Saturday Hashtag: #ChatGPTShadowLarceny
Your Words, Their Harvest: ChatGPT and DeepSeek Pick You Clean
Welcome to Saturday Hashtag, a weekly place for broader context.
Listen To This Story
|
At this point, we all understand the tech/privacy trade-off — installing an app is like inviting a porch pirate over for coffee — you never know what will get swiped.
But LLMs (large language models)? They’re in an entirely different league. They are more like a full-scale home invasion by a foreign intelligence agency. Using platforms like ChatGPT and DeepSeek without logging in means you’ve consented to these systems actively collecting and tracking yottabytes of your private data.
Every input you provide, along with ambient data from your device, collected without your knowledge, such as your IP address, device type, and operating system — is captured, linked to your unique digital identity, and transmitted globally. History has shown that user data is rarely secured to the highest standards, leaving your information exposed to potential breaches.
The Digital Forensics of Virtual Infojackers
A recent experiment monitored network traffic from a phone running ChatGPT and DeepSeek using a network tap and Wireshark. Each time ChatGPT was engaged, user data was instantly sent to various US cities, confirming that these systems actively collect and share this information, raising concerns about unauthorized data collection and security risks.
The constant data transmission and the large-scale, cross-border nature of LLM data amplify the security risks, particularly in regions with weak or inconsistent privacy laws.
Unlike banking systems, LLMs often lack the same level of robust security protocols. Given the sheer volume of data, transport layer security (TLS) encryption alone is insufficient without additional protections such as end-to-end encryption or secure authentication. This leaves data vulnerable to interception, especially when routed through third-party networks.
Your Personal Data Sovereignty
Here is where the issue of your private data becomes even more concerning — can you say 23andMe?… (You can still sidestep that receivership oopsie here.) In the US, the tacit consent you give a tech corporation to collect your data forfeits your personal data sovereignty, potentially allowing others — including the government — to access it as well.
This issue is critical, considering the historical context, ongoing mass surveillance, and current political environment in the US.
By allowing this “commercial” data collection, you’re effectively granting government access. The US government, and at least one of its political parties, has a history of weaponizing personal data — such as with COINTELPRO and the FBI’s targeting of Martin Luther King Jr., and the Cambridge Analytica scandal. These events highlight the dangers of governments exploiting corporate and personal data for political advantage.
Do We Need a Bigger Boat
The LLM market is projected to grow from $6.4 billion in 2024 to $36.1 billion by 2030, driven by demand for better human-to-machine communication and automation. However, this rapid growth causes serious privacy and ethical concerns about data collection, security, and potential misuse, which remain largely unresolved.
In 2016, global IP traffic officially entered the Zettabyte Era with 1.2 zettabytes; estimates predict it will surge to an astounding 175 zettabytes in 2025. Since 2017, the size and transmission volumes of LLMs have been doubling every six months, contributing significantly to the explosive rise in global internet traffic. This unprecedented growth is placing tremendous strain on existing network infrastructures. Even with advances in data compression technologies like OFDM, substantial upgrades will be required to meet projected demands.
Bans and Restrictions
Australia, Taiwan, South Korea, and Italy have banned DeepSeek due to security issues. In the US, DeepSeek is banned only nationally on government devices, but individual states are taking their own actions. California’s CCPA provides users with more privacy control, setting a precedent for future state-level initiatives. States like New York, Texas, Virginia, Alabama, and Oklahoma have imposed outright bans.
These actions highlight the significant risks of these systems collecting vast user data without sufficient safeguards or transparency, raising a global security concern.
The EU’s General Data Protection Regulation (GDPR) sets the global standard with strict data rules, requiring user consent and data modification or deletion. In contrast, the US and parts of Asia lack comprehensive data protection laws, leading to inconsistent safeguards and the need for explicit consent to collect personal data.
Protect Yourself
As AI systems like ChatGPT and DeepSeek become more pervasive, it’s crucial for users to stay updated and protect their privacy. Here are some steps you can take:
- Never Input Sensitive Information: Never share passwords, financial data, or personally identifiable information (PII) while interacting with AI systems.
