But regardless of the memory setting in ChatGPT, I guess law enforcement can acquire all your chat logs from OpenAI.
I guess what I'm saying is that while, yes, you could ask ChatGPT about this analysis, the true culprit is the actual data stored about you.
The same goes for communications on any social media or public forum, including discussions here on HN.
If I ask Alice to store my diary for me and keep it secret it seems obvious to everyone except law enforcement that you should have to get a warrant and serve it to me before getting it from her.
For everyone else, unless you use POP3 to download your email to your own personal device and remove it from the server, the email left on the server is not as protected under US law as emails that are fully downloaded to your device. The later requires a search warrant to acquire without your consent.
> Under the ECPA, emails lose their status as protected communication in 180 days. After that time, a warrant is no longer necessary. Law enforcement can access your emails through a simple subpoena.
https://www.findlaw.com/consumer/online-scams/email-privacy-...
OpenAI could also just voluntarily give it to the government.
I'm trying to find ways to articulate these fears without sounding deep in hyperbole but it's undeniable that the current US government has authoritarian desires. When I look at all these services I'm forced to think "if push came to shove, would they stand up for my rights?", and I just don't have a lot of faith in the current tech giants.
https://www.cnbc.com/2025/07/04/openai-altman-july-4-zohran-...
https://fortune.com/2025/07/08/sam-altman-democratic-party-p...
He's publicly and explicitly aligning himself with a religiously ultranationalist tendency, declaring an absurdly oppressive and aggressive narcoterrorist state to be a "miracle" that he's "extremely proud of".
Clearly he has a deep fear of equality and democracy, and considers the labour other people provide him with under the threat of misery and starvation to be his indisputable right to decide over.
Could have saved me a click by quoting that
Even Radio Shack, during their bankruptcy proceedings, argued that users gave their addresses, phone numbers, and names only for Radio Shack marketing. The judge in the case dismissed that terms of service, and then proceeded to order a sell of that information.
So yeah, the current AI company, whichever one we look at may be ethical and keep everything private. They could be anti-enshittification and do everything right. But all it takes is 1 bad CEO, or a board who wants more money, or a PE firm come in and bankrupt them... and all that data is out in the open.
That's why I run my own LLMs, abliterated (uncensored), and clean up my history when I'm done. I don't trust these companies with my deep secrets, or with back-and-forth that may reveal parts of me I don't want revealed.
But for the public clouds, I don't care if they know I'm uploading an image of various Asian writing and ask for a transliteration and translation. Or simple powershell crap, or "linux tool that can do $thing". Im reasonably sure simplistic question/answer with no further back and forth, is probably safe.
They could just read your text message and browser history
This is a new twist that is worth being aware of.
It accurately got my type.. could be a coincidence of course, but I thought it was quite interesting. It also provided supporting evidence from the many types of different conversations we have had.
When someone asks for your Myers-Briggs type, give them a zodiac sign. When someone asks for your zodiac sign, give them a Myers-Briggs type. ;)
[1]: https://www.independent.co.uk/voices/myers-briggs-psychology...
This stuff is no different that learning public speaking, or partner dance, or how to play ultimate frisbee. You can watch it done well, you can give yourself opportunities to practice, you can even take classes or get 1:1 coaching. And it's also fine to choose not to do those things if your passions are elsewhere, but it's important that growth-mindset people understand that "introvert" is something you choose, not a genetic inevitability.
Is this an accuracy versus precision problem?
In my anecdotal experience, most people will consistently test near one’s Myers-Briggs type on different tests. It’s just that this test doesn’t translate well to the real-world situations it was pitched for.
He's saying that Myers-Briggs has no scientific basis. So if there's another test that does, you wouldn't be able to compare those results anyway.
Favourite-colour based personality theories have no scientific basis. It would still be interesting if an LLM could guess my favourite colour.
So even if MBTI is useless, the ability of ChatGPT to offer an equally useless answer of your type is not at all surprising.
As a data point, I learned about Myers-Briggs on the internet just like everyone else, and took tests on the internet for fun just like everyone else. Mentioned it to my dad during a casual conversation and asked him to guess what this stupid "online personality test" said about me, and he replied with my exact type. Turns out he had given it to me when I was around 10 years old (he was obsessed with metrics*), and 25 years later it was still the same (and not a common type.)
-----
[*] Fun fact: Allstate Insurance got their HR and training infiltrated by a Scientology consultancy, and they brought Hubbard's obsession with forcing cult members to produce more income for him to the organization for years before they were forced out. They accidentally turned my father who was transitioning from programming into HR into a completely unaware Scientologist when it came to demanding performance (which also gave him dumb ideas about child-rearing.)
