←back to thread

Fighting the New York Times' invasion of user privacy

(openai.com)
237 points meetpateltech | 8 comments | 12 Nov 25 14:08 UTC | HN request time: 0.449s | source | bottom
Show context
1vuio0pswjnm7 ◴[12 Nov 25 16:11 UTC] No.45901917[source]
"The New York Times is demanding that we turn over 20 million of your private ChatGPT conversations."

As might any plaintiff. NYT might be the first of many others and the lawsuits may not be limited to copyright claims

Why has OpenAI collected and stored 20 million conversations (including "deleted chats")

What is the purpose of OpenAI storing millions of private conversations

By contrast the purpose of NYT's request is both clear and limited

The documents requested are not being made public by the plaintiffs. The documents will presumably be redacted to protect any confidential information before being produced to the plaintiffs, the documents can only be used by the plaintiffs for the purpose of the litigation against OpenAI and, unlike OpenAI who has collected and stored these conversations for as long as OpenAI desires, the plaintiffs are prohibited from retaining copies of the documents after the litigation is concluded

The privacy issue here has been created by OpenAI for their own commercial benefit

It is not even clear what this benefit, if any, will be as OpenAI continues to search for a "business model"

Wanton data collection

replies(8): >>45902173 #>>45902539 #>>45903180 #>>45903873 #>>45904258 #>>45904285 #>>45905079 #>>45906333 #
1. 1vuio0pswjnm7 ◴[12 Nov 25 18:51 UTC] No.45904258[source]
Is there a technical limitation that prevents chat histories from being stored locally on the user's computer instead of being stored on someone else's computer(s)

Why do chat histories need to be accessible by OpenAI, its service partners and anyone with the authority to request them from OpenAI

If users want this design, as suggested by HN commenters, if users want their chat histories to be accessible to OpenAI, its service providers and anyone with authority to request them from OpenAI, then wouldn't it also be true that these users are not much concerned with "privacy"

If so, then why would OpenAI proclaim they are "fighting the New York Times' invasion of user privacy", knowing that NYT is prohibited from making the logs public and users generally do not care much about "privacy" anyway

The restrictions on plaintiff NYT's use of the logs are greater than the restrictions, if any,^1 on OpenAI's use of them

1. If any such restrictions existed, for example if OpenAI stated "We don't do X" in a "privacy policy" and people interpreted this as a legally enforceable restriction,^2 how would a user verify that the statement was true, i.e., that OpenAI has not violated the "restriction". Silicon Valley companies like OpenAI are highly secretive

2. As opposed to a statement by OpenAi of what OpenAI allegedly does not do. Compare with a potentially legally-enforceable promise such as "OpenAI will not do X". Also consider that OpenAI may do Y, Z, etc. and make no mention of it to anyone. As it happens Silicon Valley companies generally have a reputation for dishonesty

replies(3): >>45904337 #>>45904342 #>>45904418 #
2. Aurornis ◴[12 Nov 25 18:56 UTC] No.45904337[source]
> Is there a technical limitation that prevents chat histories from being stored locally on the user's computer

People access ChatGPT through different interfaces: Web, desktop app, their phones, tablets.

Therefore the conversations are stored on the servers. It's really not some hidden plot against users to steal their data. It's just how most users expect their apps to work.

replies(1): >>45905875 #
3. aDyslecticCrow ◴[12 Nov 25 18:56 UTC] No.45904342[source]
They're very valuable data, and it's convenient to log in to see a previous chat.

If you have ever played with the api, its clear as day that the protocol itself is stateless.

4. neodymiumphish ◴[12 Nov 25 18:59 UTC] No.45904418[source]
Presumably for cross-device interactivity. If I interact with ChatGPT on my phone, then open it on my desktop. I might be a bit frustrated that I can't get to the chat I was having on my phone previously.

OpenAI could store the chat conversation in an encrypted format that only you, the user, can decrypt, with the client-side determining the amount of previous messages to include for additional context, but there's plenty of user overhead involved in an undertaking like that (likely a separate decryption password would be needed to ensure full user-exclusive access, etc).

I'd appreciate and use a feature like that, but I doubt most "average" users would care.

replies(1): >>45904740 #
5. scotty79 ◴[12 Nov 25 19:15 UTC] No.45904740[source]
Facebook messenger tries to marry end to end encryption with multi-device access and it's a horrible mess with some messages not being delivered to some devices for hours , days or ever.

I absolutely want OpenAI to keep all of my chats and I absolutely don't want them to share them ( voluntarily or by force) with any private agent.

I have exactly the same expectation of any document or communication platform. It's been long established as accepted compomise between security and convenience.

6. andrepd ◴[12 Nov 25 20:17 UTC] No.45905875[source]
Nonsense. It's easy to design an app where the server stores all information in an encrypted form. If OpenAI "cared about privacy" like this PR piece claims, they would do this. They don't because they (obviously) don't care and they (obviously) want the data for their purposes.
replies(2): >>45906070 #>>45908114 #
7. epistasis ◴[12 Nov 25 20:27 UTC] No.45906070{3}[source]
"Easy" does not mean "lowest cost" or "easiest". It's far far far easier to stor conversations as plain text and return them as is, instead of having to encrypt, rotate keys, etc. etc.

That's a tricky system to get right and maintain

(Please do not interpret this as a defense of OpenAI! I just think that we shouldn't trivialize the task of encrypting user data so that it's not visible to the provider).

8. Aurornis ◴[12 Nov 25 22:59 UTC] No.45908114{3}[source]
> It's easy to design an app where the server stores all information in an encrypted form.

If you read the article, you'd see this:

> Our long-term roadmap includes advanced security features designed to keep your data private, including client-side encryption for your messages