional or emergency situations.

You're paying the landlord to host you, so your incentives are more aligned. An overly nosy landlord would not be a popular hosting provider.

Confidential computing infrastructure is like having an embassy in a foreign country.

Technically you're embedded in someone else's sovereign territory, but it's your own sovereign territory within it.

If someone breaks in, it's an act of war.

Before Confidential Computing, the only way to have total sovereignty over your computation was to hold it in your hand.

The Roman saying of the person who controls something is the one who is allowed to destroy it.

But now that zone of sovereignty and trust can extend to remote servers with more compute, energy, and bandwidth than your phone.

And if you cleverly use remote attestation, you can assemble webs of trusted computation on untrusted compute nodes that you know work in a particular way, no matter who's hosting them.

Confidential computing allows a radically different cloud computing paradigm.