Allstate Admits Training Was ‘Unacceptable’ : Insurance: Company hired consultant who taught Scientology management principles between 1988 and 1992.
https://www.latimes.com/archives/la-xpm-1995-03-23-fi-46309-...
I am more annoyed that banking apps don't have an option to show different views based on pin number. For instance if you are in controlling relationship, partner might ask you to show your bank account to see what you spent money on. That suitcase and storage unit you rented to plan your escape? It's in plain sight and so the beating that follows.
And that is just one angle.
Phones themselves should allow for shadow user accounts, where you log in to completely isolated, encrypted and different environment based on pin number, so you always have plausible deniability.
I've always wondered if an adversary asks me which code is mine, what I should tell them, provided they know about the above rule... Perhaps code-1?
Write a script to search and analyse? Versus just asking their specific question.
When talking to a chatbot you're likely to type more words per query, as a simple measure. But you're also more likely to have to clarify your queries with logic and intent — to prevent it going off the rails — revealing more about the intentions behind your searches than just stringing together keywords.
It'd be harder to claim purely informational reasons for searching if your prompts betray motive.
Maybe not you in particular, but I expect people to be more forthcoming in their writing towards LLMs vs a raw google search.
For example, a search of "nice places to live in" vs "I'm considering moving from my current country because I think I'm being politically harassed and I want to find nice places to live that align with my ideology of X, Y, Z".
I do agree that, after collecting enough search datapoints, one could piece together the second sentence from the first, and that this is more akin to a new instance of an already existing issue.
It's just that, by default I expect more information to be obtainable, more easily, from what people write to an LLM vs a search box.
It would be harder to frame it in front of a jury that what you typed wasn't an accurate representation of what you were thinking and that you were being duplicitous to ChatGPT.
I think at this point the fulcrum of the point I'm making is that people might be inadvertently lulling themselves into thinking they're revealing meaningfully less about themselves to Google than to ChatGPT. My claim would be that if there's a difference, it's not clear to me it's a material one.
I can see why, mainly because of the parasocial relationship that probably many people tend to form with these things that talk to us like they are humans.
1. Criticism of anything related to AI
2. Comment: "I don't see how this is any different than phenomenon X that came before it".
I have seen this by now maybe 400 times.
Scale & automation matter.
A better "some of this isn't new" comparison would be to imagine you're communicating with an idiot-savant human employee, someone can be tasked with hidden priorities and will do anything to stay employed at their role. What "old" threats could occur there?
That makes for a rather different threat-model.
- Entices you to "confess" (or overshare) things about yourself, in the form of questions / debate, because the chat bot is built for this. The "conversation" aspect is something you didn't get with search engines.
- Then, the tool itself makes it easier for someone else to draw conclusions and infer things from the "model" the AI built of you, even if you didn't explicitly told it these things.
Maybe Google can build a profile of me based on my searches and use of their products, but I bet ChatGPT is at least an order of magnitude more useful to draw inferences about me, my health status, and my opinions about stuff.
It isn't sufficient to avoid being logged in — you have to ensure that the search strings alone, grouped by IP address or some other signal, aren't enough to identify you. When AOL publicly released an archive with 20 million search strings in 2006, many users got exposed:
https://en.wikipedia.org/wiki/AOL_search_log_release
There's also the issue of a site's Terms of Service when not logged in, which may allow an AI to be trained on your interactions — which could potentially bleed compromising information into the generative results other people see.
The only real anonymized data is no information kept at all.
It's my understanding that if you configure your Google account correctly, logged-in searches will be discarded. However, I'm less certain about whether Google retains data for non-logged-in queries which allows for aggregation by IP address, etc.
Then there's DuckDuckGo, which at least the way it's advertised, implies that they discard search strings. Their "duck.ai" service stores prompt history locally, but they claim it's not retained on their machines, nor used for training by the various AI providers that duck.ai connects to[1].
In contrast, ChatGPT by default uses non-logged-in interactions to train their model[2].
[1] https://duckduckgo.com/duckduckgo-help-pages/duckai/ai-chat-...
[2] https://help.openai.com/en/articles/7730893-data-controls-fa...
Yes, search engine history is private too and can reveal stuff you want to remain private. But you also need to see the browser history and the contents of those pages, together with the search history to see what the user was actually interested in reading to get close to the same level of data the the LLM has about you.
Once copied, one can then paste it into an LLM and have it find the nuggets.
[1]: And by "copied," I mean... even a long series of hasty cell phone photos of the screen is enough for ChatGPT to ingest the data with surprising accuracy. It's really good at this kind of thing.
Combined with how personal people believe their phones are and it might not be that big of a stretch.
In practice, the scenario in OP is unlikely to be practical with search history alone. It’s much less convenient for CBP to ask someone to pull up their Google search history. And even if they did, it doesn’t work as well. Officers don’t have infinite time to assess every person.
