Microsoft has discovered a new type of side-channel attack on remote language models. This type of side-channel attack could allow a cyberattacker a position to observe your network traffic to conclude language model conversation topics, despite being end-to-end encrypted via Transport Layer Security (TLS).We have worked with multiple vendors to get the risk mitigated, as well as made sure Microsoft-owned language model frameworks are protected.[...]Source code
The models and data collection code are publicly available under the Whisper Leak repository. In addition, we have built a proof-of-concept code that uses the models to conclude a probability (between 0.0 and 1.0) of a topic being “sensitive” (related to money laundering, in our proof-of-concept).
pull down to refresh
related posts
33 sats \ 2 replies \ @optimism 10 Nov
There's this obfuscation extension built into mullvad called DAITA - I'm not sure how well it works though, as with the background noise it's only protecting the tunnel, not the tls going through the endpoint.
At least they built a nonce into these APIs now, that's good for an outside observer. But many of these chatbot sites require you to log in for more than trivial usage, so they will still correlate all your traffic to your chats anyway. I wouldn't take a bet against these guys selling that data either.
Thus, localhost LLM > intranet LLM > extranet LLM > internet LLM > LLM service.
reply
100 sats \ 1 reply \ @0xbitcoiner OP 10 Nov
Better to have some defense than none. It’s the usual cat-and-mouse game, sadly, the bad guys are pretty much always a step ahead.
reply
33 sats \ 0 replies \ @optimism 10 Nov
Yeah. The problem with leaking data is that you cannot unleak it really. Gotta break the correlation by changing habits.
reply