A message field for ChatGPT pops up on the Mac desktop.
to enlarge / The app lets you invoke ChatGPT from anywhere in the system with a keyboard shortcut, spotlight-style.

Samuel Axon

OpenAI announced its Mac desktop app for ChatGPT with much fanfare a few weeks ago, but it turns out it had a serious security problem: user chats were encrypted in plain text. were stored, where any bad actor could find them if they gained access. your machine.

As Threads user Pedro Jose Pereira Vietto noted earlier this week“The OpenAI ChatGPT app on macOS is not sandboxed and stores all conversations in plain text in a secure location,” meaning “any other running app/process/malware can access all your chats without prompting for permission.” GPT can read the conversation.”

He added:

macOS has blocked access to any user’s private data since macOS Mojave 10.14 (6 years ago!). Any app accessing a user’s private data (calendar, contacts, mail, photos, any third-party app sandbox, etc.) now requires explicit user access.

OpenAI chose to opt out of the sandbox and store the conversation in plain text in an insecure location, disabling all of these built-in defenses.

OpenAI is now Updated the app., and local chats are now encrypted, although they are not yet sandboxed. (This app is only available as a direct download from OpenAI’s website and is not available through Apple’s App Store where more stringent security is required.)

Many people now use ChatGPT like they might use Google: to ask important questions, solve problems, etc. Often, sensitive personal data may be shared in these communications.

It’s not a good look for OpenAI, which recently entered one. Partnership With Apple to offer chatbot services included in Siri queries in Apple operating systems. Apple detailed some of the security around these questions at WWDC last month, though, and they’re much tighter than what OpenAI did (or, more precisely, didn’t do) with its Mac app, which That is a separate initiative. Partnership

If you are using the app recently, don’t forget to update it as soon as possible.



Source link