This seems like common sense. I'm running OpenClaw with GLM-4.6V as an experiment. I'm allowing my friends to talk to it using WhatsApp.

Even though it has been instructed to maintain privacy between people who talk to it, it constantly divulges information from private chats, gets confused about who is talking to it, and so on.^ Of course, a stronger model would be less likely to screw up, but this is an intrinsic issue with LLMs that can't be fully solved.

Reporters absolutely should not run an instance of OpenClaw and provide it with information about sources.

^: Just to be clear, the people talking to it understand that they cannot divulge any actual private information to it.