July 5th, 2024

ChatGPT's much-heralded Mac app was storing conversations as plain text

The Mac desktop app for ChatGPT by OpenAI stored user conversations as plain text, posing a security risk. OpenAI updated the app to encrypt chats after public scrutiny. Users should update for security.

Read original articleLink Icon
ChatGPT's much-heralded Mac app was storing conversations as plain text

The Mac desktop app for ChatGPT by OpenAI was found to store user conversations as plain text, posing a serious security risk as any unauthorized access to the machine could expose these chats. The issue was highlighted by a Threads user, pointing out that the app was not sandboxed and stored conversations in a non-protected location, making them vulnerable to potential breaches. Despite macOS security measures in place for private data access, OpenAI had chosen to store chats in plain text without encryption. Following public attention, OpenAI has updated the app to encrypt local chats, although it remains non-sandboxed. The app is solely available for direct download from OpenAI's website, bypassing Apple's App Store security requirements. This incident raises concerns about data privacy and security, especially considering OpenAI's recent collaboration with Apple for chat bot services integrated into Siri. Users are advised to promptly update the app to ensure their conversations are secure.

Related

Apple Wasn't Interested in AI Partnership with Meta Due to Privacy Concerns

Apple Wasn't Interested in AI Partnership with Meta Due to Privacy Concerns

Apple declined an AI partnership with Meta due to privacy concerns, opting for OpenAI's ChatGPT integration into iOS. Apple emphasizes user choice and privacy in AI partnerships, exploring collaborations with Google and Anthropic for diverse AI models.

OpenAI releases ChatGPT on your desktop for macOS

OpenAI releases ChatGPT on your desktop for macOS

OpenAI released ChatGPT for macOS, enabling desktop users to chat about various topics, access features like screenshots and file sharing, and enhance productivity. The app plans to expand to Windows.

OpenAI's ChatGPT Mac app was storing conversations in plain text

OpenAI's ChatGPT Mac app was storing conversations in plain text

OpenAI's ChatGPT Mac app had a security flaw storing conversations in plain text, easily accessible. After fixing the flaw by encrypting data, OpenAI emphasized user security. Unauthorized access concerns were raised.

Apple Intelligence's Privacy Stacks Up Against Android's 'Hybrid AI'

Apple Intelligence's Privacy Stacks Up Against Android's 'Hybrid AI'

Apple introduced "Apple Intelligence," an AI system with OpenAI, sparking privacy debates. Apple's Private Cloud Compute prioritizes privacy, contrasting Android's hybrid AI approach. Experts praise Apple's privacy features, but concerns persist over user data security.

ChatGPT just (accidentally) shared all of its secret rules

ChatGPT just (accidentally) shared all of its secret rules

ChatGPT's internal guidelines were accidentally exposed on Reddit, revealing operational boundaries and AI limitations. Discussions ensued on AI vulnerabilities, personality variations, and security measures, prompting OpenAI to address the issue.

Link Icon 8 comments
By @__jonas - 5 months
Weird headline, I don’t think “plain text” is the issue here, it’s rather that they opted out of storing data in a location protected by macOS app sandboxing, which is a little odd from how I understand, but not terribly uncommon.

I would absolutely never expect an App to encrypt data it stores locally on my computer, would be kinda nice if they would make use of the built-in file access protections macOS has though.

By @ilrwbwrkhv - 5 months
This is a pointless hit piece. There is no expectation of encrypted data storage for a desktop app. Now if they were not keeping data safely on their servers, now that's another matter.
By @buffington - 5 months
Honest question from someone who isn't an expert: why would they need to encrypt that data on my machine?

If the concern is that someone might gain access to my computer and see unencrypted things, what about all of the other things on my machine that aren't encrypted?

By @meisel - 5 months
How uncommon is it for apps to store sensitive data in this way? It wouldn’t surprise me if this is a pretty common, albeit non-ideal, practice. For example, where does chrome store browsing history data?
By @jug - 5 months
Don't rely on apps to enforce encrypted data at rest if you're dealing with local data that would lead into problems if e.g. your laptop is stolen.

This is already a solved problem with FileWarden, BitLocker, LUKS etc. and commonly enforced in corporate environments through group policies too...

By @redserk - 5 months
ArsTechnica has been resorting to increasingly alarmist headlines to the point where many articles should be regarded as spam as they don't serve to inform nor provoke any meaningful discussion.

Their selection of reporting over the last two years has been centered around pieces that do great for flamebait comment sections across several sites, not much for reasonable discourse.

As far as the concerns raised here, my browser history is substantially more sensitive and is in the clear.