Ask HN: Are you comfortable uploading sensitive data to ChatGPT or Gemini?

16 points by tygra ↗ HN
The idea of asking ChatGPT and sharing my financial or medical data with OpenAI, or asking Gemini and sharing it with Google, or any other cloud AI provider doesn’t sit well with me. How about you?

20 comments

[ 3.0 ms ] story [ 44.9 ms ] thread
Yes for most things, no for passwords and secret keys. Even I do not trust myself with those sometimes.
No, I didn’t want the share it before, I don’t want now just because the build a AI UI before the data grabber
No, absolutely not. I run local models to have those conversations.

Having read the myriad AWS data protection agreements I would feel comfortable running bedrock hosted models. Others may feel differently.

No, but I've done it by mistake. I wanted chatgpt to proofread a letter and uploaded it without think over the consequences. It's very possible to do it if you aren't careful. Keep that in mind.
For those who said NO, have you looked into alternative providers like PrivateGPT?
10 years ago I was reluctant to use smartphone browser, because it's obvious everything is tracked and profiled as on mobile there was no ad blocker, no possibility to edit hosts file. Now I just use mobile browser for everything without second thought. Give it 3-5 years.
I usually try to anonymize whatever is going on. Personal conversations key details removed or slightly modified, no real person or company names at all, etc

Code I only run through the zero-retention API accounts anyway.

I'm kinda meh about it.

The first thing to keep in mind is the illusion of transparency. You might internally know that something is wrong or exploitable or you've made an obvious mistake, but that's generally much less obvious to others.

The second to keep in mind is that we are currently in a crisis of attention. There's too much to think about and do nowadays, and there is a gigantic lack of motivated actors to act upon that information. You could consider it the dual of the illusion of transparency, but it's the illusion of motivation. Other people, by in large, just do not give a damn because they can't and don't have time for it.

Even a nation state if they wanted to go spy on everyone's private information would immediately find themselves with too much nonsense to sift through and not enough time to actually follow through even on surface level information. Let alone leaks that actually require some sort of sophisticated synthesis over two or three disparate pieces of info.

Lastly, it's the difficulty in exploitation. You know how projects and code and stuff seem easy until you try them, and it turns out that actually, this is taking forever, and it barely works? The whole devil in the details thing.

Well, that applies to exploits as well. It's easy until you try it, and then you have this Swiss cheese model of success where random stuff doesn't line up correctly and your workflow broke.

AI surveillance btw barely changes any of this calculus.

My sensitive data? nah

Your sensitive data? load it up bruh

If someone were to build a paid, privacy-preserving wrapper of ChatGPT, it may not see as much traction because ChatGPT is free.
I think the large user base is by nature a best protection for my data, since i am not assuming i would have any data sensitive enough for them to get
Nope, I have done it though. The UK govt is making us all upload identity documents to every website so I figured all these sites may as well have all my information.
Professionally, my company uses Microsoft 365 so uploading more data to Azure isn’t a concern.

Personally, no I don’t send confidential data that I don’t want to leak online.

Not comfortable at all, but when you have serious medical issues this is the least of your problems.

For work, I assume everything is used for corporate espionage, so it depends on the sensitivity of the data. If my employers / clients authorize a tool it becomes their problem.

Same for me. Big nope.

Investing quite a lot of time to figure out hosting LLMs locally in comparable quality without investing too much money (as smaller environments will never have a large budget for this).

Obviously you need decent hardware to run LLMs locally, but you don’t need a super high-end computer just to host qwen3:30b or gpt-oss:20b. Those models are already pretty solid for writing and coding.
I don't worry about it. The incremental loss of privacy is approximately zero, as far as I'm concerned.

I assume I have no privacy these days. I've got Amazon sponsored spies in my house, listening at all times. I've got a completely insecure computer/operating system and an internet provider known to sniff traffic to sell info.

I've got a backup of everything on Backblaze's servers.. I assume the NSA has a copy of everything I've ever done... I joke they should just offer free backup service to everyone, and save some duplication. ;)

I don't have any secrets, I can't in the modern world.

This means I don't really have to worry, I'm free to just go about life online.