How To Manage Your Privacy When Using ChatGPT

Love it or hate it, ChatGPT has become one of the most talked about tech developments of 2023. Many of us have embraced it with open arms and have put it to work by tasking it to ‘assist’ with assignments, write copy for an ad, or even pen a love letter – yes, it’s a thing. Personally, I have a love/hate relationship with it. As someone who writes for a living, it does ‘grind my gears’ but I am a big fan of its ability to create recipes with whatever I can find in my fridge. But like any new toy, if you don’t use it correctly then there could be issues – which may include your privacy.

ChatGPT – A Quick Recap

ChatGPT is an online software program that uses a new form of artificial intelligence – generative artificial intelligence – to provide human-style responses to a broad array of requests. Think of it as Google on steroids. It can solve maths questions, translate copy, write jokes, develop a resume, write code, or even help you prepare for a job interview. If you want to know more, check out my Parent’s Guide to ChatGPT.

But for ChatGPT to answer tricky questions and be so impressive, it needs a source for its ‘high IQ’. So, it relies on knowledge databases, open data sources and feedback from users. It also uses social media to gather information and a practice known as ‘web scraping’ to gather data from a multitude of sources online. And it is this super powerful combination that allows ChatGPT to ‘almost always’ deliver on tasks.

Why Is ChatGPT A Threat To My Privacy?

Your privacy is affected in several ways by ChatGPT. Some of these ways may not concern you, but I’m quite sure some will. Here’s what you need to know:

1. ChatGPT Uses Your Data Without Your Permission

When ChatGPT absorbed the enormous amount of data it needed to function from the internet, it did so without permission. As data can be used to identify us, our friends and family or even our location, this is clearly a violation of privacy. But not only was the data taken without permission, it was also taken without compensation. Many online news groups have been, understandably, quite upset about this, particularly when ChatGPT is making a handsome profit by offering users a premium package for US$20/month. However, in recent weeks, many online news outlets have blocked OpenAI’s crawler which will limit the ChatGPT’s  ability to access their news content.

 

2. Whatever You Share With ChatGPT Goes Into Its Data Bank

Every time you share a piece of information with ChatGPT, you are adding to its data bank, risking that the information ends up somewhere in the public domain.      The Australian Medical Association (AMA) recently issued a mandate for Western Australian doctors not to use ChatGPT after doctors at a Perth hospital used it to write patient notes. These confidential patient notes could be used to not only further train ChatGPT but could also be included in responses to other users.

 

3. ChatGPT Collects A Lot Of Information About Its Users

In addition to collecting the information users share, it also collects detailed information about its users. In the company’s privacy policy, it outlines that it collects users’ IP addresses and browser types. It also collects information on the behaviour of its users e.g. the type of content that users engage with as well as the features they use. It also says that it may share users’ personal information with unspecified parties, without informing them, to meet their business operation needs.

4. Risk of a Data Breach

One of the biggest risks to using ChatGPT is the risk that your details will be leaked in a data breach. Between 100,000 ChatGPT accounts credentials were compromised and sold on the Dark Web in a large data beach which happened between June 2022 to May 2023, according to Search Engine Journal.

But here’s the big problem – as ChatGPT users can store conversations, if a hacker gains access to an account, it may mean they also gain access into propriety information, sensitive business information or even confidential personal information.

What’s ChatGPT Doing To Protect Privacy?

Now please don’t misunderstand me, ChatGPT is taking action to protect users however in my opinion these steps are not enough to truly protect your privacy.

ChatGPT does make it very clear that all conversations between a user and ChatGPT are protected by end-to-end encryption. It also outlines that strict access controls are in place so only authorised personnel can access sensitive user data. It also runs a Bug Bounty program which rewards ethical hackers for finding security vulnerabilities. However, in order to remain protected while using the app, I believe the onus is on the user to take additional steps to protect their own privacy.

So, What Can I Do To Protect My Privacy While Using ChatGPT?

As we all know, nothing is guaranteed in life however there are steps you can take to minimise the risk of your privacy being compromised while using ChatGPT. Here are my top tips:

1. Be Careful What You Share With ChatGPT

Never share personal or sensitive information in any of your chats with ChatGPT. By doing so, you increase the risk of sharing confidential data with cybercriminals. If you need a sensitive piece of writing edited, ask a friend!!

2. Consider Deleting Your Chat History

One of the most useful ways of safeguarding your privacy is to avoid saving your chat history. By default, ChatGPT stores all conversations between users and the chatbot with the aim of training OpenAI’s systems. If you do choose not to save your chat history, OpenAI will still you’re your conversations for 30 days. Despite this, it is still one of the best steps you can take to protect yourself.

