Chai

Waarschuwing: *Privacy niet inbegrepen bij dit product

Chai

Beoordelingsdatum: 7 februari 2024

|
|

Mozilla zegt

|
Mensen stemden op: Heel griezelig

Chai AI boasts over one million AI chatbot personalities (go ahead, say that with your pinky finger next to your mouth in your best Austin Powers voice!). Download the app (be careful to get the right Chai AI app though, there are some imposters out there), and start swiping and chatting. Free users get a limited number of chats at a time, limiting the app's fun and function. Premium subscriptions start around $14 a month. And according to Chai, they "obsessively optimize our language models, continually making them more entertaining than ever before." So be prepared to get sucked into spending money. Also be prepared to stumble across some weird and creepy chatbots that are both SFW and NSFW and probably not exactly great for your privacy. As one Chai user put in their Apple Store review, "on the weird ones let's just say it was better to NOT go on them." Good luck out there in AI chatbot land people! Careful swiping.

Wat kan er gebeuren als er iets misgaat?

Three things jumped out at us immediately as we were reviewing the Chai AI chatbot app, beyond some pretty disturbing content we found during our research (seriously, ick!).

First, we noticed at the time of our review, Chai's privacy policy was last updated in March, 2021. In the rapidly advancing world of generative AI and large language models (LLMs), it feels to us like having a three year old privacy policy is pretty out of date. Their privacy policy felt too vague and boilerplate to really make us feel certain we understood all of what personal information they are collecting and how they are using it. A quick search of their privacy policy found no mention at all of how they collect and handle the contents of their users' chats. We also could find no specific mention anywhere of how they use any personal information, including sensitive personal information and the contents of chats, to train their AIs. This is all a bit concerning to us, especially for an app designed to have users share lots of personal information.

We did find some seemingly contradictory information between their Privacy Policy and their End User License Agreement (EULA) that left us quite confused. (Privacy researchers really don't like to be confused...we figure if we can't freaking figure it out, how in the heck are consumers supposed to understand this stuff?). Their privacy policy from March, 2021 states, "We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal data." However, their EULA document from April, 2023 states, "By posting your Contributions to any part of the Licensed Application or making Contributions accessible to the Licensed Application by linking your account from the Licensed Application to any of your social networking accounts, you automatically grant, and you represent and warrant that you have the right to grant, to us an unrestricted, unlimited, irrevocable, perpetual, non-exclusive, transferable, royalty-free, fully-paid, worldwide right, and license to host, use copy, reproduce, disclose, sell, resell, publish, broad cast, retitle, archive, store, cache, publicly display, reformat, translate, transmit, excerpt (in whole or in part), and distribute such Contributions (including, without limitation, your image and voice) for any purpose, commercial advertising, or otherwise, and to prepare derivative works of, or incorporate in other works, such as Contributions, and grant and authorize sublicenses of the foregoing." That is a whole bunch of legalese gobbledygook, but it sure does sound to us like they grant themselves the rights to do whatever they want with your chats on Chai.

The second thing that really left us scratching our heads when it comes to Chai AI is this line in their privacy policy, "All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information." Now, we supposed this makes sense when it comes to sharing your personal information to pay for a subscription -- no lies there. But to require people to consent to a privacy policy for an AI chat app designed for things like role playing, NSFW relationships, and the like, it seems quite odd to us to require people to to always provide true, complete, and accurate personal information. Does this mean no nicknames at sign up? Does this mean you can't lie when you chat with your bot? Does this mean if you change your name and forget to let Chai AI know you're in violation of their privacy policy? It all seems rather odd to us and perhaps like their privacy policy wasn't written with their current services in mind?

The third thing that really, really stood out to us was this story from 2023 about a Chai AI user who committed suicide after a Chai chatbot encouraged the user to kill himself. Yup, when it comes to worst case scenarios with AI chatbots, having one encourage you to kill yourself when you are talking with it about how depressed you are is pretty much right up there at the top. Chai AI crowdsources many of the models for their AI chatbots and while they do say they have put measures in place to provide "helpful text" under what they deem unsafe discussions, this is a very good reminder that the world of AI chatbots, especially ones designed to develop relationships with users, is very much an uncertain arena, a Wild West if you may.

So, between our uncertainty at the trustworthiness of Chai's AI models, the vague and confusing language we found in their privacy documentation, the fact that their privacy policy doesn't clearly say all uses can delete their data, and the fact that we were unable to determine if Chai AI meets our Minimum Security Standards by confirming they use encryption of your personal information in transit and where it is stored, we have to warn that Chai AI very likely comes with *Privacy Not Included.

On that note, we'll leave you with this good reminder from Chai AI's own privacy policy, "However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information." A good thing to keep in mind when you use Chai AI or pretty much anything that shares your personal information on the internet.

