{"id":31192,"date":"2026-01-26T12:00:02","date_gmt":"2026-01-26T15:00:02","guid":{"rendered":"https:\/\/www.tedic.org\/?p=31192"},"modified":"2026-02-09T09:50:17","modified_gmt":"2026-02-09T12:50:17","slug":"security-privacy-and-chatbots-2","status":"publish","type":"post","link":"https:\/\/www.tedic.org\/en\/security-privacy-and-chatbots-2\/","title":{"rendered":"Security, Privacy, and Chatbots"},"content":{"rendered":"\n

If you\u2019re interested in security and privacy, and you\u2019re also explicitly using \u201cartificial intelligence\u201d (AI) chatbots, we want to raise some concerns we have regarding their use.<\/p>\n\n\n\n

As new technologies, and considering that they are produced from a capitalist center, we know that the only thing that matters to the large corporations developing them is maximizing their profits: if that implies taking care of users\u2019 privacy and security, they will do so. But if the competition is about who can launch a new version of a new technology with more functionality faster, we can run into problems. And that is precisely the situation we are in.<\/p>\n\n\n\n

We are not going to cover the fact that search engines like Google <\/span>1<\/sup><\/a><\/span> or messaging apps like WhatsApp are explicitly incorporating this for users. Nor do we include the fact that now everything \u201cis\u201d or has AI: scripts, household appliances, prosthetics, websites\u2014everything comes with AI. Here we are going to focus on the case when you explicitly open a chatbot to obtain results: whether for work, health, emotional matters, or for fun.<\/p>\n\n\n\n

From everyday use to systematic surveillance<\/h3>\n\n\n\n

The use of these technologies is widespread and has deeply penetrated connected society (let\u2019s not forget the digital divides), so much so that it has displaced search engines as a way to stay informed, solve problems, and deepen knowledge. Some statistics indicate that in 2023, 35% of people had already stopped using search engines, with constant growth, and that 70% of people surveyed by Consumer Reports<\/em> stated that they had used this type of technology in some way in the last three months <\/span>2<\/sup><\/a><\/span>. In practice, this means that millions of people regularly use chatbots to which they entrust personal, work-related, emotional, and political queries, handing over large amounts of information without there yet being a clear and shared understanding of how these data are protected, stored, analyzed, or reused.<\/p>\n\n\n\n

So it is interesting to see that everything you write and every file you upload will be stored, analyzed, and used by these platforms to improve their businesses: whether to \u201cretrain the models,\u201d to \u201cprofile you\u201d in order to sell you advertising, or to sell you the very thing you were just talking about with your friends. Even to know your political leanings and offer you the discourse you want to hear, thus manipulating political elections <\/span>3<\/sup><\/a><\/span>.<\/p>\n\n\n\n

Supposedly not all companies do this in the same way; some seem to find it beneficial to present themselves as concerned about their users\u2019 privacy, such as when Apple boasted about not collecting as much metadata as Facebook <\/span>4<\/sup><\/a><\/span>. Amanda Caswell has analyzed the privacy of several chatbots in her article \u201cPrivacy comparison of ChatGPT, Gemini, Perplexity, and Claude,\u201d which we recommend reading.<\/p>\n\n\n\n

We also know that large corporations use this Big Data <\/span>5<\/sup><\/a><\/span> in collaboration with states to carry out \u201cmass surveillance\u201d of the entire population\u2014something Shoshana Zuboff has called \u201csurveillance capitalism\u201d <\/span>7<\/sup><\/a><\/span>.<\/p>\n\n\n\n

Your data, chatbots, and their risks<\/h3>\n\n\n\n

On the other hand, it\u2019s not that we want to promote the use of this highly controversial technology that has been released upon humanity without any kind of control, but we know that to a greater or lesser extent, \u201call\u201d of us end up explicitly using them in some way (not counting all the ways we use them without knowing it, of course). We also know that they produce very good results, for example by analyzing medical outcomes to find problems when there are millions of options to check. We neither oppose all uses, nor do we promote total use as some people seem to be doing.<\/p>\n\n\n\n

All of this has to do with people\u2019s privacy, but there are also elements that involve security problems <\/span>8<\/sup><\/a><\/span>. For example:<\/p>\n\n\n\n

What happens when these platforms are breached and someone extracts that \u201cBig Data\u201d about you? <\/span>9<\/sup><\/a><\/span><\/p>\n\n\n\n

What happens if someone downloads all their \u201cprompts\u201d and all your files from one of these companies? That attacker might obtain your personal information, your address, your health or emotional status, images of your children, work documents, etc., etc.<\/p>\n\n\n\n

If you want to check this and you use one of these bots with your account\u2014say, ChatGPT\u2014you can go to your profile (bottom left), choose \u201cSettings,\u201d then \u201cData Controls\u201d > \u201cExport.\u201d The platform will prepare and send you a compressed file with all your conversations and all the files you uploaded. If you make medium or advanced use of it, you\u2019ll be surprised by the amount of information they have about you\u2014and that is only from the interface between the bot and you; it does not mean that it\u2019s all they have about you.<\/p>\n\n\n\n

Usage strategies, privacy by design, and anonymization<\/h3>\n\n\n\n

So if you still plan to use them, we recommend adding a section to your personal threat model, or to your organization\u2019s digital protection strategy. How? We can\u2019t answer that directly: it will depend on the type of use and the depth at which you are using these technologies, the type and size of your organization, and other factors.<\/p>\n\n\n\n

Along these lines, we can recommend two platforms that focus on promoting users\u2019 privacy:<\/p>\n\n\n\n

Duck.ai (by DuckDuckGo)<\/strong> \u2013 allows you to use several well-known LLM models in a self-hosted installation, without even the possibility of identifying yourself.<\/p>\n\n\n\n

LUMO (by the Proton Foundation)<\/strong> \u2013 with certain usage limits and optional identification.<\/p>\n\n\n\n

And here we reproduce a comparison provided precisely by the Proton Foundation:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

If you still decide that you want to keep using the well-known, famous, and corporate ones directly, there are several cases in which (at the time of writing this article) it is not necessary to identify yourself:<\/p>\n\n\n\n