Sensitive information leakage

Question

Sensitive information leakage

Closed this issue 5 months ago · 5 comments

I am slightly concerned by the idea of giving this thing my network transaction logs, as that effectively means sending all of my auth tokens, login credentials etc to openai

What measures if any are there in place to prevent this, and is there an option to use local LLMs instead to sidestep the issue?

Answer 1 · 2024-11-06T22:47:34.000Z

We are going to add the option to support local LLMs soon

Answer 2 · 2024-11-06T22:50:41.000Z

This doesn't really answer my question though, I feel as though there should at least be a warning for users who don't know any better that sensitive information could be leaked

Answer 3 · 2024-11-06T22:54:25.000Z

Good point. Ill add a warning in the README

Answer 4 · 2024-11-06T22:57:52.000Z

We are working on a masking solution to hide the auth tokens but this is still not foolproof as its really hard to hardcode some logic to reliably identify sensitive "Dynamic parts"

Answer 5 · 2024-11-08T14:13:21.000Z

We are working on a masking solution to hide the auth tokens but this is still not foolproof as its really hard to hardcode some logic to reliably identify sensitive "Dynamic parts"

I believe chrome's export as HAR by default censors sensitive information, I'm not sure if it's totally bullet proof but from my testing it seems to remove tokens and login credentials