AI and Your Data: Privacy & Security Risks

The Growing Intrusion of AI and Your Personal Data

Artificial intelligence is becoming increasingly integrated into numerous aspects of modern life, appearing in smartphones, applications, search engines, and even fast-food establishments. The emergence of web browsers incorporating AI assistants and chatbots signifies a notable shift in how individuals currently access and utilize information compared to even recent years.

Excessive Data Access Requests

A concerning trend is the escalating demand for extensive access to personal data by AI tools, often justified as necessary for functionality. This level of access is atypical and warrants careful consideration.

Previously, users rightly questioned why seemingly harmless applications, such as free flashlights or calculators, would request access to sensitive information like contacts, photos, and location data. While such access might not be essential for the app's core function, it could be sought for data monetization purposes.

Currently, AI applications exhibit similar behavior.

Case Study: Comet Browser by Perplexity

Consider Perplexity’s Comet, an AI-powered web browser. Comet offers AI-driven search capabilities and automation of tasks, including email and calendar summarization.

TechCrunch’s evaluation revealed that when requesting access to a Google Calendar, Comet seeks broad permissions encompassing managing drafts, sending emails, downloading contacts, viewing and editing all calendars, and even accessing an organization’s complete employee directory.

for privacy and security, think twice before granting ai access to your personal data

Perplexity states that much of this data is stored locally, but granting access still allows the company to utilize your personal information, including for AI model improvement.

A Widespread Practice

Perplexity is not an isolated case. Many AI applications promising time-saving features, such as call or meeting transcription, require access to private conversations, calendars, and contacts. Meta has also been exploring the boundaries of data access, including accessing un-uploaded photos from camera rolls.

Meredith Whittaker, president of Signal, has compared utilizing AI agents and assistants to “putting your brain in a jar.” She explains that while AI can automate tasks like restaurant reservations or concert ticket purchases, it necessitates permissions to access your browser (potentially exposing passwords and browsing history), credit card details, calendar, and contacts.

Security and Privacy Implications

Significant security and privacy risks are inherent in using AI assistants reliant on your data. Granting access effectively transfers control of a comprehensive snapshot of your personal information – encompassing years of inbox history, messages, and calendar entries – for the sake of convenience.

Furthermore, you are empowering the AI agent to act independently on your behalf, demanding substantial trust in a technology prone to errors and inaccuracies. Reliance on AI also requires trusting the companies developing these products, who depend on your data to enhance their models. Human review of your private prompts is common practice when issues arise.

A Critical Evaluation

From a security and privacy perspective, the potential benefits of connecting AI to your personal data rarely outweigh the risks. Any AI application requesting such extensive permissions should raise immediate concerns, mirroring the caution one would exercise with an app requesting unnecessary data access.

Before granting access, carefully consider whether the benefits offered by AI applications justify the substantial data handover.