ChatGPT Mac App Stored User Chats in Plain Text Prior to Latest Update

[sich]

The authentication token stored in a browser doesn't have to contain a username or password at all (even in encrypted form), but can be used to make an authenticated request if accessed. In this way the token is not encrypted. Although, browsers have implemented credential managers which do encrypt some stored data such as saved passwords.

It can contain user name, any other user details and any information the web app may need for authorization. But never password, yes. If such token wasn't encrypted and signed, it woud be possible to make a copy with different user name and other claims with all consequences, not to say to learn something about the user.

 

[chucker23n1]

In this way the token is not encrypted.

JWTs can be encrypted, but of course, you'd need to put the key in code that runs on the client, so the usefulness of that is limited. In practice, I don't see this being done much. Instead, they're just signed.

But anyways, I wasn't talking about auth cookies. My point was if we're going to ding ChatGPT for storing unencrypted, unsandboxed chat logs locally on the computer, there's a lot more apps this applies to, including a ton of web apps (with cookies and local storage).

 

[jonnysods]

If I’m reading it right, a person would need access to the user’s device to allow this to happen. Seems like a few security issues are in play already if that is the case, and reading their gpt chats are the least of the device owners problems.

 

[SBlue1]

California is adopting more food ingredient bans like the EU already has. It’s a matter of time before it catches on in other states. boeing is a sad case of greedy for profit corporations cheating the system

Good for you. California seems to be the most "European" style of state as much as you can be as an American state.

 

[hagar]

Aside from being a massive security risk, this so-called Artificial Intelligence is nothing more than a disguised coup to manipulate public opinion, censor free thought by eliminating what they consider to be opposed to their desired schematic and also ultimately to insidiously monitor everybody's activity. Of course they will profess otherwise and efforts will be seen to create privacy, but as we see in these initial stages, first with Microsoft and now others including this, their prime intentions are not security based, our privacy is not something that they give a fig for. Otherwise, how could Microsoft even dream of putting into public space such a massive data collection facility as was their Copilot v1.0?

While obviously any LLM can be trained in such a way to give biased answers, can you give some examples where ChatGTP does this?

 

[hagar]

If I’m reading it right, a person would need access to the user’s device to allow this to happen. Seems like a few security issues are in play already if that is the case, and reading their gpt chats are the least of the device owners problems.

Not exactly. Any app installed on your machine can access and read the prompts if they wanted to. So physical access is not needed.

 

[jonnysods]

Not exactly. Any app installed on your machine can access and read the prompts if they wanted to. So physical access is not needed.

Ok got it that makes a bit more sense. Again, if those apps can do that isn’t there a bigger overall security concern in play?

 

[thebart]

Not exactly. Any app installed on your machine can access and read the prompts if they wanted to. So physical access is not needed.

True. Also as far as I know any app can read your entire ~/ and upload it somewhere without any special permission. If the app is on the store, would Apple review find that? My guess is no. But they'll know if you use an undocumented API and ding you for silly stuff like your app icon is cartoonish and may appeal to children

 

[patent10021]

...
Sam Altman, despite not being anything other than a conman and running several tech companies into the ground, has somehow ascended the corporate ranks of Silicon Valley every step of the way....

I'll give you a hint at how he did it. He is a Z_____.