"But everything you do is stored nonprotected on your computer. That's the default condition!"As with Microsoft's Recall, I don't find this particularly damning.
Is it better to protect it? Maybe?
But everything you do is stored nonprotected on your computer. That's the default condition!
And you shouldn't be sending personal information to OpenAI anyway!
The issue is that Apple would require the security OpenAI didn't think was important. Thats why they didn't submit it to the AppStore. Apple wasn't involved in this discussion persay, nor decided to maintain some distance."The app is only available as a direct download from OpenAI's website and is not available through Apple's App Store where more stringent security is required." -- i guess apple wants to maintain some distance, despite the announced integration path, but letting the OpenAI people loose on the brand could really degrade the security brand down the road. i'm quite surprised that some adults weren't assigned to oversee what OpenAI could -- borderline sideload -- on to macs. or, if assigned, thought this was acceptable quality code.
It's not directly related to the story, but I Will Fucking Piledrive You If You Mention AI Again
He's a good read and a pretty good podcast guest
To gain access to the rest of the file system. It’s the primary reason apps opt out of translocation.I have no idea why you’d disable the default sandbox. This was a business decision.
They did not implement the sandbox.It's not a bug and it's not really a major security concern. They just didn't implement the sandboxing feature on macOS, but that's the case for the majority of non-App Store apps, and that's how every Windows app behaves.
It's good that they improved security by implementing the sandbox, but the way the issue was covered by the press made it look like a much more serious issue than what it actually is.
So I think the press losing its mind over this is still fully justified.OpenAI has now updated the app, and the local chats are now encrypted, though they are still not sandboxed.
My browsers delete all cookies and history when closed, and my computer deletes all temp files when shutting down. And most of my history is never kept anyway because there are only like 5 sites I have javascript enabled on.As with Microsoft's Recall, I don't find this particularly damning.
Is it better to protect it? Maybe?
But everything you do is stored nonprotected on your computer. That's the default condition!
How does Apple catch stupid decisions in an app that is not distributed through their app store? How? And why is it Apple‘s job in your mind?Public Service Announcement:
While this is a highly fertile subject for a facepalm GIF, a double facepalm is strongly recommended here.
Apple should have caught this.
Unlike iOS (for now), MacOS Will run apps from anywhere as long as the user approve it. Other than a signature check, there's nothing Apple can do if people just download an app from rando websites. I don't understand why you think Apple is somehow responsible.Public Service Announcement:
While this is a highly fertile subject for a facepalm GIF, a double facepalm is strongly recommended here.
Apple should have caught this.
But they're shifting the paradigm. Disrupting the status quo. Making the world a better place. Seriously how in 2024 is this kind of shit still going on. Nevermind, I know how....My company has been exploring how to get into AI slowly and responsibly and this is yet another reason why we don’t trust any arrangement that would be direct with OpenAI. They are immature, unreliable, and not anywhere near enterprise-grade; proven over the long haul. This instance in particular is absolutely shameful. Security by design is apparently for mature companies out of their training diapers.
Easy. On macOS, the Keychain Services API is perfect for this. Applications can store keys in there easily. Users have to explicitly grant access to any apps that wish to access an item they didn't create.1) It stores a key somewhere, same issue as it has to read that
Imagine... a Chinese firm also trying to be a world AI champ caught with this... would you still feel the same? Perhaps being a ChatGPT fan has clouded your judgment?It's not a bug and it's not really a major security concern. They just didn't implement the sandboxing feature on macOS, but that's the case for the majority of non-App Store apps, and that's how every Windows app behaves.
It's good that they improved security by implementing the sandbox, but the way the issue was covered by the press made it look like a much more serious issue than what it actually is.
100%This isn't some obscure bug, these guys ship product and just don't care about the user.
I don't see how they can be trusted to do anything they promise.
Now, now, I'm sure their LLM hallucinated to them that it was perfectly safe.This isn't some obscure bug, these guys ship product and just don't care about the user.
It's not directly related to the story, but I Will Fucking Piledrive You If You Mention AI Again