ChatGPT for Mac app logged queries in an unencrypted file before getting caught – AppleInsider

AAPL: 221.55 ( +1.28 )
Copyright © 2024 Quiller Media, Inc. All rights reserved.
ChatGPT for Mac
Apple has strict guidelines about protecting user data with sandboxing, but ChatGPT for Mac bypassed all of this by storing conversations in plain text until it was patched on June 28.

When everything is working the way it should on Mac, data should be siloed between apps so no single app can access another app’s data without APIs or user permission. ChatGPT decided to ignore Apple’s guidance and broke that structure by opting out of sandboxing and storing user conversations in plain text.
Storing files this way left them open for any other Mac app to find and read them freely. That means if a user’s Mac was infected with malware or malicious apps, the private data shared with ChatGPT could be read freely.
Pereira Vieito discovered the problem and shared it on Threads.
An update to ChatGPT for Mac was issued on Friday to patch this problem. All data from using ChatGPT is now hidden behind encryption.
“We are aware of this issue and have shipped a new version of the application which encrypts these conversations,” OpenAI spokesperson Taya Christianson says in a statement to The Verge. “We’re committed to providing a helpful user experience while maintaining our high security standards as our technology evolves.”
When an app is submitted to the Mac App Store or for it notarization, it goes through a review process that ensures the app handles data via sandboxing. It is a method that ensures apps only have access to the data they have and none else on the system.
OpenAI’s ChatGPT for Mac app is distributed from the web and doesn’t use sandboxing. The app can access private data the user shares, like emails and confidential records, to perform whatever task the user asks.
If you’ve installed ChatGPT for Mac, ensure it has been updated to the latest version. While the vulnerability likely wasn’t taken advantage of in the short time since the app launched, it is still a silly mistake for a company like OpenAI to make.
The ChatGPT for Mac app is separate from the larger partnership OpenAI has with Apple. Later in the fall, users can opt to send some requests to ChatGPT instead of Apple Intelligence as a part of macOS Sequoia.
Wesley Hilliard served ten years as a Nuclear Power Electrician in the US Navy, then jumped careers in 2019. Today, he is Assistant Editor, Podcast Cohost, SEO Specialist, and Social Media Manager for AppleInsider.

AppleInsider said:

“We are aware of this issue and have shipped a new version of the application which encrypts these conversations,” OpenAI spokesperson Taya Christianson says in a statement to The Verge. “We’re committed to providing a helpful user experience while maintaining our high security standards as our technology evolves.”

This is such a pure BS response from them.  “As technology evolves”?  Bullsh!t.  Some jackass over there made the conscious decision to do this, or out of sheer coding laziness.  There ought to be more consequence than just a typical “lol… sorry, my bad” on ChatGPT’s part.  How’s about banning them from MacOS for a year?  Something?

“We are aware of this issue and have shipped a new version of the application which encrypts these conversations,” OpenAI spokesperson Taya Christianson says in a statement to The Verge. “We’re committed to providing a helpful user experience while maintaining our high security standards as our technology evolves.”

This is such a pure BS response from them.  “As technology evolves”?  Bullsh!t.  Some jackass over there made the conscious decision to do this, or out of sheer coding laziness.  There ought to be more consequence than just a typical “lol… sorry, my bad” on ChatGPT’s part.  How’s about banning them from MacOS for a year?  Something?

OpenAI being sloppy with user data? I’m shocked, SHOCKED I tell you. /s

Er, isn’t the author conflating sandboxing and encryption? 

This displays the difference between saying you’re about privacy, and actually being about privacy.

This is what beta testing is all about. Never downloaded a public beta and never will. 
Boox has a new e-ink reader, combining all our favorite features into a paperback-sized portable at a new, lower price point.
Apple has strict guidelines about protecting user data with sandboxing, but ChatGPT for Mac bypassed all of this by storing conversations in plain text until it was patched on June 28.
Billed as the first global visionOS hackathon, Vision Hack aims to help developers produce apps and games, so Apple Vision Pro users will finally get their killer app.
Apple is allowing emulators on App Store. Here's what's arrived, and what's on the way to play your favorite retro games on your iPhone, updated on July 3.
Amazon and Best Buy are slashing prices on current 14-inch and 16-inch MacBook Pro models by up to $500, delivering the best deals on a variety of M3, M3 Pro and M3 Max configs for the 4th of July holiday.
In a new podcast interview, ex-Apple chief designer Jony Ive has told of his hard early years at the company, and how hard it was leaving.
Apple's repair policies aren't doing enough across the board to comply with New York's Right to Repair rules, with a new report claiming that Apple still has a lot more work to do.
Following accusations that iPhone manufacturer Foxconn discriminates against hiring married women, the Indian government has questioned executives and is studying documentary evidence.
The open-source Swift and Objective-C repository, CocoaPods, had multiple vulnerabilities that left millions of iOS and macOS apps exposed to potential attacks for a decade, but it is now patched.
Capcom has brought "Resident Evil 7" to the App Store, unleashing more zombie action to the iPhone, iPad, and Mac.
Apple is on the second round of developer betas for its current-gen operation systems, including iOS 17.6, iPadOS 17.6, tvOS 17.6, watchOS 10.6, macOS Sonoma, and visionOS 1.3.
{{ summary }}

source