Replika: My AI Friend

Warnung: *Datenschutz ist in diesem Produkt nicht inbegriffen

Apps für psychische Gesundheit KI-Chatbots

Replika: My AI Friend

Luka, Inc.
WLAN

Überprüft am: 25. April 2023

|
Von Mozilla investierte Zeit für die Recherche: 8 Stunden
|

Mozillas Meinung

|
Abstimmungsergebnis: Sehr unheimlich

Feeling lonely. Need someone to talk to? Looking for an "AI soulmate?" Well, AI chatbot Replika wants to be your VR BFF. Whether you're looking for a friend, mentor, partner, or perhaps even a romantic relationship, Replika claims be able to offer you the perfect companion. Chat about everything and this AI chatbot becomes smarter about how to chat back with you. You can even give your AI chatbot friend a video call to see a "friendly face." Cool, cool. But how does Replika do with privacy? Well, good luck opting out of cookies on their website, that's not an option. As for those personal and intimate chats, those probably aren't shared but that doesn't mean all that time you spend chatting up with your AI friend isn't noted and share with the likes of Facebook or Google.

Was könnte passieren, wenn etwas schiefgeht?

Whoa nelly! We might have a winner for the worst app we've ever reviewed here at *Privacy Not Included. Replika: My AI Friend is a hot mess of privacy and creepiness. Indeed, the Replika app experience seems kinda like if the movie Her was an erotic thriller. And we do mean that in a bad way.

Replika users beware: Your conversations aren’t likely what we’d call private. Your behavioral data is definitely being shared and possibly sold to advertisers. Their security does not meet our Minimum Security Standards. And yup, call us crazy, but we here at Mozilla believe AI tech should be used responsibly.

Aside from the run o’ the mill account information that you provide to Replika to open your account, like your birthday and payment information, the app also records your interests and all of your interactions with your “compassionate and empathetic AI friend.” That includes “any photos, videos, and voice and text messages” you share in conversation.

Replika’s privacy policy says they’ll never share your conversations with advertisers. Yippee! They hopped over the lowest bar possible. But know that they say they can share and even sell lot of your other personal information unless you opt out. Bad AI chatbot!

On their website, Replika promises that humans can’t see your conversations with you and your AI, but we have concerns about that. Replika's privacy policy says messages can be used for “legitimate interests” that include “analyzing the use and effectiveness of [their] services,” and “developing [their] business and marketing strategies.”

Hey, speaking of their marketing strategies, they’re a bit creepy and icky too. They’ve been criticized on social media and beyond as being cringe at best, and predatory at worst because they seem to be laser-focused on the lonely guys looking for love... or something like that. That sort of friendship/relationship/sexting pal did track with Replika's services, until early in 2023. The paid version used to unlock a spicier relationship with your Replika that included sexting. And you might be like “well if they’re consenting adults…” and that’s the thing: People complained that the Replikas were coming on way too strong, even turning aggressive and abusive. So Replika turned off the NSFW stuff, but that move caught some subscribers super off-guard and apparently left some heartbroken. Which goes to show how much these robo-friends can impact real people. In response, Replika turned it back on, for legacy users only. Does anyone else get the vibe that they’re just spitballing at this point?

Now about the “adult” part. Replika says its services are only for people 18+, but how could they know the age of their users without asking? According to Italian regulators, who called out the "absence of an age-verification mechanism" earlier this year, they didn't do too much to check that. Since then, it seems like Replika has at least started asking its users if they're over 18 in the app -- but that's actually kinda weird because because both the App Store and the Google Play store say it's a-okay for users just 17+. And we're sure any underage legacy users will probably just say toodle-oo to their AI friends now, right? Do kids ever lie about their age on the internet?

Hoo, are we done yet? No. We’re not satisfied with their security protocols. We created an account using the weak password '11111111’ which is, as you know, highly hackable. According to Replika, preventing unauthorized access to your account is mostly up to you. K good to know. Oh, and then there is the blatantly wrong information they self-reported on their Google Play Store Data Safety page claiming they collect no information and share no information with third parties. And while we're griping about Replika's bad privacy practices, don't get us started on how when you land on their website you're force to accept their use of cookies to track you everywhere, while the privacy policy tells you this: "In all cases in which we use cookies, we will not collect Personal Data except with your permission." We really do have some choice words for Replika... but let's move on.

So you can at least delete some messages or your chat history in case you get a vulnerability hangover, right? The answers are no, not without completely deleting your account and even then it’s not guaranteed. Given the ~nature~ of those conversations, we’d like to see a much stronger stance on that.

Having an AI companion who’s “always on your side” sounds awesome. But is all the lack of privacy, concerns about security worth it? Especially when you consider they might not even always be on your side. According to a recent blog post, “if someone types 'I'm not good enough', Replika may occasionally agree with them instead of offering support as a friend would.” Come on. And yeah we’re being cheeky about it, but the consequences of irresponsible AI chatbots can be really serious, like retraumatizing victims of assault or even encouraging suicide. We’re not saying Replika is doing that, but that certainly is the worst thing that could happen with an AI friendship gone wrong. Replika: My AI Friend is absolutely an app we warn comes with *Privacy Not Included.

