Are Web Browsers With Integrated Chatbots A Paradigm Shift – Or Just Privacy And Security Disasters Waiting To Happen?
from the I’m-sorry,-Dave,-I’m-afraid-I-can't-undo-that dept
In a further sign of where the generative AI world is heading, OpenAI has launched ChatGPT Atlas, “a new web browser built with ChatGPT at its core.” It’s not the first to do something like this: earlier browsers incorporating varying degrees of AI include Microsoft Edge (with Copilot), Opera (with Aria), Brave (with Leo), The Browser Company’s Dia, Perplexity’s Comet, and Google’s Gemini in Chrome. Aside from a desire to jump on the genAI bandwagon, a key reason for this sudden flowering of browsers with built-in chatbots is summarized by Sam Altman in the video introducing ChatGPT Atlas. Right at the beginning, Altman says:
We think that AI represents a rare once a decade opportunity to rethink what a browser can be about and how to use one, and how to most productively and pleasantly use the Web.
AI is a disruptive force that could allow new sectoral leaders to emerge in the digital world, and the browser is clearly a key market. Chatbots are already popular as an alternative way to search for and access information, so it makes sense to embrace that by fully integrating them into the browser. Moreover, as OpenAI writes in its post about Atlas: “your browser is where all of your work, tools, and context come together. A browser built with ChatGPT takes us closer to a true super-assistant that understands your world and helps you achieve your goals.” The intent to supplant Google’s browser at the heart of the digital world is clear.
Given its leading role in AI, OpenAI’s offering is of particular interest as a guide to how this new kind of browser might work and be used. There are two main elements to Atlas. One is “browser memories”:
If you turn on browser memories, ChatGPT will remember key details from content you browse to improve chat responses and offer smarter suggestions—like creating a to-do list from your recent activity or continuing to research holiday gifts based on products you’ve viewed.
Browser memories are private to your ChatGPT account and under your control. You can view them all in settings, archive ones that are no longer relevant, and clear your browsing history to delete them. Even when browser memories are on, you can decide which sites ChatGPT can or can’t see using the toggle in the address bar. When visibility is off, ChatGPT can’t view the page content, and no memories are created from it.
Browser memories are potentially a privacy nightmare, since they can hold all kinds of sensitive information about users — and their browsing habits. OpenAI is clearly aware of this, hence the numerous options to control exactly what is remembered. The problem is that many users can’t be bothered making privacy-preserving tweaks to how they browse. Browser memories could certainly make online activities easier and more efficient, which is likely to encourage people to turn them on without much thought for possible consequences later on. The same is true of the other important optional feature of Atlas: agent mode.
In agent mode, ChatGPT can complete end to end tasks for you like researching a meal plan, making a list of ingredients, and adding the groceries to a shopping cart ready for delivery. You’re always in control: ChatGPT is trained to ask before taking many important actions, and you can pause, interrupt, or take over the browser at any time.
Once again, OpenAI is aware of the risks such a powerful agent mode brings with it, and has tried to minimize these in the following ways:
It cannot run code in the browser, download files, or install extensions
It cannot access other apps on your computer or file system
It will pause to ensure you’re watching it take actions on specific sensitive sites such as financial institutions
You can use agent in logged out mode to limit its access to sensitive data and the risk of it taking actions as you on websites
Even so, the company emphasizes bad stuff can still happen:
Besides simply making mistakes when acting on your behalf, agents are susceptible to hidden malicious instructions, which may be hidden in places such as a webpage or email with the intention that the instructions override ChatGPT agent’s intended behavior. This could lead to stealing data from sites you’re logged into or taking actions you didn’t intend.
Someone who is still skeptical about this new kind of browser is AI expert Simon Willison. Writing on his blog about OpenAI Atlas, Willison says:
The security and privacy risks involved here still feel insurmountably high to me – I certainly won’t be trusting any of these products until a bunch of security researchers have given them a very thorough beating.
Web browsers with chatbots built in are an interesting development, and may represent a paradigm shift for working online. Done properly, their utility could range from handy to life changing. But the danger is that FOMO and pressure from investors will cause companies to rush the release of products in this sector, before they are really safe for ordinary users to deploy with real, deeply-private information, and with agent access to critically-important online accounts — and real money.
Follow me @glynmoody on Mastodon and on Bluesky.
Filed Under: agents, ai agents, atlas, browser, chatgpt, chrome, comet, copilot, edge, fomo, gemini, genai, leo, privacy, prompt injection, security, simon willison, web
Companies: brave, dia, google, microsoft, openai, opera, perplexity
Comments on “Are Web Browsers With Integrated Chatbots A Paradigm Shift – Or Just Privacy And Security Disasters Waiting To Happen?”
They're designed to be insecure...
…so of course they’re insecure. This isn’t fixable.
Oh, they’ll try: they’ll slap patches on them and make the right noises and pledge to do better, then repeat the process over and over again. But these Frankbrowsers are insecure by design and that can’t be fixed. Not ever.
