search

wavebox / waveboxapp

Wavebox, the revolutionary and feature-rich Chromium browser that's built for productive working across Google Workspaces, Microsoft Teams, ClickUp, Monday, Atlassian, Asana, AirTable, Slack, and every other web app you use to get work done.
https://wavebox.io
1.29k stars 135 forks source link

Wavebox leaking information to Chat-GPT without consent? #1434

Open s-hebert opened 10 months ago

s-hebert commented 10 months ago

I asked the integrated chat-gpt (brainbox) feature for an example of a css example of the css property 'white-space: normal' effect on text without selecting "include page" for extra context. Wavebox gave my an example, but used the text on my currently opened wavebox window verbatim. There was no way this could of been a coincidence. Is this intended behaviour?

Wavebox: 10.116.10-2 stable Install Method: rpm Wire Config: 1.2.17 Chromium: 116.0.5845.141 *OS: linux/undefined

Bug/Feature description

Brainbox seems to be accessing the current page data even though the option to do so is intentionally left unselected.

Thomas101 commented 10 months ago

Ticking the Include page button tells Brainbox to include the contents of the text on the current page. However, Brainbox normally shares the domain of the page that you're viewing, so for example, if you're viewing https://github.com/wavebox/waveboxapp/issues/1434 the initial prompt tells Brainbox that you're viewing github.com.

As chat-gpt has a broad knowledge about many sites, just knowing that you're viewing github can be enough to give specific information about the page.

If you have an example that you're able to repeat then we can take a deeper look

s-hebert commented 9 months ago

In this situation, it took information off a Microsoft Dev Ops view that was behind a password and not a public facing domain website.

I did not include the content of the current page, but it had access to it and used that information in it's response, even though that page had no access from the public side without a password.

I'm not sure I can give you that example, but I would strongly urge someone to look at this, as it's a serious possible leak.

Thomas101 commented 9 months ago

We can reassure you that Brainbox does not include the page content without the box being ticked. There is a shortcut bound that allows you to use Ctrl/Cmd+Enter to send the message and include the page contents...

Screenshot 2023-09-08 at 14 01 00

...it could be that this was triggered when sending the message. We'll look to defaulting this shortcut to off for the next release, so it's more opt-in.

We can also look more into this, we have seen multiple instances where ChatGPT has generated content that is identical or similar to such pages since it appears it's been part of its training material. If you're able to share the URL privately with us, can you reach out to support@wavebox.io and we can investigate further.

s-hebert commented 9 months ago

The url in question is behind a password, so ChatGPT would not have any access to that content. And it was an exact replica of the text that was opened in the browser.

I use other software that requires to send messages using the ctrl + enter, so that could definitively be what happened. Is this binding hard-coded?

Thomas101 commented 9 months ago

It's hard-coded at the moment. There's a change going out to beta today that removes the ctrl+enter binding and this should go to stable later in the week