N-Krause 5 hours ago

There was a discussion here on hn about OpenAI and it's privacy. Same confusion about e2ee. Users thinking e2ee is possible when you chat with an ai agent.

https://news.ycombinator.com/item?id=45908891

Reply View 6 replies
  • charcircuit 3 hours ago

    >Users thinking e2ee is possible when you chat with an ai agent.

    It shouldn't be any harder than e2ee chatting with any other user. It's just instead of the other end chatting using a keyboard as an input they chat using a language model to type the messages. Of course like any other e2ee solution, the person you are talking to also has access to your messages as that's the whole point, being able to talk to them.

    Reply View 4 replies
    • swiftcoder 2 hours ago

      I do not think this matches anyones' mental model of what "end-to-end encrypted" for a conversation between me and what is ostensibly my own computer should look like.

      If you promise end-to-end encryption, and later it turns out your employees have been reading my chat transcripts...

      Reply View 1 reply
      • butvacuum 42 minutes ago

        I'm not sure how you can call chatgpt "ostensibly my own computer" when it's primarily a website.

        And honestly, E2EE's strict definition (messages between user 1 and user 2 cannot be decrypted by message platform)... Is unambiguously possible for chatGPT. It's just utterly pointless when user2 happens to also be the message platform.

        If you message support for $chat_platform (if there is such a thing) do you expect them to be unable to read the messages?

        It's still a disingenuous use of the term. And, if TFA is anything like multiple other providers, it's going to be "oh, the video is E2EE. But the 5fps ,non-sensitive' 512*512px preview isn't."

        Reply View 0 replies
    • zarzavat 2 hours ago

      e2ee implies that there is a third party who can't read the messages. If you are chatting with an AI, who is the third party?

      Reply View 1 reply
      • setopt an hour ago

        Ideally, both OpenAI employees and the 3-letter agencies?

        Reply View 0 replies
  • pyuser583 3 hours ago

    I saw a YouTube video claim similar levels of privacy are possible using trusted computing.

    Reply View 0 replies
ljlolel 8 hours ago

Zoom also did this once

Reply View 4 replies
  • wkat4242 3 hours ago

    They don't care about security at all.

    They once shipped a backdoor in their macOS app. It was noticed and called out and they refused to remove it. It took Apple blacklisting it for Zoom to finally take action.

    Reply View 0 replies
  • internetter 7 hours ago

    They also paid me something around 100 dollars in settlement for this

    Reply View 0 replies
  • bayindirh 4 hours ago

    I believe they now have a proper e2ee mode which disables all the cloud powered features, no?

    Reply View 1 reply
    • computerfriend an hour ago

      They aquihired (and gutted) keybase for this, but I have a doubt that their "reimplementation" is actually E2EE.

      Reply View 0 replies
hulitu 6 hours ago

Whatsapp, Signal, Telegram, iCloud

Reply View 2 replies