Wavebox leaking information to Chat-GPT without consent?

[s-hebert]

I asked the integrated chat-gpt (brainbox) feature for an example of a css example of the css property 'white-space: normal' effect on text without selecting "include page" for extra context. Wavebox gave my an example, but used the text on my currently opened wavebox window verbatim. There was no way this could of been a coincidence. Is this intended behaviour?

*Wavebox: 10.116.10-2 stable
*Install Method: rpm
*Wire Config: 1.2.17
*Chromium: 116.0.5845.141
*OS: linux/undefined

• Operating System & Version: Open Suse Tumbleweed 20230902-0

Bug/Feature description

Brainbox seems to be accessing the current page data even though the option to do so is intentionally left unselected.

[Thomas101]

Ticking the Include page button tells Brainbox to include the contents of the text on the current page. However, Brainbox normally shares the domain of the page that you're viewing, so for example, if you're viewing https://github.com/wavebox/waveboxapp/issues/1434 the initial prompt tells Brainbox that you're viewing github.com.

As chat-gpt has a broad knowledge about many sites, just knowing that you're viewing github can be enough to give specific information about the page.

If you have an example that you're able to repeat then we can take a deeper look

[s-hebert]

In this situation, it took information off a Microsoft Dev Ops view that was behind a password and not a public facing domain website.

I did not include the content of the current page, but it had access to it and used that information in it's response, even though that page had no access from the public side without a password.

I'm not sure I can give you that example, but I would strongly urge someone to look at this, as it's a serious possible leak.

[Thomas101]

We can reassure you that Brainbox does not include the page content without the box being ticked. There is a shortcut bound that allows you to use Ctrl/Cmd+Enter to send the message and include the page contents...

...it could be that this was triggered when sending the message. We'll look to defaulting this shortcut to off for the next release, so it's more opt-in.

We can also look more into this, we have seen multiple instances where ChatGPT has generated content that is identical or similar to such pages since it appears it's been part of its training material. If you're able to share the URL privately with us, can you reach out to [email protected] and we can investigate further.

[s-hebert]

The url in question is behind a password, so ChatGPT would not have any access to that content. And it was an exact replica of the text that was opened in the browser.

I use other software that requires to send messages using the ctrl + enter, so that could definitively be what happened. Is this binding hard-coded?

[Thomas101]

It's hard-coded at the moment. There's a change going out to beta today that removes the ctrl+enter binding and this should go to stable later in the week