OpenAI's ChatGPT App on MacOS Storing Conversations in Plain Text
OpenAI recently made its ChatGPT app for macOS available to the public, moving away from its previous restricted access to Plus subscribers. However, a security issue was identified where the app stored conversations in plain text in an unprotected location.
OpenAI Rolls Out ChatGPT MacOS App to Everyone
The discovery was first made by data engineer Pedro Jose Pereira Vieito on Threads, who demonstrated how the chats were being stored. This vulnerability meant that any software, including potential malware, on the macOS device could access ChatGPT conversations without any permission prompts.
The report also mentions that unless users opt out, OpenAI may review ChatGPT logs for safety and model training purposes. While it's true that many files on computers are not encrypted, posing vulnerability to malware, additional safeguards can prevent such risks.
ChatGPT for macOS raises concerns for storing chats in plain text
Update on Encryption
Following this revelation, OpenAI has released an update to encrypt chats in the application. A company spokesperson, Taya Christianson, acknowledged the issue and stated that the new version of the application now encrypts chats.
Pereira Vieito highlighted the absence of sandbox protections in the app, which led to his investigation into the storage location of ChatGPT data on macOS. The app's download source being the OpenAI website, rather than the Apple App Store, made sandboxing an essential component.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25462005/STK155_OPEN_AI_CVirginia_B.jpg)
Sources: The Verge, @pvieito / Threads
