AI chatbots are becoming more familiar in everyday work, search, shopping, and communication. Signal President Meredith Whittaker is urging users to keep one boundary clear: these systems should not be mistaken for friends, conscious beings, or trusted private confidants.
In comments made during a broader interview with Bloomberg about policy, privacy, and Signal, Whittaker described a sharp privacy concern around chatbots like ChatGPT and Claude. Her warning was not only about what people ask AI systems today, but about what may happen if assistants are given wider access across personal apps and services.
Whittaker’s central warning
Asked about the privacy implications of chatbots like ChatGPT and Claude, Whittaker answered directly: “These are not your friends. These are not conscious beings. These are not sentient interlocutors.”
That framing matters because chatbots are often designed to respond in conversational ways. A system that sounds helpful can make it easier for a user to treat it as a personal adviser, writing partner, or emotional sounding board. Whittaker’s point is that the appearance of conversation should not be confused with actual consciousness or trustworthiness.
Her concern also reaches into how people think, write, and work through ideas. She said she does use AI tools “to format a document here and there,” but drew a line around relying on them for questions or intellectual work.
As she put it: “I don’t ask them questions. I’m very serious about my thinking and writing, and I don’t want the process of working through an idea […] to be foreclosed or eclipsed by the response of a system that’s averaging what’s already out there.”
The issue is access, not just answers
The privacy question becomes larger when AI assistants are imagined not merely as chat windows, but as agents that can act across a person’s digital life. The source article points to Microsoft AI CEO Mustafa Suleyman’s prediction that users could let Microsoft Copilot handle all their Christmas shopping this year.
Whittaker focused on what that kind of convenience would require. In the example described, Copilot would be eavesdropping on the family group chat to determine who wants what. For that to work, she said, the system would need access to deeply personal tools and information.
Her list was broad: “access to my credit card, my browser, my Signal, the ability to message my siblings on my behalf, my home address [and] my calendar.”
That is why the debate is not limited to whether a chatbot gives useful answers. It is also about whether users should connect an AI assistant to private communications, financial details, browsing activity, location-related information, scheduling, and the ability to send messages as them.
Why Signal is part of the concern
Signal is built around private messaging, so Whittaker’s comments are especially pointed when the imagined AI assistant touches Signal conversations. A shopping assistant that can read a family group chat may sound convenient, but it also changes the relationship between a private messaging app and outside software.
Whittaker described that kind of arrangement as a system with sweeping reach. “What you’ve just described is a system with very pervasive access across multiple applications and services,” she said. “In the context of Signal, it would constitute a kind of a backdoor.”
The word “backdoor” is important in this context because the assistant is not simply another person in a chat. It would be a system positioned across multiple applications and services, able to observe, infer, and potentially act. For a privacy-focused messaging app, that level of access raises a different class of risk than ordinary app features.
What users should take from it
Whittaker’s comments do not reject every use of AI tools. Her own example, using them “to format a document here and there,” shows a narrower use case: a tool performing a limited task without becoming a substitute for private thought or trusted communication.
The broader message is about boundaries. Users may need to ask different questions before letting an AI assistant into more parts of their digital lives:
- Does the assistant need access to private messages?
- Does it need payment information such as a credit card?
- Does it need access to a browser, calendar, home address, or the ability to message relatives?
- Is the convenience worth giving one system access across multiple applications and services?
For Whittaker, the risk is clearest when an AI system moves from answering a prompt to operating as a cross-app agent. At that point, the user is no longer only sharing a question with a chatbot. They may be granting a system the ability to observe private context and act through accounts that were previously separate.
Her warning is therefore simple but far-reaching: AI chatbots may be useful for narrow tasks, but they should not be treated as friends, conscious partners, or harmless intermediaries inside private services. The more an assistant can see and do, the more privacy depends on whether users understand what they have handed over.