I think there are serious privacy issues with this extension: No deletion, no public sharing consents! about sharegpt HOT 5 CLOSED

I completely agree with you! It's surprising that such a popular tool isn't receiving the proper attention and maintenance it deserves. ShareGPT has become the de facto tool for sharing ChatGPT conversations. It's imperative that more individuals step up as maintainers to ensure its continued success and functionality. It would be great to see this tool receive the support it needs to continue serving the community in the best way possible!

from sharegpt.

Appreciate the sentiment here – it's definitely a very highly requested feature!

FWIW it's already possible to make a conversation private as per the database schema, what we need to set up is user auth to make sure the conversation is created by the user for them to be able to toggle the privacy settings of the conversation.

Currently I'm storing the session info of the user when the conversation is saved, so if they're logged in on ShareGPT.com, the conversation should be associated with their account, but for some reason this is not working at the moment.

If anyone would like to PR, I'd really appreciate it! 🙏

from sharegpt.

That you for the answer! I hoped I was not too negative. It's just that I had this "what if?" moment, where I saw how dangerous this can get. Still, one could say that the disclaimer of ChatGPT in itself is already enough to be aware to not share sensitive data. What made me uneasy is especially the possibility to search the database. You can probably easy search for passwords or tokens and other sensitive data, just using some common names. Or for other sensitive data by searching for special topics.

I think you should start by giving the user a warning that the data is world searchable. I also would disable this search until I could get the consent of people. Having the IDs, it seems semi secure already, as they seem hard to guess. But I did not look at the code, but I am certain that if they are not yet, you can just change their shape to make them merely impossible to guess.

FWIW it's already possible to make a conversation private as per the database schema, what we need to set up is user auth to make sure the conversation is created by the user for them to be able to toggle the privacy settings of the conversation.

I guess you could already make two share buttons when creating the entry: "Share public" and "Share private" or asking one button and asking after pressing share, where you also could present an explanation about the privacy indications.

This way you can store the initial privacy setting already. Later also the creator account, which may also be needed for moderation and deletion of inappropriate data. As I see it, one could add just anything to your database which does not need to come from the plugin at all? I did not check the API that closely, though.

You could also go another way and hand out a "secret" per message, the user can take used to delete this individual conversation. I saw some services doing something like that to not force usage of an account. But people could lose that information and bug you to delete their stuff.

P.S.: About contribution to the project. Sadly, I cannot help with coding because I do not want to develop with JS in my spare time. I am a Go developer in the first place and my private projects tend to be Go related since some years now.

from sharegpt.

Update: We removed the Explore page on ShareGPT recently so all your conversations are basically private & only accessibly by direct link!

Closing this issue now! :)

from sharegpt.

@steven-tey Please re-open this topic, you haven't been responding to my messages requesting conversations to be deleted. Please respond asap. This is important.

from sharegpt.