Hacker News new | past | comments | ask | show | jobs | submit login
ChatGPT's much-heralded Mac app was storing conversations as plain text (arstechnica.com)
34 points by pulisse 6 months ago | hide | past | favorite | 14 comments



Weird headline, I don’t think “plain text” is the issue here, it’s rather that they opted out of storing data in a location protected by macOS app sandboxing, which is a little odd from how I understand, but not terribly uncommon.

I would absolutely never expect an App to encrypt data it stores locally on my computer, would be kinda nice if they would make use of the built-in file access protections macOS has though.


This is a pointless hit piece. There is no expectation of encrypted data storage for a desktop app. Now if they were not keeping data safely on their servers, now that's another matter.


Honest question from someone who isn't an expert: why would they need to encrypt that data on my machine?

If the concern is that someone might gain access to my computer and see unencrypted things, what about all of the other things on my machine that aren't encrypted?


Probably a concern that other apps can access this data? Anyway, pretty much every app outside the App Store stores data this way so I don't know what to make of that.


On MacOS, any app that access data in an odd location will pop up asking for permission first anyway.


A popup that looks like “Some app would like permission for your Documents folder” with OK already selected in blue.


I don't see it as a concern. I've got FileVault turned on anyway, if I didn't care I wouldn't bother with that.


How uncommon is it for apps to store sensitive data in this way? It wouldn’t surprise me if this is a pretty common, albeit non-ideal, practice. For example, where does chrome store browsing history data?


I literally don't know of any app that automatically encrypts its own data aside from those that make it a selling point to do so. For the most part that's completely unnecessary and redundant, as it's handled automatically by the file system when FileVault is enabled.


Most apps store data in a sandbox so other apps can't access it.


Most of the apps I use on macOS certainly don't.


Don't rely on apps to enforce encrypted data at rest if you're dealing with local data that would lead into problems if e.g. your laptop is stolen.

This is already a solved problem with FileWarden, BitLocker, LUKS etc. and commonly enforced in corporate environments through group policies too...


And also macOS' FileVault .


ArsTechnica has been resorting to increasingly alarmist headlines to the point where many articles should be regarded as spam as they don't serve to inform nor provoke any meaningful discussion.

Their selection of reporting over the last two years has been centered around pieces that do great for flamebait comment sections across several sites, not much for reasonable discourse.

As far as the concerns raised here, my browser history is substantially more sensitive and is in the clear.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: