/cdn.vox-cdn.com/uploads/chorus_asset/file/25462005/STK155_OPEN_AI_CVirginia_B.jpg?w=932&resize=932,640&ssl=1)
Until Friday, OpenAI’s recently released ChatGPT macOS app had a potentially worrying security issue: It wasn’t difficult to find your chats stored on your computer and read them in plain text. This meant that if a bad actor or malicious application gained access to your machine, they could easily read your ChatGPT conversations and the data contained within them.
As demonstrated by Pedro José Pereira Vieito in Threads, the ease of access meant that it was possible for another application to access these files and show the text of your conversations right after they took place. Pereira Vieito shared the app he made with me, and I used it to make a video showing how the app can read my ChatGPT conversations with the click of a button. I was also able to find the files on my computer and see the text of the conversations just by changing the file name.
After On the edge contacted OpenAI about the issue, the company released an update that it says encrypts chats. “We are aware of this issue and have released a new version of the app that encrypts these conversations,” OpenAI spokesperson Taya Christianson said in a statement to On the edge. “We are committed to providing a helpful user experience while maintaining our high security standards as our technology evolves.”
After downloading the update, the Pereira Vieito app no longer works for me and I can’t see my conversations in plain text.
I asked Pereira Vieito how he discovered the original problem. “I was curious to know why [OpenAI] they chose not to use the app’s sandbox protections and ended up checking where they stored the app’s data,” he said. OpenAI only offers the ChatGPT macOS application through your own websitemeaning the app doesn’t have to follow Apple’s sandboxing requirements that apply to software distributed through the Mac App Store.
Unless you chose to leaveOpenAI can review ChatGPT conversations for safety and train your models. But this privilege is not something you would expect to extend to unknown third parties who have access and know where to look.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23318439/akrales_220309_4977_0324.jpg?w=300&resize=300,300&ssl=1)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25512791/Screenshot_2024_06_30_at_4.37.29_PM.png?w=300&resize=300,300&ssl=1)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25509375/Strands_Press_Hero_5x3_1.jpg?w=300&resize=300,300&ssl=1)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25162649/STK160_Temu_01.jpg?w=300&resize=300,300&ssl=1)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24371480/236494_Mac_mini__2023__AKrales_0042.jpg?w=300&resize=300,300&ssl=1)
/cdn.vox-cdn.com/uploads/chorus_asset/file/22407721/Screen_Shot_2021_03_30_at_9.01.49_AM.png?w=300&resize=300,300&ssl=1)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25462007/STK155_OPEN_AI_CVirginia_C.jpg?w=300&resize=300,300&ssl=1)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25503796/blackmagic_camera_app_android1.jpg?w=300&resize=300,300&ssl=1)
