Emails, documents, and other untrusted content can plant malicious memories.
  • @jayboneEnglish
    42 hours ago

    How is the application able to send data to any website? Like even if you as the legit user explicitly asked it to do that?

    • fmstratEnglish
      327 minutes ago

      Haven’t read details, but the classic way is to have a system visit: site.com/badimage.gif?data=abcd

      Note: That s is also how things like email open rates are tracked, and how marketers grab info using JavaScript to craft image URLs.

      • @jayboneEnglish
        19 minutes ago

        This is why every single email client for the past 2+ decades blocks external images? This didn’t occur to the AI geniuses?

  • @idiomaddictEnglish
    53 hours ago

    I don’t know anything about tech, so please bear with your mom’s work friend (me) being ignorant about technology for a second.

    I thought the whole issue with generative ai as it stands was that it’s equally confident in truth and nonsense, with no way to distinguish the two. Is there actually a way to get it to “remember” true things and not just make up things that seem like they could be true?

    • @General_EffortEnglish
      322 minutes ago

      The memory feature of ChatGPT is basically like a human taking notes. Of course, the AI can also use other documents as reference. This technique is called RAG. -> https://en.wikipedia.org/wiki/Retrieval-augmented_generation

      Sidenote. This isn’t the place to ask technical questions about AI. It’s like asking your friendly neighborhood evangelical about evolution.

    • fmstratEnglish
      118 minutes ago

      Sort of, but not really.

      In basic terms, if an LLM’s training data has:

      Bob is 21 years old.

      Bob is 32 years old.

      Then when it tries to predict the next word after “Bob is”, it would pick 21 or 32 assuming somehow the weights were perfectly equal between the two (weight being based on how many times it occurred in training data around other words).

      If the user has memories turned on, it’s sort of like providing additional training data. So if in previous prompts you said:

      I am Bob.

      I am 43 years old.

      The system will parse that and use it with a higher weight, sort of like custom training the model. This is not exactly how it works, because training is much more in-depth, it’s more of a layer on top of the training, but hopefully gives you an idea.

      The catch is it’s still not reliable, as the other words in your prompt may still lead the LLM to predict a word from it’s original training data. Tuning the weights is not a one-size fits all endeavor. What works for:

      How old am I?

      May not work for:

      What age is Bob?

      For instance.

    • @[email protected]English
      73 hours ago

      No, basically. They would love to be able to do that, but it’s approximately impossible for the generative systems they’re using at the moment

  • Eager EagleEnglish
    557 hours ago

    tldr

    • it affects the desktop app of chatgpt, but likely any client that features long term memory functionality.
    • does not apply to the web interface.
    • does not apply to API access.
    • the data exfiltration is visible to the user as GPT streams the tokens that form the exfiltration URL as a (fake) markdown image.