1 What role do chatbots with artificial intelligence play?
ChatGPT, give me ten concepts for a four-year-old child’s birthday party. Gemini, what plant is that in the photo and is it poisonous? Perplexity, write a letter to the property manager explaining why the utility bill is incorrect in the following ways.
These are just three of countless scenarios in which users use services with generative artificial intelligence. Three fairly innocuous ones, but it often gets more personal: mental or physical illnessessexual preferences, fears – chatbots receive tons of the most private information. One study published in December by two researchers at the Free University of Berlin shows that at least a third of users view the bot as a friend. In a November survey by the IT association Bitkom, 45 percent said they had already asked an AI chatbot about symptoms and health topics.
2 What’s the problem with that?
For the chatbot providers, this is not a problem at all. On the contrary, they receive a large treasure trove of personal data about their users. They are not always aware that and what data they are disclosing. For example, anyone who uploads a letter they received from the authorities and asks to formulate a response not only reveals the contents of the letter but also personal data such as name and address.
This text comes from the weekday. Our weekly newspaper from the left! Every week, wochentaz is about the world as it is – and as it could be. A left-wing weekly newspaper with a voice, attitude and the special taz view of the world. New every Saturday at the kiosk and of course by subscription.
User input is not the only data source for AI companies. “The models on which the AI chatbots are based are, on the one hand, trained with data from the Internet – this also includes information that users have posted on social media platforms, for example,” says Kleanthi Sardeli, lawyer at the data protection NGO Noyb. “On the other hand, the data that users enter into AI chatbots is processed and used by the companies – and can therefore also appear in the answers for others.” In addition, most services collect metadata. For example, information about devices and browsers used, location, date and time of access, operating system and device identifier. This means providers can get a pretty accurate picture of the person who is currently using their service.
3 What about the rights of the users?
Data protection officer Sardeli classifies the data processing of AI model operators as illegal for several reasons. Companies usually rely on a “legitimate interest” to process personal data for this purpose KI-Traininginstead of asking for explicit consent from users. In addition, they did not fulfill everyone Obligations under the General Data Protection Regulation.
For example: The regulation stipulates that users can request that their personal data be deleted or, in the event of errors, corrected. “AI companies often do not fulfill these rights,” says Sardeli. This is also due to a currently unsolved technical problem: data that has once flowed into the training of an AI model cannot be retrieved again without repeating the entire training – which would be an enormous expenditure of time, computing capacity and energy.
The consequences of this problem are demonstrated by two legal proceedings that Noyb is currently supporting. In one case, a person accused ChatGPT of generating a false birthdate for their name. The second case concerns a Norwegian whose name the chatbot untruthfully generated, among other things, that he had murdered two of his children, that he had attempted to murder the third and that he had been sentenced to a maximum sentence of 21 years in prison for the crimes.
“These are by no means extreme cases,” says Sardeli. “They’re normal people like you and me.” There wasn’t even much information about the Norwegian on the Internet. The misinformation generated is something called “hallucinating.” “Something like this can happen to anyone and everyone, at any time.”
4 How does Confer want to do this differently now?
A new provider now promises privacy: Confer. Behind this is an old friend from the alternative software industry, the founder of Signal Messenger, Moxie Marlinspike. He withdrew from the board of the Signal Foundation several years ago and is now going public with Confer. “Confer is designed to allow you to develop ideas without your thoughts one day being used against you,” Marlinspike writes in one Blog post. His promise: Confer won’t read along. The data would not be sold, shared or used for AI training. To make this protection possible, users must create a special key when registering. In addition, a special hardware environment on the server should protect against unauthorized reading. The code is on the Developer platform Github available.
“That’s a big promise and it sounds good,” says Sardeli. Nevertheless, she remains cautious: Nothing is known about the AI model and the underlying training data. And only a detailed analysis can show whether the bot performs better than others when it comes to the factual accuracy of answers.
5 Are there other alternatives?
Confer isn’t the only AI chatbot promising better privacy protection. There are others that do not guarantee the high level of protection of Confer, but have significantly lower barriers to entry. One of them is Duck.ai, the AI chatbot US search engine provider DuckDuckGo.
The company promises to remove metadata that makes users identifiable, such as IP addresses, before the input is passed on to an AI model. Models from the companies Anthropic, OpenAI, Meta and Mistral are supported, among others. Duck.ai links the sources under the answers. In contrast to Confer, no account is required here.
You are reading a text from our future department. If you want more positive perspectives, Subscribe to TEAM FUTUREthe constructive newsletter on climate, knowledge, utopias. Every Thursday you will receive an email from us with strong thoughts for you and the planet.
The situation is similar with Leo AI, the AI chatbot from the browser provider Brave. Anyone who installs the browser starts Leo via the settings. Brave states that the IP addresses are not shared with the operators of the AI models and that data and questions entered into the chat are only stored locally. In addition to the use of AI models such as Metas Llama and Claude Haiku from Antrophic, Leo also offers the option of integrating your own AI model, which is particularly interesting for specialists.
6 What can users do?
“I would recommend keeping the amount of personal data you enter into such AI chatbots very low,” says Sardeli. Users would have little opportunity to act if an AI model generates false information and the provider refuses to correct it. In such cases, she recommends submitting a complaint to a data protection supervisory authority.
Harsh Varshney, the software engineer who also worked for Google, told the magazine Business Insider In December he formulated four pieces of advice that he himself took to heart: do not mention company internal information in a publicly usable chatbot; regularly delete history; read and observe the data protection conditions; and only enter into an AI chatbot what you would write on a publicly readable postcard.
One recommendation that Varshney didn’t give: consider whether you really need an AI chatbot before using it. Or whether researching using a search engine, using a calculator or exchanging ideas with other people could be just as helpful.