Hacker plants false memories in ChatGPT to steal user data in perpetuity - eviltoast
  • jaybone@lemmy.world
    link
    fedilink
    English
    arrow-up
    24
    ·
    2 months ago

    How is the application able to send data to any website? Like even if you as the legit user explicitly asked it to do that?

      • jaybone@lemmy.world
        link
        fedilink
        English
        arrow-up
        18
        ·
        2 months ago

        This is why every single email client for the past 2+ decades blocks external images? This didn’t occur to the AI geniuses?

        • Eager Eagle@lemmy.world
          link
          fedilink
          English
          arrow-up
          11
          ·
          2 months ago

          IME they usually proxy and/or prefetch images for caching instead of blocking them. Only spam content is blocked by default.

            • hedgehog@ttrpg.network
              link
              fedilink
              English
              arrow-up
              4
              ·
              2 months ago

              If it’s prefetched, it doesn’t matter that you reveal that it’s been “opened,” as that doesn’t reveal anything about the recipient’s behavior, other than that the email was processed by the email server.

              • Prison Mike@links.hackliberty.org
                link
                fedilink
                English
                arrow-up
                3
                ·
                2 months ago

                Personally speaking, I’ve never been a fan of this method because to the hosting web server it was still fetched. That might confirm that an email address exists or (mistakenly) confirm that the user did in fact follow the link (or load the resource).

                I have ad and tracking blocked like crazy (using DNS) so I can’t follow most links in emails anyway. External assets aren’t loaded either, but this method basically circumvents that (which I hate).

                • Eager Eagle@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  edit-2
                  2 months ago

                  an email for a receiver that doesn’t exist, more often than not, goes back to the sender after e.g. 72h. That’s by design.

              • fmstrat@lemmy.nowsci.com
                link
                fedilink
                English
                arrow-up
                2
                ·
                2 months ago

                If by prefetch you mean the server grabs the images ahead of time vs the client, this does not happen, at least on amy major modern platform that I know of. They will cache once a client has opened, but unique URLs per recipient are how they track the open rates.

              • fmstrat@lemmy.nowsci.com
                link
                fedilink
                English
                arrow-up
                1
                ·
                2 months ago

                But the path changes with every new data element. It’s never the same, so every “prefetch” is a whole new image in the system’s eyes.