waveboxapp icon indicating copy to clipboard operation
waveboxapp copied to clipboard
verified publisher icon wavebox

Wavebox leaking information to Chat-GPT without consent?

Open s-hebert opened this issue 2 years ago • 5 comments

I asked the integrated chat-gpt (brainbox) feature for an example of a css example of the css property 'white-space: normal' effect on text without selecting "include page" for extra context. Wavebox gave my an example, but used the text on my currently opened wavebox window verbatim. There was no way this could of been a coincidence. Is this intended behaviour?

*Wavebox: 10.116.10-2 stable *Install Method: rpm *Wire Config: 1.2.17 *Chromium: 116.0.5845.141 *OS: linux/undefined

  • Operating System & Version: Open Suse Tumbleweed 20230902-0

Bug/Feature description

Brainbox seems to be accessing the current page data even though the option to do so is intentionally left unselected.

s-hebert avatar Sep 06 '23 17:09 s-hebert

Ticking the Include page button tells Brainbox to include the contents of the text on the current page. However, Brainbox normally shares the domain of the page that you're viewing, so for example, if you're viewing https://github.com/wavebox/waveboxapp/issues/1434 the initial prompt tells Brainbox that you're viewing github.com.

As chat-gpt has a broad knowledge about many sites, just knowing that you're viewing github can be enough to give specific information about the page.

If you have an example that you're able to repeat then we can take a deeper look

Thomas101 avatar Sep 07 '23 07:09 Thomas101

In this situation, it took information off a Microsoft Dev Ops view that was behind a password and not a public facing domain website.

I did not include the content of the current page, but it had access to it and used that information in it's response, even though that page had no access from the public side without a password.

I'm not sure I can give you that example, but I would strongly urge someone to look at this, as it's a serious possible leak.

s-hebert avatar Sep 08 '23 12:09 s-hebert

We can reassure you that Brainbox does not include the page content without the box being ticked. There is a shortcut bound that allows you to use Ctrl/Cmd+Enter to send the message and include the page contents...

Screenshot 2023-09-08 at 14 01 00

...it could be that this was triggered when sending the message. We'll look to defaulting this shortcut to off for the next release, so it's more opt-in.

We can also look more into this, we have seen multiple instances where ChatGPT has generated content that is identical or similar to such pages since it appears it's been part of its training material. If you're able to share the URL privately with us, can you reach out to [email protected] and we can investigate further.

Thomas101 avatar Sep 08 '23 13:09 Thomas101

The url in question is behind a password, so ChatGPT would not have any access to that content. And it was an exact replica of the text that was opened in the browser.

I use other software that requires to send messages using the ctrl + enter, so that could definitively be what happened. Is this binding hard-coded?

s-hebert avatar Sep 08 '23 17:09 s-hebert

It's hard-coded at the moment. There's a change going out to beta today that removes the ctrl+enter binding and this should go to stable later in the week

Thomas101 avatar Sep 11 '23 08:09 Thomas101