Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

ChatGPT Mac App Stored User Chats in Plain Text Prior to Latest Update

Huh? What is going on? That’s just how Mac apps work. They store data on your disk. And of course any random app you download can steal your data. That’s how it has always been.

And any attempt to change it has been rejected, because people want their apps not to be limited by Apple. So why are we complaining about this now?
 
  • Like
Reactions: ipaqrat, Cosmogon-999, meetree and 2 others
Honestly all the "hot new tech" companies since 2008 or so have a lot of data privacy gotchas so totally unsurprising.
 
ApplesAreSweet&Sour said:
That's some hyperbole if I ever heard it:

All the EU is doing is giving consumers full control of their iPhones and iPads allowing them to install apps from outside its App Stores without having to jailbreak their iPhones and void warranty, etc.

EU consumers and developers who want to stick with the convenience and safety of Apple's App Stores can do so under the same terms and with the same safety as before the DMA kicks in.

It's just more options.

But from what I gather, it's easier for Americans to act all obtuse about the DMA instead of actually comprehending what it's going to do.

When you own a house or a car, you have the right to do anything you want to it, let anyone repair it, install anything you like. It's your proporty, you have the freedom to destroy it, sell it, fix it, paint it green, whatever.

The company that built the house or the car for you cannot dictate how you can repair it, who can repair it, if third parties have to pay them fees for fixing your proporty. You are free to do it yourself or hire any other party.

It's your iPhone, you should have those same freedoms for it.

And all the shenanigans OpenAI throws at its users with most certainty shouldn't dictate the future of iOS or MacOS.

Arguing for trapping everyone inside sandboxed platforms with huge, expensive guardrails because a few people want to make some terrible decisions with their Macs, iPhones, and iPads is a very ignorant take.
Click to expand...
Even Apple's App Store walled garden is not some privacy mecca as some Apple fans make it to be. Run pihole on your network and open a 3rd party app right now and you'll see many calls to advertising and "analytics" sites in the pihole log.
 
  • Like
Reactions: haruhiko
platinumaqua said:
Even Apple's App Store walled garden is not some privacy mecca as some Apple fans make it to be. Run pihole on your network and open a 3rd party app right now and you'll see many calls to advertising and "analytics" sites in the pihole log.
Click to expand...
VPN based ad blocker apps on iOS also reveals a lot of trackers being used by apps.
 
  • Like
Reactions: platinumaqua
dannys1 said:
Human emotions into what though? There is generally a factual answer to everything. Just because you disagree with facts and find they cloud your judgement doesn't mean they're incorrect. Human emotions is what leads to extremes in opinions and those extremes are never right. The truth is always somewhere in the middle.

ChatGPT is very good at being unbiased, presenting pros and cons and facts.
Click to expand...
It could be argued that LLM-based chat responders cannot be unbiased. There's no awareness of Pro or Con - it's all just statistical grading, coupling a high and a low related to a search term. At best, that's the start of brainstorming, but shouldn't be considered a finished usable output.

I'm sure the programmers fed the LLM's an encyclopedia or two. Library's worth of vetted, respected, accepted physics, engineering, biology, philosophy, psychology, sociology, theology, archeology, anthropology.

And then they fed it the internet, which provides a voice to every Ignorant Pendejo with an Axe to Grind. The collective WE used to leave IPAGs appropriately squelched out. Remember how nice that used to be, how much quieter and more rational media was? Now IPAGs poison society through social media, as folks with weak spots in their minds get sucked in to IPAG B.S.

IPAG B.S. overpowers the sum of factual human knowledge. Day in, day out.

LLMs are STATISTICAL MODELS, pattern recognition engines based on worlds apex predator - People. But not like educated, skeptical, moderate wise people. No. LLMs get their patterns from IPAGs, because they weigh patterns only statistically - by volume, engagement and reproducibility. LLMs grade the quality of their own regurgitation by feedback loops of volume, engagement and reproducibility. THAT'S why LLMs puke wrongness hallucinate garbage -- Becuase they're really LIPAGLMs.
 
Riovfo said:
Time for apple to finally go full privacy and ban sideloading on all platforms. Its dangerous out there
Click to expand...

do you honestly believe that consumers should not have the ability to decide what they install on the hardware that they buy?

would you ban kitchen knives because someone might stab themselves?
 
  • Like
Reactions: grovian and idktbh
ApAx said:
So if the app would have been published to the App Store, it would have followed Apple’s security policies and this risk to the end user would have been prevented.

EU: “But that’s just not fair. iPhone must be as vulnerable as computers in the name of fairness! Boo hoo wah!”
Click to expand...

do you honestly believe that apple's walled gardens have anything to do with security rather than monopolistic control?
 
  • Like
Reactions: meetree and idktbh
nathansz said:
do you honestly believe that apple's walled gardens have anything to do with security rather than monopolistic control?
Click to expand...
I have no doubt. But I like that they are walled gardens. It’s an attractive feature for me and a reason I chose Apple. I place my trust in Apple to sign apps. If people don’t like that then they can choose to use Android. But government forcing Apple in the name of consumer choice is just as dubious. The choice is to buy something else, a choice which has existed all along…
 
ApAx said:
I have no doubt. But I like that they are walled gardens. It’s an attractive feature for me and a reason I chose Apple. I place my trust in Apple to sign apps. If people don’t like that then they can choose to use Android. But government forcing Apple in the name of consumer choice is just as dubious. The choice is to buy something else, a choice which has existed all along…
Click to expand...

why shouldn't I be able to choose apple and also be able to run software that apple has not signed, like I've been doing for decades

you always have the option to only run software that apple approves of, that shouldn't preclude others from making a different choice
 
  • Like
Reactions: meetree
Mac OS apps can specify they want to be sanboxed even if they are distributed outside of the App Store. The only difference is that for the App Store sandboxing is mandatory, for other ways it's not. So basically any company which don't want to pay fees for using App Store can still show their respect to their users and voluntarily sandbox their apps, unless they really need to have full system access for app's goals. I don't see why ChatGPT can't work in a sandbox.
 
I find this overblown.

Yes, it would've been good if the ChatGPT app had used App Sandboxing, significantly reducing the surface of apps that can (easily) access the data. But leaving that aside, you still opt into this paper trail twice:

  • by installing the app in the first place, and
  • by starting a conversation, each time.
This is very different from how Windows Recall was originally going to ship. With Recall,

  • you did not opt in. You could opt out, in a needlessly difficult manner.
  • if you did not opt out, everything you did was going to get logged. That means all your computer usage is colored by "do I want a paper trail of me having done this?", which is not how people think of their computers.
 
I don’t get what all the outrage is about. To access this data the “bad actor” needs access to your Mac under your account. At that point all your “data” from all your apps is accessible to that person or app. I assume the issue is that they stored the previous queries in a plain text file under ~/Library somewhere? I guess a naughty “app”
could read your ChatGPT queries? And someone spent 10 minutes writing an app to read a text file and got his 10 minutes of internet fame?
 
  • Like
Reactions: z4co
chucker23n1 said:
I find this overblown.

Yes, it would've been good if the ChatGPT app had used App Sandboxing, significantly reducing the surface of apps that can (easily) access the data. But leaving that aside, you still opt into this paper trail twice:

  • by installing the app in the first place, and
  • by starting a conversation, each time.
This is very different from how Windows Recall was originally going to ship. With Recall,

  • you did not opt in. You could opt out, in a needlessly difficult manner.
  • if you did not opt out, everything you did was going to get logged. That means all your computer usage is colored by "do I want a paper trail of me having done this?", which is not how people think of their computers.
Click to expand...
That’s a lot of effort to shift blame off the developer of the most sophisticated technologies in the world so far. Sure you want to dump it on the user only?
 
loopy123 said:
I don’t get what all the outrage is about. To access this data the “bad actor” needs access to your Mac under your account. At that point all your “data” from all your apps is accessible to that person or app. I assume the issue is that they stored the previous queries in a plain text file under ~/Library somewhere? I guess a naughty “app”
could read your ChatGPT queries? And someone spent 10 minutes writing an app to read a text file and got his 10 minutes of internet fame?
Click to expand...
No need for bad actor, any app (or at least non-sandboxed) can read that app's chat history. Everyone has many apps installed, and even trusted ones can try to use your chat history for something (e.g. learn your instersts to advertise you something or to complement your informational portrait for other needs). And that's only the most harmless case.
 
I forgot there was a standalone app, but I have used it in the browser as a web app. I also switched to the web app for Discord and found it to be a better experience.
 
theheadguy said:
That’s a lot of effort to shift blame off the developer of the most sophisticated technologies in the world so far. Sure you want to dump it on the user only?
Click to expand...

I’m not shifting blame. I’m saying this is a bit overblown.
 
chucker23n1 said:
Next people will freak out that browsers store cookies and local storage unencrypted. 🤷🏻‍♂️
Click to expand...
Well, actually, web sites encrypt any cookies they consider sensitive, especially, authentication cookies. That prevents cookies from being read by anyone, but still sometimes can be used to forge an authenticated request by another application which steals the cookie.
 
sich said:
Well, actually, web sites encrypt any cookies they consider sensitive, especially, authentication cookies. That prevents cookies from being read by anyone, but still sometimes can be used to forge an authenticated request by another application which steals the cookie.
Click to expand...
The authentication token stored in a browser doesn't have to contain a username or password at all (even in encrypted form), but can be used to make an authenticated request if accessed. In this way the token is not encrypted. Although, browsers have implemented credential managers which do encrypt some stored data such as saved passwords.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back