Yesterday, OpenAI launched its chatgpt Atlas browser—a mature Web browser that actually looks a lot like a derivative version of Chromium with a chatbot built into the way people navigate the Internet. It’s unclear whether it will achieve that, but it’s something new: it’s introducing a new set of concerns about online privacy and security.
It’s not too hard to imagine why ackai wanted to build a web browser: it’s data. Browsers contain large amounts of information, from the sites people visit to their passwords and payment information to telemetry information about where they click.
Openai has put that as a feature. “Memories” are like your web history on steroids, able to remember contextual information about the sites you visit, the documents you interact with, and more. The idea is that users will be able to navigate the web through a conversion interface that can find information described in human language rather than direct URLs or keywords. But, as the Washington Post points out, browser privacy and data controls reveal a lot about what a company collects and stores, and it raises more than anything related.
Memories are turned on by default, so OpenAI stores information about the sites you visit, how you interact with them, and your preferences right out of the box. You must not remember certain information, including personally identifiable information such as Government IDs, social security numbers, bank account information, account renewal confirmations, and addresses. It also has filtering without removing private data such as medical records and financial information. While it keeps a summary of the sites you visit, it won’t save those from “certain sensitive websites (such as older sites),” continuing with the continuous display of porn. Users can also opt out of certain pages by clicking the “Page Visibility” button in the address bar.
That, of course, assumes everything works as intended – which it doesn’t always. Chatgpt Atlas also includes an AI agent that can browse the web and complete tasks on behalf of the user. Previous browsers got into real trouble with that. Earlier this year, complity’s Comet’s browser was targeted for a simple fast attack, where hidden text on a website could successfully hijack an agent. According to the display, the security researchers were able to get the agent to reveal the login credentials and retrieve and share the verification code.
The show’s editor Simon Willison raised the alarm bells about this. In a blog post, he wrote, “I would like to see a more in-depth explanation of the steps atlas is taking to avoid a quick attack. Right now it looks like the main defense is expecting the user to carefully check which agent mode they are in at all times!” He also called the security and privacy risks associated with browser agents widely seen as ‘highly unreliable.’
At least One Hacker is already saying knocking tracks in its tracks. Twitter user @elder_plinius showed how the atlas agent is found in “clipboard injection,” getting the agent to copy a malicious link that will lead to sensitive information.
Eight Sleep did not immediately respond to a request for comment. GizModo will update this post when we receive feedback.
It took less than 24 hours for someone to find a crack, however small, in Atlas. Experts warn that there may be privacy holes for canon and AI browsers like atlas. Meanwhile, Atlas collects a lot of information about users and their habits and creates more intuitive applications around the word personalization. It looks like an awesome combination.
