Your Friends Could Be Sharing Your Phone Number with ChatGPT

"ChatGPT is getting more social," reports PC Magazine, "with a new feature that allows you to sync your contacts to see if any of your friends are using the chatbot or any other OpenAI product..." It's "completely optional," [OpenAI] says. However, even if you don't opt in, anyone with your number who syncs their contacts are giving OpenAI your digits. "OpenAI may process your phone number if someone you know has your phone number saved in their device's address book and chooses to upload their contacts," the company says...

But why would you follow someone on ChatGPT? It lines up with reports, dating back to April, that OpenAI is building a social network. We haven't seen much since then, save for the Sora generative video app, which exists outside of ChatGPT and is more of a novelty. Contact sharing might be the first step toward a much bigger evolution for the world's most popular chatbot. ChatGPT also supports group chats that let up to 20 people discuss and research something using the chatbot. Contact syncing could make it easier to invite people to these chats...

[OpenAI] claims it will not store the full data that might appear in your contact list, such as names or email addresses — just phone numbers. However, the company does store the phone numbers in its servers in a coded (or hashed) format. You can also revoke access in your device's settings.
09

MS was first

[johnstrass1]

MS Teams demands access to all contacts. What do we think happens next?

Re:MS was first

[gweihir]

It does not do so in Europe. Maybe because giving it that permission would be illegal in most cases.

Re:MS was first

[ukoda]

Yea, LinkedIn used to regularly ask for the same thing a few years back. So unprofessional it made me loose respect for LinkedIn at that point.

Re: MS was first

[Viol8]

Huh? Use the web version then, problem solved.

Re:

[ukoda]

Of course, I only ever use the web version. No way I would let Linked In, or the like, install their spyware on my phone! However for a while that did not stop them sending me a weekly email asking for access to my contacts. That went on from March 2017 to August 2019, every fucking week. I emailed to tell them stop, if I didn't do it after the first dozen emails they should take the hint and stop email bombing me. Pointless of course, they just keep going.

Re:

[gweihir]

Interesting. I have never seen that, but I am in GDPR land. I also never got email-bombed by them.

Are you US based or somewhere outside of Europe?

Re:

[ukoda]

I'm in New Zealand. The problem, probably under GDPR too, is Linked In have permission to send me emails about stuff I want to know. By default their signal to noise ratio is terrible. I have found email setting to get rid of much of the noise but even their info I want is of low quality, they can't seem to understand the difference an embedded systems engineer and a SaaS coder. Honestly they are so useless I am tempted to unsub everything from them. Their adoption of AI has not improved things either,

Re: MS was first

[johnstrass1]

No. Even on web version, they steal if you âoe sign inâ. So I only use Teams if forced to by the host. Then I just use the link to join the meeting and type in whatever name I want to show during our video call.

Far from first

[_merlin]

IIRC one of the first smartphone apps to do this the iPhone game Aurora Feint (a Puzzle de Pon clone). It would upload your address book to the developer's server to try to match you with people in your contacts list who also had the game. It was pretty scummy, and it wouldn't tell you that it was uploading all the details.

EU GDPR

[martin-boundary]

Hi ChatGPT, if you want to operate in the EU, please pass this GDPR Checklist [gdpr.eu] to one of your lawyers. Preferably the head of legal, as he will be cross if a junior lawyer fucks it up.

Re: EU GDPR

[liqu1d]

You'll just get it returned with a crayon scribbled all over it

Re: EU GDPR

[Tomahawk]

ChatGPT will fill it in itself.

Expect most of the answers to be hallucinated wrongly.

Why is Contact sharing legal?

[gurps_npc]

Yes, I get that it is new(ish) idea, but so what.

Phone numbers are extremely private information that sane people should not be giving to corporations. There are these things called spam calls - often robocalls but sometimes even human telemarketing.

There are reasons why beautiful women do not just give their phone number out - they do not want their time to be wasted on 'losers'.

Giving out your phone number to someone you do not know is incredibly stupid.

Phone numbers are personal, private information th

Re:

[Anonymous Coward]

Phone books were published for 100 years and nobody complained then.

Re:Why is Contact sharing legal?

[OrangAsm]

Nobody complained? That must be why nobody, ever, got their number unlisted.

Re: Why is Contact sharing legal?

[Viol8]

A tiny percentage. OTOH theres a limited amount of abuse possible with a landline number compared to a mobile phone. The main privacy issue with phone books was publishing home addresses so any nutjob who knew your full name and area you lived in could track you down, phone numbers were a secondary concern.

Re:

[Morromist]

Lol - yeah, things totally are the same today as back when we had phonebooks.

