OpenAI’s ChatGPT Mac App Stored Conversation History Outside the Sandbox theverge.com

Pedro José Pereira Vieito on Threads:

The OpenAI ChatGPT app on macOS is not sandboxed and stores all the conversations in **plain-text** in a non-protected location:

~/Library/Application\ Support/com.openai.chat/conversations-{uuid}/

So basically any other running app / process / malware can read all your ChatGPT conversations without any permission prompt.

I have not yet updated my copy of the desktop app, so I was able to see this for myself, and it clarified the “all your ChatGPT conversations” part of this post. I had only downloaded and signed into the ChatGPT app — I had not used it for any conversations yet — but my entire ChatGPT history was downloaded to this folder. Theoretically, this means any app on a user’s system had access to a copy of their conversations with ChatGPT since they began using it on any device.

Jay Peters, the Verge:

After The Verge contacted OpenAI about the issue, the company released an update that it says encrypts the chats. “We are aware of this issue and have shipped a new version of the application which encrypts these conversations,” OpenAI spokesperson Taya Christianson says in a statement to The Verge. “We’re committed to providing a helpful user experience while maintaining our high security standards as our technology evolves.”

Virtually all media coverage — including Peters’ article — has focused on the “plain text” aspect. Surely, though, the real privacy and security risk identified in the ChatGPT app — such that there is any risk — was in storing its data outside the app’s sandbox in an unprotected location. This decision made it possible for apps without any special access privileges to read its data without throwing up a permissions dialog.

There are obviously plenty of frustrations and problems with Apple’s sandboxing model in MacOS. Yet there are also many cases where sensitive data is stored in plain text. The difference is it is at least a little bit difficult for a different app to surreptitiously access those files.