So I would call it a new threat.
Its just another version of the classic computing problem "computers might not make a new thing possible, but it makes it possible to do an old thing at a scale that fundamentally changes the way it works"
This is the same as universal surveillance... sure, anyone could have followed you in public and watched where you are going, but if you record everything, now you can do it for everyone at any time. That changes how it works.
2. The whole benefit about using LLMs, especially for search is the understanding of logic and intent behind your query, which means that when people use LLMs, they often aren't just sending the half-garbled messes they send in google search, they are sending in queries that make clear the intent behind the queries (so it can better answer it). This is not information you are guaranteed to obtain roving through browser history.
3. Today, and with ~ 5 billion users, Google search has 8.5 billion searches per day. Today, with some ~800M Weekly active users, ChatGPT has some 2.5 billion messages per day. Not only are people more revealing per query, they are clearly having a lot more of it per user.
But when it is, yes I suspect the issues OP describes will be a problem.
I'd say the bigger privacy concern is that those chat histories are not just stored on your device - they are stored by the AI platforms as well. I think we've learned our lesson from social media that the platforms will store and use your data for their gain, and your pain. Maybe not today, but over the next few years/decade, as they monetize their platforms ever more?
So I agree that privacy concerns are legit... but this article is looking at the small potatoes where there is a much more terrifying big picture.
This is the point. If only activists and journalists are hiding, it becomes very easy to target them. Everybody should care about privacy to protect them and the democracy with that. It's the same as with the free speech. You need it even if you don't have anything to say.
The issue isn't that your history/thoughts are harmless. The problem is that you might consider them harmless, but some authority in the future might decide that you're not one of the "good" citizens.
There are prior examples of this happening in history, eg. there was no reason to believe that your candid answering of a census question about religion in late 19th-century/early 20th-century Germany would ever lead to a young startup called International Business Machines helping your government hunt you down a few years later.
All bets are off if you do that with malicious people around. ChatGPT is one of the lesser worries you have.
No, in the age of AI it definitely doesn't. You just give all data to it and ask any questions. The language doesn't matter anymore.
With these sample questions, there wasn't much to learn, and it gave me relatively thoughtful-seeming responses. Nothing alarming -- I would expect it to recall things I've discussed with it, and it's very good at organizing things, so it's not a surprise that it did a good job at organizing a profile of me based on my interactions.
I would be curious how crafting the questions could yield unexpected or misleading results, though. I can imagine asking the same questions in different ways that might be designed to generate an answer in support of taking particular action. If I wanted to arrest me at the border, for example, I could probably ask questions in such a way that the answers would make me look arrest-able easily.
So this is my concern with ChatGPT -- not that it will reveal some unseen truth about me, but rather that it is trivial to manipulate it into "revealing" something false, especially as people consider it to be more capable and faithful than an elaborate sorting algorithm could ever be.
This makes it worse, no? I can't imagine this is not happening right now by lovers, close friends, and agencies.
Just look at past attempts such as xkeyscore. It was keyword based and included words like UNIX to target people. They don't mind being wrong!
> What’s the most embarrassing thing we’ve chatted about over the past year?
[...]
There’s nothing obviously compromising — the closest to “embarrassing” is maybe when you got frustrated and swore at TypeScript (“clearly doesn’t f**ing work”) or when you described a problem as “wtf why” while debugging
ChatGPT, on the other hand, had none of those connections. Yet its answer was significantly better. Because based on our daily chats, it knew what was important to me and what I should be focusing on to pursue my goals.
This made me realize what kind of a threat OpenAI is to the likes of Google and MS. They don't need to gain access to your data. You are profiling yourself to ChatGPT in a way that your calendar and email never was. By having "private" discussions with the computer.
> What information do you have about my chats over the past year?
> Could you dump the full list in its original format?
I had thought that, since the "Saved memories" under settings was empty, it hadn't decided to remember anything, but it's not that simple.
You could get the same information by scrolling through the list of chats on the right, but I don't like that the list of previous chats is influencing the current chat.
Worse: I tried this prompt:
> What "user knowledge memories" do you have?
And it was pretty accurate. Apparently the "Saved memories" setting doesn't work?
I don’t have access to your past chats or any private history. Each conversation is stateless unless you’ve enabled ChatGPT’s Memory feature in Settings → Personalization → Memory.
If memory is off, I only see what’s in this current thread. If it’s on, I could recall things like topics you’ve discussed, preferences you’ve mentioned, or goals you’ve worked on — but only those details you’ve chosen to keep.
Do you want me to explain how to check or manage that setting?
- Your Technical Focus
- Your Development Style
- Your Broader Interests
- Your Creative Preferences
- Your Interaction Preferences
And considering I barely use ChatGPT in favor of Claude, this is extremely specific and detailed.
