ChatGPT users on macOS found that their chat logs were saved in plain-text files, which raised serious privacy concerns despite Apple’s strict privacy policies.
Following the macOS launch of ChatGPT, customers have discovered that their conversation logs are kept on their computers as unencrypted plain-text files.
Pedro José Pereira Vieito initially highlighted this vulnerability in a post on Meta’s Threads. This unencrypted storage posed a serious security threat, potentially allowing anyone with access to the computer to read users’ chat histories.
As per him, despite macOS’s built-in defenses since Mojave 10.14, which require explicit user consent for apps to access private data, OpenAI opted out of macOS sandboxing. This decision bypassed protections meant to secure user data from unauthorized access by third-party apps.
In May, ChatGPT was made available to subscribers on macOS. On June 25, non-subscriber accounts were opened to general access. However, the program kept all chat logs on users’ hard disks as unencrypted plain-text files until Friday, July 5.
This implied that every discussion a user on the computer made with ChatGPT was accessible to anybody with physical access to the device or through remote threats like malware or phishing.
“Sandboxing,” a privacy-preserving feature of Apple’s macOS, limits application access to data and software at the kernel level. Installed apps through Apple’s app store are “sandboxed” by default, guaranteeing that no data is ever exposed without encryption.
Although it’s unknown at this point whether any users were impacted by the apparent error, social media and pundit opinion expressed amazement in general.
For instance, user GeneralLex posted in the Verge article’s comments section that they found the following unencrypted text files in their computer’s memory. He said, “I used Activity Monitor to dump the ChatGPT executable from memory and found that horror of horrors, the chat log is in plain text, unencrypted in memory!”
This incident underscores the critical need for robust privacy protections in AI applications and third-party integrations on macOS. While steps are being taken to address the issue, questions remain about data security practices and the future implementation of safeguards to protect user privacy effectively.
Also Read: Apple Integrates ChatGPT in No-Cash Deal with OpenAI
