This silly statement from #openai about #security drives me crazy. People talk about this all the time as if it means something.
‘files in ChatGPT as a whole are "encrypted by default at rest and in transit"’
What attack does that encryption at rest defeat? What hacker says “darn it! I would have gotten the data if it hadn’t been for that pesky encryption at rest?”
Think it over. Go ahead. I’ll wait.
Physical theft of hard drives/storage. That’s it. Encryption at rest at OpenAI, or any cloud, defeats the same singular attack that it defeats when you encrypt the hard drive on your laptop: if someone physically steals the device, they don’t get the data.
They can sell your data. They can store it (encrypted at rest) on a web site that has a vulnerability or incorrect security, and bad people can …
This silly statement from #openai about #security drives me crazy. People talk about this all the time as if it means something.
‘files in ChatGPT as a whole are "encrypted by default at rest and in transit"’
What attack does that encryption at rest defeat? What hacker says “darn it! I would have gotten the data if it hadn’t been for that pesky encryption at rest?”
Think it over. Go ahead. I’ll wait.
Physical theft of hard drives/storage. That’s it. Encryption at rest at OpenAI, or any cloud, defeats the same singular attack that it defeats when you encrypt the hard drive on your laptop: if someone physically steals the device, they don’t get the data.
They can sell your data. They can store it (encrypted at rest) on a web site that has a vulnerability or incorrect security, and bad people can download the unencrypted data. They can share it with “partners” who misuse it. Encrypting at rest is NOT an important protection. Literally every other protection is more important.
https://www.darkreading.com/remote-workforce/chatgpt-health-security-safety-concerns