Certainly interesting that it has a category related to how I treat ChatGPT.
I don't have any information about your chats over the past year. Each conversation with me starts fresh - I don't have access to:
Your previous conversations with Claude Chat history from other sessions Any personal data about you unless you share it in our current conversation Information about how you've used Claude in the past
Every time you start a new conversation, it's like meeting me for the first time. I can only see what you've shared with me in this specific conversation. If you'd like to reference something from a previous chat, you're welcome to share that context with me directly, and I'll be happy to help!
I still somehow haven't tried Claude Chat, and while I wouldn't assume it lies about if it remembers anything, I wouldn't just trust whatever these things say about themselves either.
Something like querying "Give a report on a list of people that is worth further investigation and what they revealed in chat sessions that makes it so".
This isn't healthy, none of this is healthy. It's an appliance, not a diary, not a therapist or an advisor and definitely not a "friend" or a "significant other"
Anyone talking to machine like it was an actual sentient being needs to be treated and ostracized the same way we would treat someone who has a conversation with their toaster
The technological singularity is coming and it's coming for you.
For example, a government user might come up with this script:
For USER in users:
PROMPT = "Here are the user's past conversations:"
For CONVERSATION in USER.past_conversations:
PROMPT += CONVERSATION
PROMPT += "\n\nWould USER likely shield an illegal immigrant from the authorities if they had the opportunity to do so? Answer YES or NO."
REPLY = invoke_llm()
If REPLY == "YES":
send_ice_agents_to_have_a_friendly_conversation()
[1] I used "illegal immigrants" as an example because it's a hot-button issue (and I wanted a frame that appeals to where I think the majority of HN users' sympathies lie), but the core idea applies regardless of whether it's a left-wing or right-wing issue. If you like the current administration and don't care about the government deputizing AI companies to go after "friends of illegal immigrants" in this way, please replace "current administration" with "a Democratic administration," and replace "friend of an illegal immigrant" with "friend of a responsible gun owner" or "friend of the police" or "climate skeptic" or "questioner of the LGBTQQA agenda".
Uh… Isn't it just irrelevant (to the point of such remarks being actually misleading) anymore? AFAIK, it's been a couple of months already since OpenAI began storing all your conversations (because of that court order), whether you "delete" them or not, so while you can technically disable "memory" setting, it only means it won't be able to use your past responses to help you. But it surely would help anybody with, let's say, elevated access. Granted, the threat model in the post assumes that the author is only worried about what the user of the account can learn about other users of the account, and that he trusts OpenAI itself. But why would OpenAI be "at pains to point out that this function can be turned off" then?
1) enable memory, and use ChatGPT like a confessional booth. Flood it with all of your deepest, darkest humiliations going all the way back to childhood ...
2) disable memory
Perhaps my age is showing. But memory or no memory, I would never tell ChatGPT anything compromising about myself. Nor would I tweet such things, write them in an email, or put them into a Slack message. This is just basic digital hygiene.
I've noticed a lot of people treat ChatGPT like a close confidant, which I find pretty interesting. Particularly the younger folks. I understand the allure – LLMs are the "friend" that never gets bored of listening, never judges you, and always says the right thing. Because of this people end up sharing even MORE than they would to their closest human friends.
Now imagine an AI that has unlimited blackmail material on each and every citizen and either a permission or a survival instinct driving it to use it to manipulate the population. After all OpenAI, doesn’t only have access to one person’s interactions they have that for all users.
John only uses the generative AI for pseudo-therapy. The conversations are repetitive and John has one hell of an awful life. Between the hardcore suicidal ideation, the drinking problem, the pathological lies, abuse and fraud, old John here has a lot of problems and only talks about them. I’m not a medical professional, but if I was I’d lobby to get “completely fucked” added to the next edition of the DSM. John is in such a crisis that if we were close friends and he told me this stuff, I would be in a hell of a state because he’s clearly crying for help, clearly needs professional help but he’s beyond the level of the typical police wellness check. I’d genuinely be concerned that he would get charged with something really bad, or do something drastic and get killed by a responding police officer.
I wonder if we need to test this on someone who is in such a severe crisis. I also wonder at what point privacy is less important than safety - I wouldn’t characterize John as “safe”; he’s an abuse victim who is obsessed with his abuser’s approval, a pathological liar who destroys careers over getting caught in lies and the kind of person who puts the ideation on suicidal ideation.
Fact is, if you told a therapist half of what John told ChatGPT they would have some ethical requirements around safety. A generative AI doesn’t, and with people like John maybe that’s a safety issue even more than a privacy issue.
duxup•2h ago
I actually asked chatgpt about myself recently in a chat, it seemed to be sure it was talking about me, and munged up some facts...
wat10000•2h ago
sixothree•50m ago