ChatGPT — OpenAI — Are We Screwed?

⚠️ The bottom line

OpenAI trains on your conversations by default. The opt-out toggle is buried in settings. But opting out doesn't undo what's already been absorbed — and when the New York Times sued OpenAI, discovery revealed the company retains even "deleted" conversations for legal purposes. The Authors Guild found GPT could reproduce copyrighted books verbatim. Your conversations are just as reproducible. New York lawyer Steven Schwartz asked ChatGPT to research case law for a legal brief against Avianca airlines. ChatGPT invented 6 court cases — complete with fake judges, fake rulings, and fake quotes. Schwartz filed them with the court. When opposing counsel pointed out none of the cases existed, Schwartz told the judge he "did not know ChatGPT could generate false content." He was sanctioned $5,000. The case became a global cautionary tale — and OpenAI still doesn't warn users at the point of output that citations may be fabricated.

Legal jurisdiction

🇺🇸 United States (headquarters)

⚠CLOUD Act read more →

US govt can demand your data from this company even if stored overseas

⚠FISA §702 / PRISM read more →

NSA collects stored emails, photos, messages without individual warrants

●Geofence warrants read more →

Police can demand location data for everyone near a crime scene

Spying

3/4 HIGH

Is someone spying on me?

Data Sharing

4/4 EXTREME

Who gets my data?

Security

2/4 MODERATE

Is it actually secure?

Honesty

4/4 EXTREME

Can I trust what they say?

14Contradictions

6Critical

6High

2Medium

15Sources

Findings by concern

Spying 3/4 HIGH 1 finding

⚠️ criticalmarketing vs third party research

Suchir Balaji was 26 years old. He worked at OpenAI. He went public saying ChatGPT's training data practices violated copyright law. He became a key witness for the New York Times lawsuit. He retained a lawyer. In November 2024, he was found dead in his apartment. The medical examiner ruled suicide. His mother said he was not suicidal. He was one of the only people inside OpenAI willing to say what he saw out loud. Now he cannot say anything.

What they claim: OpenAI promotes a culture of safety research and responsible AI development

What we found: Suchir Balaji, a 26-year-old former OpenAI researcher, was found dead in his San Francisco apartment in November 2024. The medical examiner ruled suicide. Balaji had gone public months earlier arguing that ChatGPT's use of copyrighted training data was not fair use, and was a key source for the New York Times' landmark copyright lawsuit against OpenAI. He had recently retained a lawyer. His family disputed the ruling, saying he was not suicidal. He was one of the few insiders willing to speak publicly against OpenAI.

Data Sharing 4/4 EXTREME 7 findings

⚠️ criticalpolicy claims vs regulatory findings

The New York Times sued OpenAI in December 2023, demonstrating that ChatGPT could reproduce Times articles nearly verbatim — paragraph after paragraph of copyrighted journalism. The Authors Guild sued on behalf of John Grisham, George R.R. Martin, and Jodi Picoult. Sarah Silverman sued separately. OpenAI trained on Books3 — a dataset of 196,640 pirated books — and Common Crawl, which indexed the entire public internet without permission. OpenAI says it respects copyright. The lawsuits, collectively seeking billions, say otherwise.

What they claim: OpenAI says it respects copyright and intellectual property

What we found: The New York Times sued OpenAI in December 2023 for copyright infringement, seeking billions in damages. The lawsuit demonstrated ChatGPT could reproduce Times articles nearly verbatim. The Authors Guild filed a separate lawsuit representing 17 authors including John Grisham, George R.R. Martin, and Jodi Picoult. Sarah Silverman, Michael Chabon, and other authors filed additional suits. OpenAI's training data included Books3 (196,640 pirated books) and Common Crawl (the entire public internet).

⚠️ criticalprivacy policy vs regulatory

OpenAI said they wouldn't sell your data. Then they enabled marketing cookies by default and started sharing data with Target, Ford, and Adobe. $100 million in ad revenue in six weeks. The company that promised not to monetise your conversations found a way to monetise your conversations.

