ChatGPT’s Shared Links Accidentally Exposed Private Conversations
Users of OpenAI’s ChatGPT have discovered a significant privacy vulnerability where shared conversation links were being indexed by search engines like Google. This unintended exposure means that personal and sensitive information, including full names, phone numbers, and even details of illicit activities, could be found by anyone with a search engine and the right keywords.
How the Exposure Happened
The "Share" feature in ChatGPT, designed to facilitate collaboration, inadvertently made conversations public when a unique URL was generated. If the "Make this chat discoverable" option was selected, the conversation was automatically indexed by search engines. Even if a user deleted the conversation from their ChatGPT account, the shared link remained active unless explicitly removed, and search engine results could persist until re-crawled.
User Discoveries and Concerns
Many users were taken by surprise when their private chats, shared for convenience, appeared in public search results. Reddit users reported finding alarming content, ranging from detailed personal information used for resume building to deeply personal disclosures, trauma stories, and even coded messages hinting at illegal activities. One user shared an instance of finding a sex worker’s full name and personal details in a shared chat.
OpenAI’s Response and Mitigation
In response to the growing privacy concerns, OpenAI’s Chief Information Security Officer, Dane Stuckey, announced on X that the shared link feature would be removed from the ChatGPT app starting the following day. He acknowledged that the feature created unintended opportunities for content sharing and stated that OpenAI aims to remove the indexed content from search engines. Users can proactively prevent their conversations from being public by clearing or deleting shared links in the "Data Controls" section of their ChatGPT settings.
Key Takeaways
- ChatGPT’s "Share" feature inadvertently exposed private conversations through search engine indexing.
- Sensitive personal information, including names, phone numbers, and potentially illicit activity details, was found in public search results.
- OpenAI is removing the shared link feature due to privacy concerns.
- Users are advised to delete any existing shared links from their ChatGPT settings.
- Experts suggest that web crawler rules like "robots.txt" could have mitigated the issue, but OpenAI opted for feature removal.