3. Stay Anonymous

As mentioned above, ChatGPT can collect and process highly sensitive data and associate it with your email address and phone number. So, why not set up a dedicated email just for ChatGPT? And keep your shared personal details to a minimum. That way, the questions you ask or content you share can’t be associated with your identity. And always use a pseudonym to mask your true identity.

Commit To Staying Up To Date

Whether it’s ChatGPT or Google’s Bard, it’s imperative that you stay up to date with the company’s privacy and data retention policies, so you understand how your data is managed. Find out how long your conversations will be stored for before they are anonymised or deleted and who your details could potentially be shared with.

So, if you’re looking for a recipe for dinner, ideas for an upcoming birthday party or help with a love letter, by all means get ChatGPT working for you. However, use a dedicated email address, don’t store your conversations and NEVER share sensitive information in the chat box. But if you need help with a confidential or sensitive issue, then maybe find another alternative. Why not phone a friend – on an encrypted app, of course!!

The post ChatGPT’s Impact on Privacy and How to Protect Yourself appeared first on McAfee Blog.

Read More

The attackers may have accessed sensitive patient information, such as health insurance and medication details

Read More

The threat actor used the stolen key to breach 25 organizations, including US government agencies

Read More

The new site 404 Media has a good article on how hackers are cheaply getting personal information from credit bureaus:

This is the result of a secret weapon criminals are selling access to online that appears to tap into an especially powerful set of data: the target’s credit header. This is personal information that the credit bureaus Experian, Equifax, and TransUnion have on most adults in America via their credit cards. Through a complex web of agreements and purchases, that data trickles down from the credit bureaus to other companies who offer it to debt collectors, insurance companies, and law enforcement.

A 404 Media investigation has found that criminals have managed to tap into that data supply chain, in some cases by stealing former law enforcement officer’s identities, and are selling unfettered access to their criminal cohorts online. The tool 404 Media tested has also been used to gather information on high profile targets such as Elon Musk, Joe Rogan, and even President Joe Biden, seemingly without restriction. 404 Media verified that although not always sensitive, at least some of that data is accurate.

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Cybersecurity threats refer to malicious activities conducted over digital networks, targeting systems, devices, and data. These threats encompass a wide range of attacks, from stealing sensitive information and spreading malware to disrupting critical infrastructure.

And their impact extends beyond technical realms. They can and regularly do affect individuals, businesses, and society at large.

Individuals face risks of identity theft, financial loss, and invasion of privacy.

Businesses can suffer from data breaches, financial damages, and reputational harm. Societal consequences include compromised infrastructure, erosion of trust in digital systems, and potential disruptions to essential services.

As technology becomes increasingly integrated into our lives, understanding and addressing cyber threats is crucial for safeguarding personal, economic, and societal well-being.

The cat and mouse game will never end, and it’s important to not only be aware of where the good guys stand but what to expect while running your business and trying to stay safe.

The dynamic nature of cyber threats

The dynamic nature of cyber threats lies in their continuous evolution and adaptation. Cybercriminals are relentless in their pursuit of new vulnerabilities, techniques, and tools to breach systems and compromise data.

In response, cybersecurity experts are in a constant race to anticipate and counter emerging threats.

They develop advanced security protocols like cloud penetration testing, analyze attack patterns, and collaborate to share threat intelligence. This ongoing battle is marked by innovation on both sides.

What cybersecurity pros have at their disposal

Cybersecurity professionals employ artificial intelligence, machine learning, and behavioural analytics to predict and detect threats, while cybercriminals use sophisticated social engineering and encryption techniques to evade detection.

This tug-of-war highlights the necessity of a proactive approach to cybersecurity. As threats evolve, defenders must not only address current vulnerabilities but also anticipate future attack vectors.

The rapid pace of technological change means that cybersecurity is not a one-time investment, but an ongoing commitment to staying updated, adapting strategies, and collaborating across sectors to safeguard digital ecosystems.

The evolution of cyber threats

The cyber threats that your business is likely to face in the 2020s are much different and far more insidious than they were back in the early days of the internet.

The early days

We have gone from:

Viruses and worms: In the early days of computing, viruses and worms were the first types of cyber threats. They spread through infected files and email attachments, causing damage or disruption to systems.
Malware: As technology advanced, so did malware. This category includes various types, such as Trojans, which masquerade as legitimate software, and keyloggers, which record keystrokes to steal sensitive information.

Current threats

What businesses and individuals must contend with now is shocking and, if you haven’t been following the industry and cyber threat landscape, very frightening.