And then it gets worse: there will be lookalike/workalike browsers released by malicious actors — an easy prediction since it’s already happened — and users who’ve bought into the AI hype will download those and promptly compromise themselves, their accounts, and — if in a networked environment — everything nearby.
Re:
Exactly this.
Sigh
This is a great idea, just like connecting home appliances to the internet…
No. Ever since all the major browsers combined their URL bars and search bars—and when they started sending and responding to incomplete queries there—people have effectively been “chatting” with their browsers. Before that, they’d go to a search engine’s page and often do the same.
Even decades ago, when search queries were treated as simple word lists, people would ask them questions as if they were human. Now the responses might get a bit better again.
I highly doubt anyone will be querying their bookmarks or browser histories this way. If “AI” worked, they wouldn’t need the bookmark in the first place. Maybe they’ll ask it how to clear their history, but not entirely intentionally—they’ll likely not know whether they’re asking a search engine, an “AI agent”, or some low-paid foreign worker. They’ll type some text into a text box, and maybe something useful will happen.
(Also, as heard on The Simpsons: “Excuse me, but ‘pro-active’ and ‘paradigm’… aren’t these just buzz-words that dumb people use to sound important?”)
Are we still waiting? There have already been reports of police querying chat bot logs, and quite a few about these bots leaking information they’re not supposed to.
I find it very unlikely that Atlas will ever have a significant market share. In the past 25 years the only browser that’s managed to convince a majority of users to switch away from the one that came with their computer is Chrome, which has the slight benefit of being advertised prominently on the world’s most popular website.
I think you’re right that Atlas is worth watching to see how/if Edge and Chrome follow its lead (I’m not so sure Apple is interested), but I just don’t see Atlas itself catching on. Opera and Brave will continue to be niche browsers, and I’ve never even heard of Dia or Comet.
That’s even before we consider that the features that differentiate Atlas from other browsers are features that nobody fucking asked for.
“In a further sign of where the generative AI world is heading, OpenAI has launched ChatGPT Atlas, ‘a new web browser built with ChatGPT at its core.’”
Maybe this will be the thing that finally makes Open AI profitable 🙄. Thus far, they’ve burned through billions of dollars to create… a hallucinating chatbot browser. Where’s the cure for cancer, Sam?
I'm maybe not the target market here but
It feels like the things I would trust it to do are things I can easily do for myself. The things I might value an agent to do, are things maybe I shouldn’t trust it to do? How does it actually know what’s important?
This example of the recipes and grocery shopping always comes up in Use Cases That Can Be Addressed in Fresh New Ways … and also always seems to be written by people who don’t … actually cook for themselves.
Why do I want these tools running inside a browser instead of being a separate agent?
The place I can see it would be useful is gathering a daily set of customized news and posts and articles feed for me on topics I specifically asked it for. If I wanted to do that though I still don’t need it to run in my browser watching everything I do.
I think they’re not going to be widely adopted. There may be a fad for them, but people use web browsers to a) find information and b) access services. GenAI fails miserably at the former, not being designed to provide information. As for the latter, I think it’s going to run up against the services’ need to control the user experience to maximize the service’s revenue. The chatbot would be another middleman sitting between the service and it’s users, and the services are well aware of what happens when you permit that because that’s their business model.
Integrating genAI into the services themselves isn’t going to work either, just because of the sheer cost of the compute resources needed for the chatbots. When it’s the owners of the chatbots footing the bill to try and build market share, that’s one thing. When those owners are trying to sell a service to other services, they’re going to want to get paid for all that compute cost and every penny of that will come out of the pockets of the services using the chatbots. Those services aren’t going to like that one bit.
I think genAI as it’s being proposed isn’t a solution in search of a problem, it’s a problem desperately searching for a bigger problem it can help address and not finding any.
Crossing my fingers that Mozilla still has some institutional intelligence and won’t shit up Firefox with this junk.
Re:
Too late(sort of): https://support.mozilla.org/en-US/kb/ai-chatbot
Re: Re:
Oh jesus fucking christ.
Re:
Are we reaching the fabled fourth stage of enshittification, after the “clawing back all the value for themselves” where companies abuse their own product to funnel all the value back to… Nvidia?
They’re a way for AI companies to bypass the proections against their relentless DDOS attack level scraping that are popping up by having a user involved in the process and build up a perfect digital image of them to boot, tracking everything to a degree that would make ecen Facebook jealous. It will be denied, of course, but if you can’t trust the people illegally performing retinal scans in the developing world to be honest and obey the law of the lands they operate in, who can you trust?
A solution in search of a problem.
Not only are these tools inherently unsecure, but after using them I don’t even see how they’re beneficial. If I wanted a confidently-incorrect answer, I would just google what I’m looking for and add “reddit” to the end of the query.
Hey honey, the dumpster’s on fire again.