from Hacker News

ChatGPT's much-heralded Mac app was storing conversations as plain text

by pulisse on 7/5/24, 8:58 PM with 14 comments

  • by __jonas on 7/5/24, 11:09 PM

    Weird headline, I don’t think “plain text” is the issue here, it’s rather that they opted out of storing data in a location protected by macOS app sandboxing, which is a little odd from how I understand, but not terribly uncommon.

    I would absolutely never expect an App to encrypt data it stores locally on my computer, would be kinda nice if they would make use of the built-in file access protections macOS has though.

  • by ilrwbwrkhv on 7/5/24, 11:58 PM

    This is a pointless hit piece. There is no expectation of encrypted data storage for a desktop app. Now if they were not keeping data safely on their servers, now that's another matter.

  • by buffington on 7/5/24, 10:44 PM

    Honest question from someone who isn't an expert: why would they need to encrypt that data on my machine?

    If the concern is that someone might gain access to my computer and see unencrypted things, what about all of the other things on my machine that aren't encrypted?

  • by meisel on 7/5/24, 10:13 PM

    How uncommon is it for apps to store sensitive data in this way? It wouldn’t surprise me if this is a pretty common, albeit non-ideal, practice. For example, where does chrome store browsing history data?

  • by jug on 7/5/24, 10:48 PM

    Don't rely on apps to enforce encrypted data at rest if you're dealing with local data that would lead into problems if e.g. your laptop is stolen.

    This is already a solved problem with FileWarden, BitLocker, LUKS etc. and commonly enforced in corporate environments through group policies too...

  • by redserk on 7/6/24, 1:00 PM

    ArsTechnica has been resorting to increasingly alarmist headlines to the point where many articles should be regarded as spam as they don't serve to inform nor provoke any meaningful discussion.

    Their selection of reporting over the last two years has been centered around pieces that do great for flamebait comment sections across several sites, not much for reasonable discourse.

    As far as the concerns raised here, my browser history is substantially more sensitive and is in the clear.