[vasachi]

Say they introduce a bug, that will try to call that API even when there is no key.

[moloch]

Say they introduce a bug, that deletes every file on your machine.

[shawnz]

Not even that unlikely, for example consider the well known `rm -rf $STEAMROOT/*` bug in Steam some years ago

[adrianN]

If you're afraid that programs on your computer leak your data, run them in a sandbox with limited permissions.

[Suzuran]

This is what was claimed was happening. I received multiple warnings that iTerm2 was sending "all terminal interactions" to OpenAI's servers regardless of the absence of an API key. Packet captures showing "exfiltrated" data were represented as proof when those were created with an invalid API key, not a blank API key.

[jedberg]

It's still an opt-in feature. The bug would have to be so bad that it calls that API even with the feature off.

[brysonreece]

And? Say your bank introduces a bug that siphons all your money; that’s the risk of operating in a digital age.