Chatbots May Be Giving Out Your Phone Number

When talking to a chatbot like ChatGPT, you should never assume that your conversations are private. Many chatbots use your chats by default to train the underlying AI models, but even if you turn off training or use a temporary chat, these conversations are often stored on company servers for a limited time. The general rule is to avoid sharing anything with a chatbot that you wouldn’t want to make public. (Confidential company information, personal secrets, etc.) But what if the chatbot in question already has your private information? What if ChatGPT, Gemini or Claude were happy to share your phone number with anyone who asked?

This is the discussion I stumbled upon this week, following reporting by Eileen Guo of the MIT Technology Review. In this article, Guo reviews a series of claims from users claiming that chatbots shared personal information, such as phone numbers, upon request. In some cases, chatbots shared information when the person in question asked for it; in other cases, however, it is strangers who ask for details. In one example, an Israeli software engineer received a message from an unknown contact via WhatsApp, asking for help with his payment app. When the engineer asked how the stranger got his WhatsApp information, he sent back a screenshot, showing how Gemini shared the details upon request. The engineer then found a single source on the internet containing his phone number: a 2015 Quora post.

How do chatbots obtain our private information?

Chatbots like ChatGPT are trained on huge amounts of data. Of course, much of this data comes from the Internet. So it’s entirely possible that websites containing your personal information, like a random forum post from a decade ago, ended up in a chatbot’s data set and were returned as part of a query for your information. Although it wasn’t part of the training data, chatbots have now had the ability to search the web for years. These models can crawl a huge number of websites to return results for a request, and if they find your information, they might just share it.

The deeper problem is that our information appears everywhere on the Internet, whether we know it or not. We may have personal contact information present on websites on which we may or may not remember posting information; City and town websites may have our personal information attached to public records, even though these results do not typically appear at the top of a typical Google search. Since AI is capable of performing in-depth analyzes of all of these web results, however, it is capable of finding obscure results and surfacing them, potentially exposing your information.

Today, as Guo explains, most chatbots have security guardrails in place to keep them from doing harm — or maybe too. a lot harm. I encountered this when I asked ChatGPT what my phone number was. She told me she couldn’t release the personal information of individuals because it would go against her security measures. However, the company found two phone numbers for “Jake Peterson” that were “public,” perhaps listed openly on individual company websites. (For the record, neither result was my phone number.)

But these safeguards are far from perfect. Guo highlights a case in which a University of Washington doctoral student looked up his friend’s coordinates on Gemini. The robot came back with this friend’s searches, but also his phone number. The friend later confirmed that she had shared her phone number online as part of a technology workshop, but never intended for it to be visible to anyone who asked. (Gemini couldn’t find or wouldn’t share my personal details either, but was happy to share my X account.)

Can you remove your phone number from chatbot data sets?

Unfortunately, we don’t have many good options to protect our privacy from chatbots. To their credit, OpenAI has a portal that allows you to request removal of your personal information from responses, but, as Guo notes, the company reserves the right to deny your request for a variety of reasons. Anthropic only has a support document explaining how it uses your information, while Google will allow you to request to opt out of processing personal data, but only based on your jurisdiction. (The company specifically calls out the EU and UK based on their data protection laws.)

Perhaps the most realistic approach to take is to remove as much of this information from the public Internet as possible. If you live in California, you can use this portal to request data brokers to remove your information from their databases. You can also check out a number of personal data deletion tools, like Incogni or DeleteMe, to try to accomplish the same thing. However, while these can remove your information from certain corners of the internet, there’s not much you can do if the AI ​​companies already have your information in their datasets.

The sad reality is that AI technology has overtaken personal privacy regulations. If lawmakers had taken the necessary steps to ensure that we all had the opportunity to opt out of these data collection practices, we may have been able to nip the problem in the bud. But for now, the best we can do is request that our information be deleted and not used – and, if the situation gets too serious, change our contact information completely.