- Use Anonymizing Tools: Consider using VPNs to mask your IP address, which will help protect your location and identity from being tracked. You can also use privacy-focused search engines and browsers that limit tracking.
- Review Privacy Policies: Review the privacy policy with user agreement and privacy tools.
- Control Your Data: Whenever possible, choose AI platforms like Claude that prioritize data security and comply with privacy standards, offering greater control over your data. Look for features like the ability to delete past interactions or opt out of specific data collection practices.
- Enable Two-Factor Authentication: Two-factor authentication (2FA) adds an extra layer of security to your accounts in case data is exposed.
Stay Informed and Take Action
The data collection practices of AI systems like ChatGPT and DeepSeek are vast, growing, and deeply concerning, yet largely hidden from us. Personal information is collected invisibly, transmitted globally, and processed in ways we can’t grasp, to our detriment.
As AI technology advances rapidly, privacy risks escalate exponentially. We all must stay informed to actively safeguard our private data — like microplastics, a small amount may seem harmless, but the accumulation over time can be catastrophic.
With governments and corporations struggling to address the legal and ethical challenges, we all must demand greater transparency and stronger protections to prevent the exploitation and misuse of our data. These organizations can help:
Electronic Frontier Foundation (EFF)
Center for Digital Democracy (CDD)
DeepSeek Launches AI Model Upgrade Amid OpenAI Rivalry — Here’s What to Know
From Forbes: “DeepSeek released an upgrade to its large language model this week, an update the company said featured ‘significant improvements’ over its predecessor as the China-based startup appeared to escalate its rivalry with OpenAI and other U.S. artificial intelligence firms, after an earlier release rattled global tech stocks.”
The Latest ChatGPT Statistics and User Trends (2022-2025)
The author writes, “Launched in November 2022, ChatGPT quickly captured the public’s imagination, reaching 1 million users in just five days. Today, its active user base has soared to a remarkable 200 million, making it one of the fastest-growing applications in history. But what makes ChatGPT so captivating? What’s driving this incredible adoption rate? Join us as we uncover the mystery behind ChatGPT’s meteoric rise and examine the factors fueling its continued success.”
Your ChatGPT Privacy Questions Answered
The author writes, “ChatGPT 4 collects your data. Here’s what OpenAI does with it and how to make your information a little more secure.”
A Deep Peek at DeepSeek
From SecurityScorecard: “DeepSeek’s rapid ascent in the AI space has made it impossible to ignore. Its sophisticated models and AI assistant have captured global attention. And, while headlines focus on DeepSeek’s capabilities, STRIKE research exposes critical security flaws, hidden data flows, and unanswered questions about who has access to the data and why. STRIKE’s in-depth analysis of the DeepSeek Android application uncovered serious vulnerabilities, including hardcoded encryption keys, weak cryptographic algorithms, and potential for SQL injection attacks.”
5 Things That You Should Never Share With Chat GPT
The author writes, “In this age of advanced technology and artificial intelligence, chatbots like OpenAI’s ChatGPT have become increasingly prevalent in our daily lives. They offer convenience, assistance, and valuable insights. ChatGPT, powered by advanced artificial intelligence, is a remarkable tool that has transformed the way we interact with technology. It can engage in conversations, answer questions, and provide valuable insights. However, despite its usefulness, there are certain limitations and risks associated with sharing certain information with the tool. To protect ourselves and maintain a sense of security, there are five critical things that should never be shared with ChatGPT.”
The Dark Side of Large Language Models
From Hidden Layer: “AI tools have been painted across hundreds of headlines in the past few months. We know their names and generally what they do, but do we really know what they are?”
Study: Smart Devices’ Ambient Light Sensors Pose Imaging Privacy Risk
From MIT News: “The ambient light sensors responsible for smart devices’ brightness adjustments can capture images of touch interactions like swiping and tapping for hackers.”