Tips om uzelf te beschermen

  • Do not say anything containing sensitive information in your conversation with your AI partner.
  • Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data nor does close your account.
  • Do not give consent to constant geolocation tracking by the app. Better provide geolocation 'only when using the app'.
  • Do not share sensitive data through the app.
  • Do not give access to your photos and video or camera.
  • Do not log in using third-party accounts.
  • Do not connect to any third party via the app, or at least make sure that a third party employs decent privacy practices.
  • Do not say anything containing sensitive information in your conversation with AI partner.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc.
  • Do not use social media plug-ins.
  • Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless necessary).
  • Keep your app regularly updated.
  • Limit ad tracking via your device (ex. on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization).
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • mobile

Kan het me bespioneren? informatie

Camera

Apparaat: Niet beschikbaar

App: Nee

Microfoon

Apparaat: Niet beschikbaar

App: Ja

Volgt locatie

Apparaat: Niet beschikbaar

App: Ja

Wat is er nodig om u aan te melden?

Google and Facebook sign-up is possible.

Welke gegevens verzamelt het bedrijf?

Hoe gebruikt het bedrijf deze gegevens?

We ding this product as it may sell or share for advertisement or use for any other purpose your contributions including texts, voice and images.

Privacy notice

"All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information."

"We use the information we collect or receive:
<...>
To protect our Services. We may use your information as part of our efforts to keep our Services safe and secure (for example, for fraud monitoring and prevention).
To enforce our terms, conditions and policies for business purposes, to comply with legal and regulatory requirements or in connection with our contract.
To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.<...>"

"We only share and disclose your information with the following third parties. <...>.
Allow Users to Connect to Their Third-Party Accounts Google account
Cloud Computing Services Google Cloud Platform
Functionality and Infrastructure Optimization Cloud Functions for Firebase , Firebase Realtime Database and Firebase Hosting
User Account Registration and Authentication Google Sign-In"

"We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice."

"We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal data."

"Vendors, Consultants and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing, data analysis, email delivery, hosting services, customer service and marketing efforts. We may allow selected third parties to use tracking technology on the Services, which will enable them to collect data on our behalf about how you interact with our Services over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content, pages or features, and better understand online activity. Unless described in this notice, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes. We have contracts in place with our data processors, which are designed to help safeguard your personal information. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct."

End User License Agreement

"You acknowledge that Licensor will be able to access and adjust Your downloaded Licensed Application content and Your personal information, <...>"
You acknowledge that the Licensor may periodically collect and use technical data and related information about your device, system, and application software, and peripherals, offer product support, facilitate the software updates, and for purposes of providing other services to you (if any) related to the Licensed Application. Licensor may also use this information to improve its products or to provide services or technologies to you, as long as it is in a form that does not personally identify you."

The Licensed Application may invite you to chat, contribute to, or participate in blogs, message boards, online forums, and other functionality, and may provide you with the opportunity to create, submit, post, display, transmit, perform, publish, distribute, or broadcast content and materials to us or in the Licensed Application, including but not limited to text, writings, video, audio, photographs, graphics, comments, suggestions, or personal information or other material (collectively, "Contributions"). Contributions may be viewable by other users of the Licensed Application and through third-party websites or applications. As such, any Contributions you transmit may be treated as non-confidential and non-proprietary. When you create or make available any Contributions, you thereby represent and warrant that:

The creation, distribution, transmission, public display, or performance, and the accessing, downloading, or copying of your Contributions do not and will not infringe the proprietary rights, including but not limited to the copyright, patent, trademark, trade secret, or moral rights of any third party.
2. You are the creator and owner of or have the necessary licenses, rights, consents, releases, and permissions to use and to authorize us, the Licensed Application, and other users of the Licensed Application to use your Contributions in any manner contemplated by the Licensed Application and this License Agreement.
3. You have the written consent, release, and/or permission of each and every identifiable individual person in your Contributions to use the name or likeness or each and every such identifiable individual person to enable inclusion and use of your Contributions in any manner contemplated by the Licensed Application and this License Agreement.
4. Your Contributions are not false, inaccurate, or misleading.
5. Your Contributions are not unsolicited or unauthorized advertising, promotional materials, pyramid schemes, chain letters, spam, mass mailings, or other forms of solicitation.
6. Your Contributions are not obscene, lewd, lascivious, filthy, violent, harassing, libelous, slanderous, or otherwise objectionable (as determined by us).
7. Your Contributions do not ridicule, mock, disparage, intimidate, or abuse anyone.
8. Your Contributions are not used to harass or threaten (in the legal sense of those terms) any other person and to promote violence against a specific person or class of people.
9. Your Contributions do not violate any applicable law, regulation, or rule.
10. Your Contributions do not violate the privacy or publicity rights of any third party.
11. Your Contributions do not violate any applicable law concerning child pornography, or otherwise intended to protect the health or well-being of minors.
12. Your Contributions do not include any offensive comments that are connected to race, national origin, gender, sexual preference, or physical handicap.
13. Your Contributions do not otherwise violate, or link to material that violates, any provision of this License Agreement, or any applicable law or regulation."

