Don’t trust the two-faced bot
OpenAI can’t seem to do anything that inspires the level of consumer trust they demand from their users. OpenAI’s ChatGPT app for macOS had a glaring flaw: it recorded all queries made on the device in a plain text file on the machine. This was available for any application to also grab. Anyone who can read could understand it. It wasn’t hidden deep, or in places where other apps couldn’t access it. Instead, OpenAI kept users’ data in a plain text file. Rather than using sandboxing, encryption, or simply not storing these, OpenAI went for the least secure option, storing every request in plain text, for any app to read from. The developer who found it, Pedro José Pereira Vieito was able to make an app that displayed all conversations and responses before OpenAI could publish a fix, which is out now.
This is who Apple chose to make their generative text features for upcoming versions of their operating systems?
Bypassing macOS Protections
First, a micro-lesson on “sandboxing.” Let’s say you have a mountain of data that you only want Alice to see. For Alice’s eyes only! Bob’s a snoop. He’s the office gossip. You can’t give Bob access to the data. So, you give Alice a special little filing cabinet, a lock, and tell her to lock it up in there. She does so, and the data is safe. Great job, Alice! Now let’s say you bring on Carol. She’s a trouble-maker. When you give her the data, a filing cabinet of her own, and a key, she just sticks it on the outside of her office. Bob reads it and blabs to the whole office about your private matters. Damn it, Bob and Carol!
Okay, in this scenario, Alice is a normal app, engaging in sandboxing. She has data that is only for her and she stores it, encrypted and securely, in her own little space. Bob is malware, eager to get that data, but he can’t, because it’s locked away in Alice’s little space. Her sandbox. And then there’s Carol. Carol is OpenAI, in this scenario. She had private data and she put it in a public place for anyone to see. Anyone could read it there, even Bob! How could Carol be so blatantly irresponsible?
Sandboxing gives apps a secure place to store data, and doesn’t let that data leave that app without permission. You’ve likely seen examples of this, like when you download a file for the first time and your browser has to request access to the Downloads folder. The Downloads folder isn’t in your browser’s sandbox, so it has to ask you permission. This forces all apps to keep their own data secure, as well as respect your privacy in other apps. It’s so important that, when designing their mobile operating systems, Apple made sure that iOS and iPadOS had it baked in to their very core, and added additional features to protect the Mac later too. Today, every app in the Mac App Store has to make use of sandboxing to protect user data.
Perhaps that’s one of many reasons why the OpenAI ChatGPT app isn’t available in the Mac App Store.
OpenAI’s ChatGPT Leak
OpenAI made the kind of mistake only the most junior of developers make. Perhaps it’s because I’m coming from mobile development most recently, where sandboxing is a consideration we always make, but this is absurd, even if I lower the bar. If you’re dealing with potentially private information, you protect it. Period. You encrypt personal data at rest and in transit. That’s the responsibility of every developer.
What OpenAI did was take all requests and responses and store them in plain text for any malware, anyone snooping on your machine in person, just anyone could view. Because these requests could contain personal information, especially when generating things like emails or other written content, that put every user at risk. That data could be shared with hackers who potentially have access to your system already, or anyone else who has access to your computer. Plenty of “legitimate” software companies today deal in your data. Gaining access to files out in the open is easy, and it’s quick money for the companies that collect and sell that data.
Fortunately, if you’re using the ChatGPT macOS app, you can update the app to secure your data. OpenAI released an update after this was reported that included encryption for their file. Now it’s—hopefully—far more difficult to access this data. It was a quick fix because, frankly, it’s a simple issue.
Unworthy of Trust
Apple is partnering with OpenAI to bring generative text features and more complex Siri replies to the upcoming versions of their operating systems. I don’t understand it. Anyone can just use the app or the online service if they really want generative AI. Why partner with the kind of developer who won’t even offer their app through the Mac App Store, in part because of the security protocols they require? Why put that on everyone’s computer?
How many times does OpenAI have to abuse our trust? They scrape data from across the web without consent, they refuse to disclose all their data sources, they spit out responses that include verbatim ingested data and personal data, they do not sterilize inputs to remove private data from their models, and they seem to be getting data from sketchy sources, as leaked content included private emails. They’re doing just about everything they can to betray our trust. Why on earth is anyone, let alone Apple and Microsoft, still giving them the benefit of the doubt?
Sources:
- Samuel Axon, Ars Technica
- Filipe Espósito, 9to5Mac
- Wesley Hilliard, AppleInsider
- Jay Peters, The Verge