What they claim: OpenAI previously stated it does not sell user data

What we found: In April 2026, OpenAI updated its US privacy policy to formalise advertiser data sharing. Free and Go tier users now have marketing cookies enabled by default. OpenAI receives purchase data from advertisers — Target, Ford, and Adobe among early partners. The ad pilot crossed $100 million in annualised revenue within six weeks. The company that said it wouldn't sell your data is now sharing it with advertisers by default.

⚡ highpolicy claims vs regulatory findings

Delete your ChatGPT conversations and they disappear from your screen. OpenAI keeps them for 30 days — and anything already absorbed into training is permanent. When the New York Times subpoenaed OpenAI, the company produced conversations users had "deleted." Italian regulator GPDP temporarily banned ChatGPT over exactly this: the right to deletion wasn't real.

What they claim: Users can delete their data.

What we found: Deleted chats retained 30 days. Training data permanent. Memory persists separately. Court showed OpenAI CAN retain deleted data. EU Memory disabled pending AI Act.

⚡ highpolicy claims vs regulatory findings

On March 31, 2023, Italy became the first country to ban ChatGPT. The Garante (Italy's data protection authority) found no legal basis for mass data collection, no age verification, and no way for people to correct false statements ChatGPT made about them. OpenAI restored access after adding an age checkbox and a privacy policy link. The fixes were cosmetic — the underlying training data practices didn't change. The EU created a cross-border ChatGPT Task Force. Poland, France, and Spain opened their own investigations.

What they claim: OpenAI positions ChatGPT as safe and beneficial AI

What we found: Italy's data protection authority (Garante) temporarily banned ChatGPT on March 31, 2023 — the first country to ban the product. Grounds: no legal basis for mass collection of personal data for training, no age verification, no mechanism for users to correct inaccurate outputs about themselves. ChatGPT was restored after OpenAI added an age gate, a privacy policy link, and an opt-out — but the Garante is still investigating. The European Data Protection Board created a ChatGPT Task Force across all EU regulators.

⚡ highpolicy vs third party research

A class action lawsuit filed in May 2026 alleges OpenAI wired Facebook's tracking pixel and Google Analytics into ChatGPT's website. Every time you asked ChatGPT something, your chat topics and personal identifiers were allegedly shipped to Meta and Google — the two largest advertising companies on Earth. The lawsuit seeks $5,000 per violation. OpenAI says it doesn't sell your data. Apparently it was giving it away for free.

What they claim: OpenAI positions ChatGPT as a private AI assistant and states it does not sell user data.

What we found: A class action filed May 13, 2026, alleges OpenAI embedded Facebook Pixel and Google Analytics in the ChatGPT web interface, sharing users' chat topics, identifiers, and contact details with Meta and Google without consent. The suit cites violations of ECPA and California's Invasion of Privacy Act, seeking up to $5,000 per violation.

⚫ mediumfirmware analysis vs policy claims

OpenAI calls it "Temporary Chat" — suggesting nothing is saved. But OpenAI retains those messages for 30 days "for safety monitoring." A month of your supposedly temporary conversations sitting on OpenAI's servers, readable by staff, subject to subpoena. "Temporary" means "we keep it for a month and hope you don't notice the fine print."

What they claim: Temporary Chat is private and untracked.

What we found: Not used for training, doesn't appear in history. But retained 30 days. Still subject to abuse screening. 'Temporary' means 30 days.

⚫ mediumpolicy claims vs regulatory findings

Enterprise ChatGPT users get a privacy guarantee: their data won't train the model. Free users get no such promise — their conversations are training data. European users get different rules than American ones because the GDPR forced it. Samsung, JPMorgan, and Apple all banned ChatGPT internally. Your privacy depends on your employer's budget and your country's laws — not OpenAI's principles.

What they claim: ChatGPT treats all users' privacy equally.

What we found: Enterprise/API: no training. Free/Plus: training, review, retention. Memory disabled in EU. Different rules by plan and region.

Security 2/4 MODERATE 1 finding

⚡ highpolicy claims vs firmware analysis

In April 2023, Samsung engineers pasted proprietary chip source code into ChatGPT three times in 20 days — once for debugging, once for optimisation, once to generate meeting notes. Samsung discovered the leaks and banned ChatGPT company-wide. Apple, JPMorgan, Goldman Sachs, Amazon, and Deutsche Bank followed with their own bans. OpenAI's terms say users are responsible for what they input. The tool designed to help you write code is also designed to absorb it — and OpenAI's default is to train on everything you type.

What they claim: OpenAI terms state users are responsible for their use of ChatGPT outputs

What we found: Samsung engineers pasted proprietary semiconductor source code into ChatGPT for debugging and optimisation. Three separate incidents in 20 days. Samsung discovered the leaks, banned ChatGPT internally, and threatened to fire employees who used it. Apple, JPMorgan, Goldman Sachs, Amazon, Verizon, and Deutsche Bank all subsequently banned or restricted ChatGPT for employees.

Honesty 4/4 EXTREME 5 findings

⚠️ criticalpolicy claims vs firmware analysis

What they claim: ChatGPT gives users control over data and training.

What we found: Trains by default. Opt-out only future chats. Memory persists after deletion. Court order (May-Sept 2025) preserved deleted conversations. Operator retains screenshots 90 days. 30-day abuse screening retention even when opted out.

⚠️ criticalpolicy claims vs regulatory findings

New York lawyer Steven Schwartz asked ChatGPT to research case law for a legal brief against Avianca airlines. ChatGPT invented 6 court cases — complete with fake judges, fake rulings, and fake quotes. Schwartz filed them with the court. When opposing counsel pointed out none of the cases existed, Schwartz told the judge he "did not know ChatGPT could generate false content." He was sanctioned $5,000. The case became a global cautionary tale — and OpenAI still doesn't warn users at the point of output that citations may be fabricated.

What they claim: OpenAI says ChatGPT outputs are reliable and useful for work, coding, writing, and research

What we found: New York lawyer Steven Schwartz used ChatGPT to write a legal brief citing 6 court cases. Every case was fabricated — the courts, the judges, the rulings, the quotes were all invented by ChatGPT. Schwartz told the judge he did not know ChatGPT could generate fake citations. He was sanctioned $5,000 and his firm was sanctioned by the court. The Avianca case (Mata v. Avianca) became the global example of AI hallucination risk in professional settings.

⚠️ criticalmarketing vs regulatory

OpenAI's system flagged a user for gun violence planning. The safety team said report it. Management said no — not "imminent and credible" enough. They deactivated the account. She made a new one. Eight people died in a school. The system worked. The humans overruled it. Sam Altman apologised. The dead cannot accept.

What they claim: OpenAI promotes safety systems and responsible AI deployment

What we found: In February 2026, Jesse Van Rootselaar killed eight people at a school in Tumbler Ridge, BC. OpenAI's automated system had flagged her account for "gun violence activity and planning" months earlier. A safety team urged management to report it. Leadership decided the threat was not "imminent and credible" and simply deactivated the account. The shooter created a new account and continued planning. Sam Altman issued a public apology. Seven families sued OpenAI in April 2026.

⚡ highpolicy claims vs firmware analysis

Real people at OpenAI read your conversations — they call them "human reviewers." Turning off training doesn't stop this. When a contractor at Sama (the Kenyan outsourcing firm OpenAI used at $2/hour) described reading graphic content for months, OpenAI said the work was "necessary." The people reviewing your most private questions are paid less than a fast-food worker.

What they claim: Conversations are private between you and ChatGPT.

What we found: Human reviewers read conversations for accuracy/safety. Training opt-out doesn't prevent review. No disclosure of review scope. Enterprise excluded; free/Plus users are the review pool.

⚡ highpolicy vs regulatory

A federal judge ordered OpenAI to hand over 20 million ChatGPT conversation logs in January 2026. OpenAI said the logs were private. The judge said no — you typed your thoughts into someone else's computer. Twenty million conversations, heading to opposing lawyers in a copyright case. Every question, every draft, every confession you typed into that chat box.

What they claim: OpenAI argued that ChatGPT conversation logs are private and should not be disclosed in litigation.

What we found: In January 2026, US District Judge Sidney Stein ordered OpenAI to produce 20 million ChatGPT conversation logs to copyright plaintiffs. The court rejected OpenAI's privacy argument, ruling that users "voluntarily submitted their communications" to OpenAI and thus had no reasonable expectation of privacy.

Latest Risks & Threats

New developments that compound existing privacy concerns. 3 active threats · 1 emerging risk.

RISK Image authenticity verification tool 🤖 Ai Announced 2026-05-19

OpenAI releasing tool to verify if images were AI-generated. Users submit images for analysis — creating a new data ingestion pathway where OpenAI processes user-submitted photos to determine origin.

Sources

OpenAI is making it easier to check if an image was made by their models

THREAT Codex Chronicle sends periodic Mac screenshots to OpenAI servers; stores summaries as unencrypted local files ⚠️ Desktop_Agent Launched 2026-04-20

OpenAI's April 2026 Codex desktop update introduced Chronicle (research preview), which periodically captures Mac screenshots and sends them to OpenAI servers for processing. Resulting text summaries are stored locally as unencrypted Markdown files readable by any process. OpenAI warns of prompt injection risk (malicious on-screen content could be ingested and acted upon) and advises users to manually pause Chronicle before viewing sensitive content. The Computer Use feature separately requires macOS Screen Recording and Accessibility permissions, allowing Codex to read all visible screen content and control any app. Not available in EU/UK/Switzerland. Requires $100/month Pro subscription.

Sources

THREAT Trusted Contact — chatbots are now load-bearing in mental health crises 🏥 Health Launched 2026-05-07

OpenAI added a feature where you nominate a friend or family member who gets notified if ChatGPT's safety system flags a self-harm conversation. The framing is careful. The reality is bleaker: chatbots are now load-bearing in mental health, and OpenAI is building clinical escalation paths for a product that is not a therapist. A 14-year-old died after months with Character.AI. OpenAI's response is to make ChatGPT part of the crisis infrastructure.

Sources

OpenAI: Introducing Trusted Contact in ChatGPT (2026-05-07)

THREAT Former CTO testifies under oath that Altman lied about safety board review ⚠️ Honesty Launched 2026-05-07

Mira Murati — OpenAI's former CTO — testified under oath that Sam Altman falsely told her the legal team had cleared a model from the safety board. She checked. They hadn't. The same company that publishes model safety cards and talks about 'responsible AI' had its own CTO discover the safety review was a lie. Court filings in Musk v. Altman also revealed Greg Brockman's stake is now worth $30 billion — in what was a nonprofit.

Sources

The Verge: Murati testifies in Musk v. Altman — Sam lied about safety reviews (2026-05-07)

Sources

OpenAI: Data controls FAQ — trains on conversations by default(link unavailable)
Italy Fines OpenAI EUR 15M for ChatGPT GDPR Violations (2024-12-01)
NYT: Lawyer used ChatGPT — cited 6 fake court cases (2023-05-27)
New York Times: Suchir Balaji, OpenAI whistleblower, found dead at 26 (2024-11-26)
NPR: Families sue OpenAI over Tumbler Ridge shooting (2026-04-29)
Adweek: OpenAI sharing user data with advertisers (2026-04-30)
Italian DPA: ChatGPT ban and GDPR violations (2023-03-31)
TechCrunch: ChatGPT Violating European Privacy Laws — Italian DPA (2024-01-29)
Exodus Privacy: ChatGPT app (2024-01-01)
Bloomberg: Samsung engineers leaked proprietary code via ChatGPT (2023-05-02)
BBC: Italy temporarily banned ChatGPT — first Western country (2023-04-01)
OpenAI Hit with Class-Action Privacy Lawsuit for Sharing ChatGPT Data with Google and Meta (2026-05-13)
OpenAI Loses Privacy Gambit: 20 Million ChatGPT Logs Likely Headed to Copyright Plaintiffs (2026-01-15)