Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I tried making it my default browser because of (4)

You miss the most questionable bit which is asking for keychain access. I said no to that one.



A browser using your keychain seems like the least questionable bit, if anything.


Right, but most browsers aren't owned by money-losing startups desperate for any bit of training data they can get their hands on as scaling taps out.

I really doubt OpenAI consciously wants my passwords, but I could absolutely see a poorly-coded (or vibe-coded, lol) OpenAI process somehow getting my keychain into their training set anyway, and then somebody being able to ask Chat-GPT 6, "hey, what's Analemma_'s gmail password?" and it happily supplying it. The dismal state of LLM scraper behavior and its support (or lack thereof) of adherence to best practices lends credibility to this.


Weird, I didn't get that question. It asked for full disk access so it could import my Safari settings, but that was optional.


When I was testing out Agent mode I had to give it login details in clear text (throw away account). Keychain access is very sensible.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: