← Back to context

Comment by NotPractical

2 days ago

Nearly anything that isn't end-to-end encrypted is fair game, assuming there is probable cause. Access to your physical location history (even if you weren't suspected of a crime) wasn't off limits until 2024 [1]. (It still isn't off limits if you are suspected of a crime, but is no longer collected at the scale of "most Android users" [2].)

[1] https://www.eff.org/deeplinks/2024/08/federal-appeals-court-...

[2] https://techcrunch.com/2023/12/16/google-geofence-warrants-l...

End-to-end encrypted data is also fair game -- the only difference is that there are simply fewer parties that have the data to give.

Chats with chatgpt are end to end encrypted (it's https), but one of the ends is OpenAI.

  • While I understand (and agree with) the general sentiment of what you're saying, you are not correct in saying that this is end-to-end encryption, and HTTPS itself does not guarantee that end-to-end encryption is in use.

    In this case, there's an explicit middle point - chatgpt.com resolves to a CloudFlare server, so CloudFlare is actually one of the ends here. It likely acts as a reverse proxy, meaning that it will forward your requests to a different, OpenAI-owned server. This might be over a new HTTPS connection, or it might be over an unencrypted HTTP connection.

    It really is super important to emphasize this point. End-to-end encryption is not simply that your data is encrypted between you and the ultimate endpoint. It's that it can't be decrypted along the way - and decrypting your HTTPS requests is something that CloudFlare needs to do in order to work.

    (To be clear, I'm not accusing CloudFlare of anything shady here. I'm just saying that people have forgotten what end-to-end encryption really means.)

    • Great points, of course if you use full strict or flexible SSL you could be ok (safe) from Cloudflare, but no way that is the case here

      1 reply →

  • Yep. This is why the estimates of compute needed for AI (if it turns out to be useful) are many orders of magnitude too low — the technology isn’t mature until it actually succeeds at tasks, with fully homomorphic encryption from my prompt through the response.

    • FHE is far too computationally heavy. Won’t be used on ChatGPT for a very long time if ever