Maybe I'm just an idiot, but how can an app claim end-to-end encryption with a privacy first mindset while also using an AI chatbot run by a third party company? What actually is being shared with OpenAI?
Hi, cofounder here. We're very transparent in the UI about the fact that messages that mention @AI are not covered by e2ee. See https://imgur.com/a/5kPEdQP
Only messages that actually mention @AI are sent in plaintext to us, and then to OpenAI's API. All content shared between people without invoking the AI is fully end-to-end encrypted.
That is good to know and thanks for the clarification. With this operating at the message level and not the thread or group level, is context still preserved to actually have a conversation with GPT?
Yes. Each time you mention @AI in a thread, all prior mentions of @AI in the same thread, as well as its prior responses (up to the token limit for GPT-3.5) are resubmitted to the OpenAI API, so that it can continue the conversation including prior context.
The app has an “@AI” user which needs to be mentioned for the data to be shared. Chef’s kiss emoji from me in terms of transparency. Also, if you DM @AI it calls out that the message will be shared with OpenAI and Wavelength.
Good on the transparency for sure, but then again a messaging app where the headlining, differenciating factor is something that encourages dropping privacy protections from within the chat feels conceptually awkward to me.
Imagine a group chat on Signal, but in the middle of the chat dangles a big carrot enticing other group members to forward the discussion to OpenAI conveniently.
Sure, there's various other ways someone you talk to could do this silently. But ignorance is bliss vs. an inline feature to flaunt it.