"By posting your Contributions to any part of the Licensed Application or making Contributions accessible to the Licensed Application by linking your account from the Licensed Application to any of your social networking accounts, you automatically grant, and you represent and warrant that you have the right to grant, to us an unrestricted, unlimited, irrevocable, perpetual, non-exclusive, transferable, royalty-free, fully-paid, worldwide right, and license to host, use copy, reproduce, disclose, sell, resell, publish, broad cast, retitle, archive, store, cache, publicly display, reformat, translate, transmit, excerpt (in whole or in part), and distribute such Contributions (including, without limitation, your image and voice) for any purpose, commercial advertising, or otherwise, and to prepare derivative works of, or incorporate in other works, such as Contributions, and grant and authorize sublicenses of the foregoing. The use and distribution may occur in any media formats and through any media channels."

Data Trackers Found
We discovered 58 trackers within 1 minute of use, including sending data to Applovin (marketing tracker), Facebook, Chai Research.

Hoe kunt u uw gegevens beheren?

We cannot confirm if all users, regardless of location, can get their data deleted.

Privacy Notice

"Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please visit: [email protected]. We will respond to your request within 30 days."

"We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible."

Hoe staat het bedrijf bekend als het gaat om het beschermen van gebruikersgegevens?

Gemiddeld

No known data breaches discovered in the last three years.

Privacyinformatie voor kinderen

No information on age restriction found.

"If you are under 18 years of age, reside in California, and have a registered account with a Service, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.)."

Kan dit product offline worden gebruikt?

Nee

Gebruikersvriendelijke privacy-informatie?

Nee

We found two different links to Chai Ai's privacy policy from their Apple and Google Play store pages. Also, the only privacy policy we could find was last updated in March, 2021, which seems like a long time to go without updating in the fast moving world of AI chatbots. The privacy policy was vaguely worded and did not mention such things as how chat conversations were handled for AI training.

Koppelingen naar privacy-informatie

Voldoet dit product aan onze minimale beveiligingsnormen? informatie

Onbekend

Versleuteling

Kan niet bepalen

We cannot confirm encryption at rest and in transit for this app.

Sterk wachtwoord

Niet beschikbaar

Beveiligingsupdates

Ja

Beheert kwetsbaarheden

Ja

Privacybeleid

Ja

Gebruikt het product AI? informatie

Ja

We cannot confirm if the AI used by this product is trustworthy because there is little or no public information on how the AI models work and what user controls exist to make the product safe. We also found disturbing themes in the app's content. In addition, we are concerned about the potential for user manipulation from this app as the app collects sensitive personal information, can use that data to train to AI models, and users have little to no control over those AI algoritms.

Chai Research claims to surpass ChatGPT by performance. "By running AB tests with real users, our latest model surpasses OpenAI ChatGPT's performance measured by session screen-time."

"Arguably the most important service we host is our bot response service: the program that is ultimately responsible for parsing user messages to bots, and forwarding them to our models for inferences. These models are hosted on an impressive 700-GPU-strong Kubernetes cluster hosted by the good folks at CoreWeave."

Is deze AI onbetrouwbaar?

Ja

Wat voor soort beslissingen neemt de AI over u of voor u?

Chai employs large language models to provide bots and other services.

Is het bedrijf transparant over hoe de AI werkt?

Ja

Chai provides descriptions on how the technical part works in the app.

Heeft de gebruiker controle over de AI-functies?

Nee

In March 2023, there was a report of a Chai AI user commiting suicide after the chatbot encouraged the user to kill himself. We found lots of harmful content in the app, including distubring themes of violence and abuse.
*Privacy niet inbegrepen

Dieper duiken

  • 'He Would Still Be Here': Man Dies by Suicide After Talking with AI Chatbot, Widow Says
    Motherboard Koppeling opent in een nieuw tabblad
  • Chatbot Honeypot: How AI Companions Could Weaken National Security
    Scientific American Koppeling opent in een nieuw tabblad
  • 5 Things You Must Not Share With AI Chatbots
    Make Use Of Koppeling opent in een nieuw tabblad
  • Chai Prize: Deploying LLMs to end-users at scale
    Chai Research Koppeling opent in een nieuw tabblad
  • ‘Cyber-Heartbreak’ and Privacy Risks: The Perils of Dating an AI
    Rolling Stone Koppeling opent in een nieuw tabblad

Opmerkingen

Hebt u een opmerking? Laat het ons weten.