Late last month, ChatGPT’s macOS app finally saw the light of day. Announced in May, the app lets you converse with generative AI without having to go through a web browser. Most importantly, it lets you summon OpenAI’s chatbot on screen by simply clicking on a keyboard shortcut. It’s offered free of charge to all users, including those on the free plan.
As successful as it is, the macOS app isn’t perfect. As developer Pedro José Pereira Vieito noted on his Mastodon account, the software suffers from:a major privacy breach. Indeed, OpenAI did not take care to use sandboxing, a technique that isolates applications in a secure environment.
When sandboxing is enabled, apps run in a confined area where they have limited privileges and restricted access to system resources, such as files and devices, to prevent malicious interaction with other sections. Unfortunately, this is not the case with ChatGPT’s macOS app.
Also read: Connected glasses with ChatGPT 4o – here is a great alternative to Meta Smart Glasses
ChatGPT queries at the mercy of viruses
Concretely, the app will store all the requests addressed to ChatGPT in clear text, that is to say unencrypted, in a folder on the computer. To access all the questions asked to the AI, simply go to the file library of your Mac, by following this procedure:
- Click the Finder icon in the Dock to open a new Finder window
- In Finder, click the Go menu at the top of the screen
- Hold down the Option (or Alt) key to see the Library option appear in the drop-down menu
- Click on Library to open the ~/Library folder
- Once in the ~/Library folder, open the Application Support folder
- Find and open the com.openai.chat folder
There you will find a host of .data files which list all interactions with ChatGPT through the application. All requests are clearly readable within the documents, without any control or obstacle. The presence of these documents represents a huge security flaw. Malware that has managed to penetrate the computer could, for example, seize the conversations to extract any personal data. Similarly, an overly curious individual could find out what you are telling ChatGPT by searching through the documents, without opening the app. We were able to confirm the developer’s findings on our own Mac.
“Basically any other running application/process/malware can read all your ChatGPT conversations without any permission prompt”sorry Pedro José Pereira Vieito.
The developer recalls that Apple has “blocked access to all user private data since macOS Mojave 10.14”deployed in 2018. This measure should prevent any application installed on the computer from accessing user data without “explicit user access”. All data stored by Calendar, Mail or Messages is affected. By neglecting to add sandboxing, OpenAI has disabled “all these built-in defenses” by Apple, continues Pedro José Pereira Vieito on Mastodon. Let’s bet that the start-up, launched in a frantic race towards the best AI, will take the time to correct the situation.
To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
Mastodon
