Sensitive information leakage

[flashgnash]

I am slightly concerned by the idea of giving this thing my network transaction logs, as that effectively means sending all of my auth tokens, login credentials etc to openai

What measures if any are there in place to prevent this, and is there an option to use local LLMs instead to sidestep the issue?

[alanalanlu]

We are going to add the option to support local LLMs soon

[flashgnash]

This doesn't really answer my question though, I feel as though there should at least be a warning for users who don't know any better that sensitive information could be leaked

[alanalanlu]

Good point. Ill add a warning in the README

[alanalanlu]

We are working on a masking solution to hide the auth tokens but this is still not foolproof as its really hard to hardcode some logic to reliably identify sensitive "Dynamic parts"

[flashgnash]

We are working on a masking solution to hide the auth tokens but this is still not foolproof as its really hard to hardcode some logic to reliably identify sensitive "Dynamic parts"

I believe chrome's export as HAR by default censors sensitive information, I'm not sure if it's totally bullet proof but from my testing it seems to remove tokens and login credentials