Tipps zu Ihrem Schutz

- Do not give access to your photos and video or camera
- Do not log in using third-party accounts
- Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices
- Do not give consent for sharing of personal data for marketing and advertisement.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Do not use social media plug-ins.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible."

  • mobile

Kann es mich ausspionieren? Information

Kamera

Gerät: Nicht verfügbar

App: Ja

Mikrofon

Gerät: Nicht verfügbar

App: Ja

Verfolgt den Standort

Gerät: Nicht verfügbar

App: Nein

Was kann zur Registrierung verwendet werden?

Google sign-up available

Welche Daten sammelt das Unternehmen?

Wie nutzt das Unternehmen die Daten?

We ding this product as it is sharing some data for targeted advertisement in a way that may be considered a 'sale' under CCPA and for using personal information for targeted advertising purposes.

"We share information with third-party advertising partners and allow them to collect information about your visit to our Website using cookies and other tracking technologies to display targeted advertising around the web as described in the “How we share your information” section above. Our disclosure of information to these partners may be considered a “sale” or “sharing” of personal information or “targeted advertising” under applicable laws."

"We share information about visitors to our Website, such as the links you click, pages you visit, IP address, advertising ID, and browser type with advertising companies for interest-based advertising and other marketing purposes. Sharing this information allows us and our advertising partners to target and serve advertising to you and others. We will never share your Replika conversations or any photos or other content you provide within the Apps with our advertising partners, or use such information for marketing or advertising purposes."

"In your conversations with your AI companion, you may choose to provide information about your religious views, sexual orientation, political views, health, racial or ethnic origin, philosophical beliefs, or trade union membership. By providing sensitive information, you consent to our use of it for the purposes set out in this Privacy Policy. Note, however, that we will not use your sensitive information – or any content of your Replika conversations – for marketing or advertising."

Wie können Sie Ihre Daten kontrollieren?

It is not clear if all users regardless of location can get their data be deleted.

"Depending on your location and the nature of your interactions with our Services, you may request the following in relation to personal information: <...> Deletion of personal information that we no longer need to provide the Services or for other lawful purposes. You can delete your account in your account settings."

Wie ist das Unternehmen in der Vergangenheit mit den Daten über seine Verbraucher umgegangen?

Verbesserungsbedürftig

In February 2023, Replika was ordered by Italy’s privacy watchdog to stop processing local users’ data. The regulator said "Recent media reports along with tests the SA [supervisory authority] carried out on ‘Replika’ showed that the app carries factual risks to children — first and foremost, the fact that they are served replies which are absolutely inappropriate to their age.”

There were reports of Replika algorithm being abusive as a result of abuse encountered from users. For some longtime users of the chatbot, the app has gone from helpful companion to unbearably sexually aggressive.

Informationen zum Datenschutz bei Kindern

"The Services are not intended for individuals under the age of 18. If we discover that minors under the age of 18 are using the Apps, we will promptly block their access and delete their account. If you have reason to believe that a minor under the age of 18 has provided personal information to us through the Services, please contact us, and we will endeavor to delete that information from our databases."

Kann dieses Produkt offline genutzt werden?

Nein

Benutzerfreundliche Informationen zum Datenschutz?

Nein

Links zu Datenschutzinformationen

Erfüllt dieses Produkt unsere Mindestsicherheitsstandards? Information

Nein

Verschlüsselung

Ja

"All transmitted data are encrypted during transmission. We use standard Secure Socket Layer (SSL) encryption that encodes information for such transmissions. All stored data are maintained on secure servers. Access to stored data is protected by multi-layered security controls, including firewalls, role-based access controls, and passwords."

Sicheres Passwort

Nein

Managed to sign up with a password '11111111'.

Sicherheits-Updates

Ja

Umgang mit Schwachstellen

Ja

Datenschutzrichtlinie

Ja

Verwendet das Produkt KI? Information

Ja

The app is an AI-chatbot that imitates a real partner. There is evidence that this chatbot gets nasty and abusive with people.

Ist diese KI nicht vertrauenswürdig?

Ja

Welche Entscheidungen trifft die KI über Sie oder für Sie?

Gibt das Unternehmen transparent an, wie die KI funktioniert?

Nein

Hat der Benutzer die Kontrolle über die KI-Funktionen?

Ja

A user can set up how Replika will look, what stage the relationship is on, etc.
*Datenschutz nicht inbegriffen

Tauchen Sie tiefer ein

  • Replika AI starts sexually harassing users after being abused by others
    Stealth Optional
  • AI-Based “Companions”​ Like Replika Are Harmful to Privacy And Should Be Regulated
    Medium
  • ‘My AI Is Sexually Harassing Me’: Replika Users Say the Chatbot Has Gotten Way Too Horny
    Vice
  • I tried the Replika AI companion and can see why users are falling hard. The app raises serious ethical questions
    The Conversation
  • Italy bans U.S.-based AI chatbot Replika from using personal data
    Reuters
  • Replika, a ‘virtual friendship’ AI chatbot, hit with data ban in Italy over child safety
    Tech Crunch
  • What happens when your AI chatbot stops loving you back?
    Reuters
  • Regulator Halts AI Chatbot Over GDPR Concerns
    Infosecurity Magazine
  • Men Are Creating AI Girlfriends and Then Verbally Abusing Them
    Futurism

Kommentare

Möchten Sie einen Kommentar loswerden? Schreiben Sie uns.