Hacker News new | past | comments | ask | show | jobs | submit login
ChatGPT Users Data Leaked (twitter.com/openai)
45 points by kristianpaul on March 24, 2023 | hide | past | favorite | 13 comments



And that is why I love Apple with their hidemyemail built in tool. I don’t care if my temporary email gets exposed. I also never use real name anywhere. Only thing I wish I would be able to hide same as email is the phone number.


Apple has the chops to make a ‘hidemynumber’ successful but I highly doubt they would endeavor into that. Maybe if Twilio offers a similar service I would go in but Apple’s level of integration is difficult. The same reason I use iCloud Keychain more than 1Password.


There aren't enough phone numbers to give everyone "unlimited" unique numbers.


> a bug in an open source library

A bug in some code that we took for free and didn't review.


> Let him who is without sin cast the first stone

So you're telling me that you've reviewed every line of every library you've ever used?


Engineers don't assess every molecule of the materials they construct bridges out of. Doesn't mean they're not accountable when one collapses.

Also, your saying doesn't mention anything about people who point out to others who should be stoned. I'm assuming that's okay, as well as letting people know what they did that would deserve a stoning. Just in general, not advocating anyone be stoned.


> Engineers don't assess every molecule of the materials they construct bridges out of. Doesn't mean they're not accountable when one collapses.

If it's something completely unpredictable then, no, they're not generally liable. It's called an "act of god" and you'll find that language in virtually every contract.

> Also, your saying doesn't mention anything about people who point out to others who should be stoned. I'm assuming that's okay, as well as letting people know what they did that would deserve a stoning. Just in general, not advocating anyone be stoned.

I have absolutely no idea what your point is here.


It would take a software engineer to have the ego to imply that a bug in their code was "act of god" :)

Parent wasn't lobbing stones, just pointing out that we are responsible, if not culpable, for the results of the development decisions we approve and commit. A library was used that wasn't fully reviewed, vetted, or corrected prior to use. It's like buying rivets and not inspecting them before you build a skyscraper with them - even if nothing comes of it, was no wrong done?


Airplanes most definitely have thoroughly audited and certified code used in the onboard systems.


No, but I wouldn't blame the code I used. You need to vet your own deps, especially when creating a product as big as chat GPT.


1. they took it for free because it's free software.

2. how do you know they did not review it? the problem obviously presented in an edge case, which is by definition hard to catch.

3. they helped find and fix a bug in the library, which is one of the ways of giving back to the community.


Something tells me at the pace they're moving this wo t be the first serious leak.

There was talk somewhere about a bug bounty program being a good idea. I have to agree.


I found a similar vulnerability in Django's Memcache integration – a space character in a key could cause a failure to read which could lead to an incomplete read, and subsequent reads on the same connection reading data they shouldn't. We never used it in a way that could have led to data being leaked, but that's not generally true. (Also credit to the Django project for their exceptional handling of the vulnerability reporting process)

It turns out that if you put control signals in-band in the data channel, it's extremely hard to get right, and can easily lead to issues like this if connections aren't managed very carefully. One could make a comparison to how LLMs work at the moment too, it feels like a related class of vulnerability to me.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: