captainkangaroo@discuss.tchncs.de to Technology@lemmy.worldEnglish · 12 hours agoHacker plants false memories in ChatGPT to steal user data in perpetuityarstechnica.comexternal-linkmessage-square16fedilinkarrow-up1240arrow-down14cross-posted to: hackernews
arrow-up1236arrow-down1external-linkHacker plants false memories in ChatGPT to steal user data in perpetuityarstechnica.comcaptainkangaroo@discuss.tchncs.de to Technology@lemmy.worldEnglish · 12 hours agomessage-square16fedilinkcross-posted to: hackernews
minus-squarejaybone@lemmy.worldlinkfedilinkEnglisharrow-up9·6 hours agoHow is the application able to send data to any website? Like even if you as the legit user explicitly asked it to do that?
minus-squarefmstrat@lemmy.nowsci.comlinkfedilinkEnglisharrow-up6·edit-24 hours agoHaven’t read details, but the classic way is to have a system visit: site.com/badimage.gif?data=abcd Note: That s is also how things like email open rates are tracked, and how marketers grab info using JavaScript to craft image URLs.
minus-squarejaybone@lemmy.worldlinkfedilinkEnglisharrow-up4·4 hours agoThis is why every single email client for the past 2+ decades blocks external images? This didn’t occur to the AI geniuses?
minus-squareEager Eagle@lemmy.worldlinkfedilinkEnglisharrow-up6·4 hours agoIME they usually proxy and/or prefetch images for caching instead of blocking them. Only spam content is blocked by default.
minus-squarefmstrat@lemmy.nowsci.comlinkfedilinkEnglisharrow-up3·3 hours agoThis wouldn’t help, would it? How would you prefetch and cache: site.com/base64u-to-niceware-word-array/image.gif ? It would look like a normal image URL in any article, but actually represent data. Note: “niceware” is a way to convert binary or text data into a set of words like “cow-heart-running-something-etc”.
minus-squarehedgehog@ttrpg.networklinkfedilinkEnglisharrow-up1·17 minutes agoIf it’s prefetched, it doesn’t matter that you reveal that it’s been “opened,” as that doesn’t reveal anything about the recipient’s behavior, other than that the email was processed by the email server.
How is the application able to send data to any website? Like even if you as the legit user explicitly asked it to do that?
Haven’t read details, but the classic way is to have a system visit: site.com/badimage.gif?data=abcd
Note: That s is also how things like email open rates are tracked, and how marketers grab info using JavaScript to craft image URLs.
This is why every single email client for the past 2+ decades blocks external images? This didn’t occur to the AI geniuses?
IME they usually proxy and/or prefetch images for caching instead of blocking them. Only spam content is blocked by default.
This wouldn’t help, would it? How would you prefetch and cache:
site.com/base64u-to-niceware-word-array/image.gif
? It would look like a normal image URL in any article, but actually represent data.
Note: “niceware” is a way to convert binary or text data into a set of words like “cow-heart-running-something-etc”.
If it’s prefetched, it doesn’t matter that you reveal that it’s been “opened,” as that doesn’t reveal anything about the recipient’s behavior, other than that the email was processed by the email server.