Skip to content
Clawdemy

Practice: What happens in three seconds: the path your prompt takes

Self-check

Section titled “Self-check”

Answer in your head (or on paper) before opening the collapsible.

1. Name the seven steps of the round trip in order.

Show answer

(1) Keys to chat box. (2) Browser onto the network. (3) The front door, which is a Content Delivery Network or CDN. (4) Inside the model service. (5) The model thinks and generates a reply. (6) The reply comes back through the same chain in reverse. (7) The reply appears in the chat box. Roughly two to four seconds for a short message; longer for longer messages.

2. What is a CDN, and what is the difference between what it sees and what it does not see?

Show answer

A CDN, or Content Delivery Network, is a worldwide network of servers a vendor uses as the front door to their AI service. When you send a request, the CDN picks a server location near you, receives the request, writes a small log of metadata, and forwards the contents inward to the model service. What it sees: request metadata. What it does not see (or at least, what is not the metadata): the message contents. Metadata typically means timestamp, rough geographic region, message size, sometimes browser type. The contents pass through the CDN; the wrapper around the contents is what gets logged there.

3. The lesson says the message is “plaintext” inside the model service. What does that mean, and why does encryption in transit not change it?

Show answer

Plaintext is the opposite of encrypted: it is the actual readable words. Encryption protected the message on the trip from the user’s laptop to the CDN (that is what the padlock icon in the browser signals). Once the message arrives inside the model service, the company’s own systems can read it as plaintext, because the model itself needs to read the message in order to reply. End-to-end encryption (where no one between the sender and recipient can read the message, including the company that runs the app) does not apply here because the model is the recipient. The encryption protects the trip, not the destination.

4. What are Inputs and Outputs in vendor privacy-policy vocabulary?

Show answer

Inputs are the user’s messages (prompts). Outputs are the model’s replies. These are the words one major AI vendor uses in its public privacy policy; other vendors use different vocabulary (prompts/responses, requests/outputs, or content as a single bucket) for the same two things. When that vendor’s policy says “we use your Inputs and Outputs to improve our Services,” it is talking about the messages you sent and the replies that came back. The vocabulary is not standardized across the industry, but every vendor’s policy refers to your messages and the model’s replies under some name.

5. The lesson says path is different from policy. What is the distinction, and what goes wrong if you read them as the same thing?

Show answer

Path is what is structurally possible at each step of the round trip: for example, the model service handles plaintext, so reading the contents is structurally possible there. Policy is what the vendor commits to doing or not doing with that capability: for example, the vendor’s policy might say the contents are deleted after a fixed period and not used for training. If you read them as the same thing, you get either misplaced trust (“the policy says they do not train on it, so it never touches their systems”) or misplaced fear (“their systems see the plaintext, so the policy does not matter”). Both layers are real. The path is the floor; the policy is what the vendor builds on top of it.

6. Why does the lesson include an “architectural alternative” paragraph mentioning a different shape (the user’s computer talking directly to the AI provider)?

Show answer

To make clear that the seven-step path is the typical shape for consumer AI tools, not the only shape. Some tools are built so the user’s computer talks directly to an AI provider over an API, with no consumer-facing CDN or vendor middleware in between. The example named in the lesson is Clawless, the desktop app this site’s sister project ships, where messages go from the user’s computer to the AI provider and the reply comes back with no intermediate vendor server holding logs of the requests. The pedagogical point is that the architecture decides which parties along the path see what; the typical shape is one option, and there are others. Phase 5 of this track returns to architecture as a privacy lever in its own right.

Applied exercise: walk one message through all seven steps

Section titled “Applied exercise: walk one message through all seven steps”

This exercise takes about 10 minutes. Use pen and paper, a text editor, or any notes app.

Pick one concrete message you might send to an AI tool. Use something everyday: a question about a recipe, a draft of a paragraph you are revising, a quick fact-check. Do not use anything sensitive for this exercise; the point is to practice the trace on something low-stakes so the trace becomes automatic.

For your chosen message, write a short sentence describing what happens at each of the seven steps. The sentence should name what the message is at that step (where it lives, what state it is in, what about it is visible to whom). Aim for one short sentence per step. Total length: a paragraph, not a page.

Worked example for the message “Suggest a side dish for pasta”:

Show worked answer
  1. Keys to chat box. I type the seven words. They appear in my browser’s chat box. Only my laptop knows them.
  2. Browser onto the network. I click Send. My browser wraps the words in a network message and hands them to my home Wi-Fi router, which forwards them to my internet provider, which routes them onto the public internet.
  3. The CDN. My request reaches the AI vendor’s CDN. The CDN logs a small record: a request of this size arrived from my region at this timestamp. The words themselves pass through.
  4. Inside the model service. The CDN forwards the request inward. The model service receives the seven words as plaintext. The vendor’s systems can read them; the vendor’s policy describes what they choose to do with that capability.
  5. The model thinks. The model reads “Suggest a side dish for pasta” and starts generating a reply. The reply is built one piece at a time on the vendor’s hardware.
  6. The reply comes back. The reply (something like “Try a simple green salad with lemon vinaigrette and shaved parmesan”) streams back through the model service, through the CDN, onto the public internet, back to my home router, back to my browser.
  7. The reply appears. The reply lands in my chat box, word by word. I read it. My side of the conversation is one piece of data; the vendor’s side (logs, stored conversation, whatever else the policy describes) is another.