Re:

[ukoda]

In the era of computers, a phone book holds next to no value compared with a database of phone numbers. Nobody complained 100 years ago because there where no computers abusing phone book usage back then.

Re: Why is Contact sharing legal?

[Viol8]

Newsflash - back in the 70s and 80s companies would hire a ton of people to literally go through phone books a-z and cold call. You kids have no clue.

Re:

[ukoda]

I guess that was a USA problem, it never happened here (New Zealand) in the 70s and 80s. I only became a problem decades later when VOIP etc allowed offshore scammers access, and they were not using phone books.

Re:

[gweihir]

Indeed. It is still not happening here in Europe. Maybe the up to EUR 50'000 fines per call (in Germany, for example) for phone providers not blocking that crap pretty fast have some effect?

Re:

[ukoda]

I think it is a cultural thing that New Zealand companies don't cold call by phone due to the negative perception of it, and local spam laws that actually can be applied to them are strong so, local spam is not a problem. It is the off shore spammers that are the biggest hassle but I think the local telcos have a handle on it now as that has died down recently. That only leaves email and the ongoing battle of spam filters.

Re:

[gweihir]

Good to hear. Apparently the phone-type firewalls are not easy to administrate, but it can be done. I am still at 2 SPAM calls in the last 15 years.

Re:

[phantomlord]

Phone books also did not show a relation between people. "Here's all the people in this town that did not opt-out of being listed" vs "here's a list of people that I know well enough to have their number, regardless of if they want their number known to others".

On a side note, I wish android would let me keep old contacts for archive purposes, but let me hide them. I don't want to see my abusive ex or her friends in my contact list, but I want to know if they're the person trying to contact me currently.

Re:Why is Contact sharing legal?

[gweihir]

It is illegal under the GDPR. Sharing your contact list may make you liable if somebody in there gets their identity stolen. There are no court-cases yet, but in principle you have zero permission to use contact info for anything than contacting the person. That permission you got implicitly by them handing the info to you. But the GDPR says the info still belongs to them, you just have a very limited permission to use it. Oh, and if they ask, you are legally required to delete all of it and that would include all copies you shared.

Re:Why is Contact sharing legal?

[DarkOx]

WAT?

Phone numbers are not private. We used to print and distribute large books of them to anyone who wanted one.

TL:DR
I don't need or really want my phone number to be a secret, actually I'd like anyone who has a legitimate reason to contact me to be able to discover it easily. What I really need is for some kind of proof of relationship so I can decide and more specifically have a *reliable* automatic system deny or accept calls based on my preferences.

Long version:

Its just an identifier, it should not be considered any more a secret than your name. Now coupled with other datum that might turn them into private information. Ie if you number appears in a customer database that leaks from some organization, now we have information that you associated with them, which may or may not be private.

Now I know there is a history of private and unlisted numbers. However that a combination of a cash grab for telcos, they used to charge for that, and a shabby solution to the problem of SPAM, before that was really understood. Basically the phone system after having been upgraded to automatic switching/dialing vs operators making connections, there was no way to throttle the rate of calls or reject unwanted callers. Rather then fix it telcos naively allowed some secrecy around the identifiers. They also in most cases made the really terrible mistake of using the phone number as natural key for their accounts/contracts complicating all future fixes.

TBH throwing numbers in unstructured data used in ChatGPT prompts probably isn't a big deal. There are bazillian places they could buy if from pre-correlated with all kinds of other information anyway. Privacy and security need to be take seriously a lot more seriously than most of society currently is, but lets not get distracted trying to keep information that everyone and their brother already has like phone numbers secrets that should not be secrets in the first place.

Re:

[excelsior_gr]

We used to print and distribute large books of them to anyone who wanted one.

Yes, it also used to be that you could opt out from appearing in one.

Re:

[irreverentdiscourse]

"Phone numbers are extremely private information"

What on this planet gave you that idea? Not even remotely close to true.

And if they do that, they are not my friends

[gweihir]

Incidentally, anybody that has any of your personal information can share it with ChatGPT. But in Europe, that would be illegal and may make them liable for all damage caused.

Re:

[irreverentdiscourse]

Literally not illegal.

Re:

[gweihir]

Literally illegal, unless you share only with people that exclusively use, store and process this data only for private use. There is a specific exception for that. Giving that data to ChatGPT is not private data processing anymore because it is known that data can be stored and used for training.

Save time

[ukoda]

Just give ChatGPT your password. What could possibly go wrong...

Re: Save time

[RightwingNutjob]

Probably nothing consequential but certainly something hilariously stupid.