Contemporary threats include:

Phishing and social engineering: With the rise of the internet, cybercriminals shifted to tactics that exploit human psychology. Phishing attacks trick users into revealing personal information or clicking on malicious links.
Ransomware: This marked a significant turning point. Ransomware encrypts victims’ data, demanding a ransom for its release. It has become a profitable business model for cybercriminals.
Advanced Persistent Threats (APTs): APTs involve sophisticated, targeted attacks by well-funded and organized actors, often nation-states. These attacks are long-term, stealthy, and aim to steal sensitive data or intellectual property.

The threats themselves

Not only have the threats themselves changed, but the motivations have evolved along with the technology and capabilities of the criminal and other actors who are behind most major attacks.

Motivations behind cyber-attacks: Cyber-attacks are motivated by a range of factors:

Financial gain: Many attacks, including ransomware, aim to generate profits. Cybercriminals exploit vulnerabilities for monetary rewards.
Political motives: Nation-states engage in cyber espionage to gather intelligence, influence global politics, or gain a competitive advantage.
Espionage: Corporate espionage involves stealing trade secrets, intellectual property, or confidential business information.
Activism: Hacktivists target organizations or institutions to promote a political or social cause, often using cyber-attacks to disrupt operations or spread their message.

What’s more, there has been a shift to Organized Groups and Nation-States. Over time, cyber-attacks moved from isolated efforts to coordinated endeavours.

These include:

Organized cybercrime: Cybercriminals formed networks and syndicates, sharing resources, tools, and expertise. This led to the commercialization of cybercrime through the sale of hacking tools and services in underground markets.
Nation-state actors: State-sponsored cyber-attacks escalated, with governments using their resources to conduct espionage, sabotage, and information warfare. Notable examples include Stuxnet, an attack on Iran’s nuclear facilities attributed to the U.S. and Israel.
Hybrid threats: Some attacks blur the line between cybercrime and state-sponsored actions. Cybercriminals may collaborate with or be co-opted by nation-states to achieve mutual goals.

This evolution showcases the increasing sophistication of both cyber threats and the actors behind them. The digital realm has become a battleground for various motives, making it essential for cybersecurity experts to stay ahead of these dynamic threats and adapt their strategies accordingly.

The role of cybersecurity experts

Naturally, as with any criminal activity and the illicit economies built around them, a cat-and-mouse game takes shape in which criminals discover and implement new techniques that cybersecurity experts must then understand, react to, and stop.

The battle between cybercriminals and cybersecurity experts is akin to a cat-and-mouse game, where each side continually tries to outmaneuver the other.

Cybercriminals are driven by the potential rewards of their malicious activities, while cybersecurity experts are dedicated to preventing breaches and minimizing damages. This game is characterized by constant innovation and adaptation, as both sides seek to gain an upper hand.

Adaptive techniques of cybercriminals: Cybercriminals exhibit remarkable adaptability to overcome defenses:

Polymorphic malware: They use techniques that change the appearance of malware with each iteration, making it difficult for traditional signature-based antivirus solutions to detect them.
Zero-day exploits: These are vulnerabilities unknown to the vendor. Cybercriminals exploit them before patches are developed, leaving systems exposed.
Evasion tactics: Cybercriminals manipulate code to evade detection by intrusion detection systems, firewalls, and sandboxes.
Social engineering: Techniques like spear-phishing and pretexting manipulate human behavior to compromise systems.
Ransomware evolution: Ransomware-as-a-Service (RaaS) platforms allow less-skilled criminals to use sophisticated ransomware, while “double extortion” adds pressure by threatening data leakage.

How the cybersecurity industry has responded

To counter these evolving threats, cybersecurity experts employ proactive strategies.

Threat intelligence

This involves gathering and analyzing data to understand cybercriminal tactics, techniques, and procedures (TTPs). This helps in predicting and preempting attacks.

Advanced analytics

By monitoring network traffic and behaviours, experts identify anomalies and patterns that signify potential threats.

AI and machine learning

These technologies enable the identification of abnormal behaviours that may indicate an attack. They learn from historical data and adapt to new attack methods.

Behavioral analysis

Experts assess how users, applications, and systems typically behave, allowing them to identify deviations that might indicate compromise.

Red teaming and penetration testing

By simulating attacks, experts uncover vulnerabilities and weaknesses in defences before cybercriminals can exploit them.

Collaboration

Sharing threat intelligence within the cybersecurity community strengthens the collective defence against emerging threats.

Continuous training

Cybersecurity professionals constantly update their skills and knowledge to stay current with the evolving threat landscape.

Wrapping up

The cat-and-mouse game between cybercriminals and cybersecurity experts underscores the relentless nature of the cybersecurity battle. As one side develops new tactics, the other responds with innovative defence mechanisms.

This dynamic cycle highlights the need for a multi-faceted approach to cybersecurity, combining technological advancements, human expertise, and collaborative efforts to effectively protect digital ecosystems from the ever-evolving array of cyber threats.

Read More