The OpenAI ChatGPT app on macOS is not sandboxed and stores all the conversations in **plain-text** in a non-protected location:
~/Library/Application\ Support/com.openai.chat/conversations-{uuid}/
So basically any other running app / process / malware can read all your ChatGPT conversations without any permission prompt:
@pvieito well, your email files are probably stored the same way... no need to say that chat gtp conversations are not important, unless the user is an complete idiot and mention sensitive info.
@specktator_ No, Apple has blocked access to any private data (including Mail data) since macOS Mojave 10.14 (6 years ago!).
Any app accessing private user data (Calendar, Contacts, Mail, Photos, any third-party app sandbox, etc.) now requires explicit user access.
OpenAI chose to opt-out of the sandbox and store the conversations in plain text in a non-protected location, disabling all of these built-in defenses.
@riotnrrd@mastodon.social@pvieito @specktator_ My sneaking suspicion is that they opted out of the sandbox to avoid people sharing screenshots of permissions dialogues saying things like “ChatGPT is requesting access to your documents”. Stupid and short-sighted — but what else is new?
@riotnrrd @specktator_ Those permissions prompts are presented for any process (including non-sandboxed apps).
@pvieito @specktator_ Yes, sorry, of course you and I know this. My implication was that someone within OpenAI wanted to avoid having those dialogues presented to their users, and sandbox avoidance was the method they landed on.
@riotnrrd @pvieito @specktator_ When you access files in your own sandbox (like the history would be in this case) no pop-up is shown. So that’s not the reason they opted out.
@melgu @riotnrrd @specktator_ Yep, AFAIK, there is no sensible reason why they opted out. ChatGPT does not require (nor request) Accessibility access nor does it execute third-party code (like an IDE would do), and these are the main 2 reasons to disable the app sandbox.
In fact, the app shares a huge part of the code with the iOS app, so for sure it can work perfectly in the app sandbox.
@melgu @pvieito @specktator_ I was assuming that at some point somebody would try to drag & drop something from the desktop or Documents or whatever and trigger the permission dialogue — “please summarise SUPER-SECRET-PLANS.PDF”, shortly followed by “oh noes teh evil robot haz all my planzzz”.
@riotnrrd @specktator_ @pvieito Is drag and drop not exempted, since only the specific file is shared?
@melgu @riotnrrd @specktator_ Yes, there is no difference between sandboxed & and non-sandboxed apps in that regard. Any user explicit action (drag-and-drop, open-dialog etc.) will automatically grant access to the files.