We pay for these things at work and people swear by them for everything from writing code to to come up with project names. I held out for a few years. Then out of sheer morbit curiosity I fired it up to see what it (Claude I think is what we have) would do for me.

I asked it for a hello world in rust. Okay.

Then I asked it for a position/velocity vector rotation in c++. First round got the sign of the rotation wrong. Second round it fixed the sign but put an extra matrix product that cancels to identity in there. Third round fixed that. But it still wants to include a third party template library for vector math.

So let's try the car analogy...I mean the phone-a-friend analogy.

You give it your friend's phone number. First thing it does is text that number assuming it's you. Upon being told of its error, it promptly corrects itself by replying to you in the session like you're the friend it's supposed to text. And finally it gets straightened out but starts talking in swahili with a helpful link to google translate.

Re:

[gweihir]

Unless that password gets shared with the world in one of the countless leaks of private conversations ...

I am quite surprised it did not get the C++ vector rotation right until the 3rd attempt and needing a vector library for something this simple? That is insane. This must be correctly tons of times in the training data. Maybe there are tons of wrong answers in there as well?

Re:

[bussdriver]

It doesn't know what it is doing. It's an evolved spam filter. It knows the odds of what you want but how to connect those is also stats... but no context for those decisions other than more stats from training data... and the further you move down the decision/connection tree the more the predictions get off context... the more you specify in a way that helps the search the closer it gets in navigating that path. Eventually, since knowledge is finite, you'll have paths that lack much data to predict and th

Re:

[gweihir]

I am aware and I agree. But rotating a vector is like Linear Algebra 101, 3rd week and it is used in tons of engineering calculations. What I am surprised at is that this is not sufficiently covered in the training data for the LLM to sort-of "lock on", because that means a lot of other elementary stuff that will be in there 100s of times will also not work.

Re: Save time

[RightwingNutjob]

It happened. I typed "write a c++ function to rotate a position and velocity vector given a rotation matrix and its time derivative" and it flat out got the sense of the rotation wrong.

This was after a manager in another part of my workplace (who's got pretty good technical chops himself) told me how amazed he was about how smart it was about coordinate transformations and hairy chain rule calculus stuff it was.

Idunno. Maybe he just got lucky or maybe like you said most people just don't understand coordina

Re:

[gweihir]

I believe you. I am just astonished at the sheer level of dysfunctionality that requires in ChatGPT.

joke's on them

[Mr. Dollar Ton]

I have no friends and no phone numbers.

Re: No problem

[Slashythenkilly]

We know

Your friends ARE sharing your number with WhatsApp

[allo]

Who doesn't know anyone with WhatsApp?

You May Be Surprised

[SlashbotAgent]

You may be surprised to learn that -- way back in yesteryear -- names, phone numbers, and home addresses were published in publicly available books. These books were so pervasive that it was typical that there were several copies in every home as well as copies hanging on a cable outside on virtually every street corner. It sounds insane. I know. But, phone books and phone booths were pervasive. Even crazier, back then you had to pay an extra fee to opt-out of the phone book with a so-called unlisted number.

So, coming from the phone book era, I'm not at all disturbed that my phone number or my address is shared, anywhere, by anyone. But, I do find it very weird that openAI is trying to make ChatGPT some sort of a social platform?

Re:You May Be Surprised

[Voyager529]

Even crazier, back then you had to pay an extra fee to opt-out of the phone book with a so-called unlisted number.

And one *could* do that, and have some reasonable expectation that their phone number was actually being unlisted in a verifiable way, and if friends handed out an unlisted number, it was at an extremely small scale, and was unlikely to be for the entire contents of one's Rolodex.

ChatGPT (and Meta and everyone else) is absorbing *every* phone number in one's contacts, based on a yes/no prompt that most people don't read, without the consent of the person who's contact information it is, and likely some notes or descriptions (commonly in the "company" line), and adding it all into a pile of training data, that nobody can audit or verify, and for whom owners of the number cannot opt out of.

These are not the same.

Re:

[bussdriver]

YES! However, a personal phone book which is something people also had and still do. This meta data connects a list of people to you and shows your network of contacts. Perhaps > 3 people in your list were arrested for opposing Trumpism so now you are flagged as a risk. Perhaps you never vote again having to be stuck proving citizenship and voting provisionally (placated ballot nobody counts.) Oh but your friends only use OpenAI so none of this info is going to harm you.... until the CEO decides to se

Who in their right mind...

[ConceptJunkie]

Who in their right mind would allow any app access to their contact list?

I can't anything good coming out of that, only bad.