Now do the same for your own chosen message. The point is not literary polish; it is fluency with the path. After you have done this once for a low-stakes message, the trace gets faster every time, until eventually it happens automatically in your head before you click Send on a high-stakes message.

A few notes on what to skip and what to keep:

  • Skip vendor-specific guesses. You do not know exactly which CDN your chosen vendor uses, or exactly how they have configured their model service. The exercise is the shape of the path, not the specifics of any one vendor.
  • Keep the Inputs and Outputs vocabulary. Whenever you would say “my message” in step 4, you can say “my Input” instead. This is the language the vendor’s privacy policy will use; practicing it now makes the policy easier to read later.
  • Do not slip into threat categorization. That is Phase 3’s job. Do not write “and this is dangerous because…” at each step. Write what is at each step. Whether each step is dangerous in your particular situation is the question Phase 3 teaches you to answer.

Flashcards

Section titled “Flashcards”

Ten cards. Click any card to reveal the answer. Use the Print flashcards button to print the set as one card per page.

Q. How long does a single round trip through an AI tool typically take, and what does that scale with?
A.

About two to four seconds for a short message. The shape of the round trip is the same for any message; the time scales with how long the message is and how long the reply is.

Q. Name the seven steps of the round trip.
A.

(1) Keys to chat box, (2) browser onto the network, (3) the front door (CDN), (4) inside the model service, (5) the model thinks, (6) the reply comes back, (7) the reply appears.

Q. What is a CDN, in one sentence?
A.

A Content Delivery Network is a worldwide network of servers a vendor uses as the front door to their AI service, picking a location near each user to receive requests, log a small record of metadata, and forward the contents inward to the model service.

Q. What does the CDN see versus not see?
A.

The CDN sees request metadata: timestamp, rough geographic region, message size, sometimes browser type. The CDN does not see (or at least, does not log as part of routine operation) the message contents. Contents pass through; the wrapper around the contents is what gets logged there.

Q. What does 'plaintext' mean, and why is a message plaintext inside the model service even when encryption was used in transit?
A.

Plaintext is the opposite of encrypted: it is the actual readable words. Encryption protected the message in transit between the user’s laptop and the CDN. Inside the model service, the message has to be in plaintext form because the model needs to read it to reply. End-to-end encryption (where no one between sender and recipient can read the message) does not apply because the model is the recipient.

Q. What are Inputs and Outputs?
A.

Inputs are the user’s messages (prompts). Outputs are the model’s replies. These are the words one major AI vendor uses in its public privacy policy. Other vendors use different vocabulary (prompts/responses, content) for the same two things. The vocabulary is not standardized across the industry; the things named are the same.

Q. What is the difference between path and policy?
A.

Path is what is structurally possible at each step of the round trip. Policy is what the vendor commits to doing with that capability. Reading them as the same thing leads to either misplaced trust (“the policy says they do not train on it, so it never touches their systems”) or misplaced fear (“their systems see the plaintext, so the policy does not matter”). Both layers exist and both have to be read.

Q. What is streaming, and is it a privacy choice?
A.

Streaming is the modern user-experience pattern of sending the reply back one piece at a time as the model generates it, rather than waiting for the full reply. It is the reason the reply often appears word by word in the chat box. It is a user-experience choice, not a privacy choice; the reply still travels the same seven-step path, just in small pieces instead of one large piece.

Q. What is the architectural alternative the lesson names, and who is the worked example?
A.

A different shape where the user’s computer talks directly to the AI provider over an API, with no consumer-facing CDN or vendor middleware in between. The worked example is Clawless, the desktop app this site’s sister project ships: messages go from the user’s computer to the AI provider, and the reply comes back, with no Clawless server in between holding logs of the requests. The point is not that one architecture is better; it is that the architecture decides which parties along the path see what.

Q. What is the practical takeaway: how does the seven-step path change what Aisha does before she pastes?
A.

It does not change what she pastes; that is the seed paragraph’s job (lesson 1.2) and the postcard test’s job (lesson 1.1). It changes whether she has a mental picture of what happens after she pastes. The closer she gets to fluency with the path, the more readable any vendor’s privacy policy becomes, because the policy is describing the same trip the path names. Sticky-note rule + seed paragraph + path = three small things that together produce informed paste decisions.