[yehosef]

Unless you're very careful, it's trivial to have my secrets to be sent to the LLM. If it reads your .env just to see the variable names, the secrets have been sent to the servers. Now - they probably don't care about you and your secrets - but it makes me more uncomfortable that they have them.

This is true of anthropic or openai - but for some reason I think the us govt or anyone else will have a harder time getting to my data from them than the CCP will any chinese company.

[ndiddy]

> but for some reason I think the us govt or anyone else will have a harder time getting to my data from them than the CCP will any chinese company.

US tech companies voluntarily give their data to the US government. Don't you remember PRISM? You think they stopped doing that?

> Internal NSA presentation slides included in the various media disclosures show that the NSA could unilaterally access data and perform "extensive, in-depth surveillance on live communications and stored information" with examples including email, video and voice chat, videos, photos, voice-over-IP chats (such as Skype), file transfers, and social networking details.[2] Snowden summarized that "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."[13]

[0xbadcafebee]

> for some reason I think the us govt or anyone else will have a harder time getting to my data

US companies are required by law to hand over your data if given a warrant by USG. They don't need a warrant if they have a subpoena for less invasive data, or a FISA request. They can also ask without any justification, and see if the company will cough it up anyway (they often do). Any AI company with government contracts will want to give up data quicker so as not to threaten deals worth hundreds of millions.

[bean469]

> but for some reason I think the us govt or anyone else will have a harder time getting to my data from them than the CCP will any chinese company

With what we know about the US government's mass surveillance in cooperation with tech giants, I would highly doubt that either country is "better" in this regard

[protocolture]

>I think the us govt or anyone else will have a harder time getting to my data than the CCP will any chinese company.

Why? You dont think that 5 eyes cyber peeps use every advantage they can get? And on the way out leave a dusting of evidence pointing at the russkies or chinese?

[2ndorderthought]

Why would two companies burning 100s of billions of dollars and are not profitable be safe keepers of your data when there is a huge market for all of that in the us and the us has really weak protections for those things so the companies can sell it to defense agencies?

Thing is, either way your data is getting hoovered up. If not today then eventually. It's just a matter of where. If you work in an industry where nation states might want to do you irreparable harm then yea don't let your data leave the country.

[tasuki]

> If it reads your .env just to see the variable names, the secrets have been sent to the servers.

But these are development secrets. They're of no use to anyone.

Production secrets probably live in another repo, or at least are stored encrypted. In my case both. And I'm managing the least sensitive stuff you can imagine: a pre-school website, a non-profit event website, personal blog...