Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Acmeon 9 hours ago

In principle, I find it valuable to integrate tools. However, in this case I would be somewhat cautious, especially as "your chats, attachments, and workbook content — may be shared with OpenAI" (as per the Microsoft Marketplace description: https://marketplace.microsoft.com/en-us/product/WA200010215?...).

This seems like a security nightmare, which is especially relevant because sensitive data is often stored in Excel files.

angadsg 8 hours ago | parent | next [-]

Hi, engineer on this add-in. Fair concern but we never train on any of our business or enterprise user data, or if you have opted-out of training on your ChatGPT account.

Avicebron 8 hours ago | parent | next [-]

Forgive my ignorance. How do you folks manage context retention? Say if someone had a sensitive excel document they wanted inference done over, how is that data actually sent to the model and then stored or deleted?

It seems one of the biggest barriers to people's adoption is concern over data leaving their ecosystem and then not being protected or being retained in some way.

Is this is an SLA that a small or medium sized company could get?

p_ing 8 hours ago | parent [-]

If you're concerned, you don't send it outside of the M365 boundary and presumably your admin has Purview Sensitivity Labels in place covering the document to prevent such activity.

Avicebron 8 hours ago | parent [-]

Doesn't that mean you can't actually use it for those sensitive documents?

p_ing 6 hours ago | parent [-]

Correct.

Avicebron 5 hours ago | parent [-]

{EDIT} English and or the concept of written word may be foreign to you. Thank you for your assistance.

Acmeon 8 hours ago | parent | prev [-]

Yeah, I was expecting that you do not train on business or enterprise user data. However, I am not just worried about "training", but also about "sharing". Furthermore, I am worried about cases where an individual has chosen to integrate an add-in and then inadvertently leaks sensitive data.

However, it may be important to note that these security considerations are relevant for most Office Add-Ins (and not just the ChatGPT add-in).

p_ing 9 hours ago | parent | prev | next [-]

That's the nature of these add-ins. Modern Add-ins are all little XML frames with some JS or whatever. All processing occurs server-side, hosted by the add-in publisher.

This is counter to the old (security nightmare) COM model where processing could be local.

strongpigeon 8 hours ago | parent [-]

To clarify: add-ins are essentially web pages. They can do some processing client side if they want, but yeah in the case of a ChatGPT add-in it's not like they're running the model in a web frame.

9 hours ago | parent | prev [-]
[deleted]