AI Chats Became Public Records: Privacy Crisis Unfolds

September 9, 2025
Privacy Crisis Unfolds

Vikrant Rana, Anuradha Gandhi and Prateek Chandgothia

Introduction

On August 1, 2025, OpenAI rolled back a controversial feature from Chat GPT which allowed users to “make the chat discoverable” while generating a shareable link to privately share it with a known person.[1] This would essentially allow search engines to index the conversation of the user for public access. Indexing of the conversations on the Search engines practically results in it being searchable through a normal Google search if the keywords in the search query match those in the conversation. While this option was clearly visible to the users and gave them a fair opportunity to either opt-in or opt-out, most users believed that the link would remain private unless explicitly shared with someone, users had an expected level of privacy.

(To read more on Ethical and Legal boundaries of AI, refer – https://ssrana.in/articles/web-scraping-and-personal-data-legal-and-ethical-boundaries-in-ai/ )

ChatGPT and Google – Indian User Statistics.

The incident raises crucial questions about user comprehension and privacy especially for India because in May 2025, an international technology investment firm published a report stating that 13.5% of the users of ChatGPT are Indians.[2] Further, on the list of creating the most google traffic, India is on the 2nd position with approximately 12 billion monthly visits.[3]

How did ChatGPT generate a Shareable link?

When the user shared a ChatGPT conversation, it generated a unique link with a Universally Unique Identifier (hereinafter referred to as ‘UUID’). This UUID is a long, random string of characters, for e.g., “673e8cd2-e738-8009-95e9-1cc04330bdc3”. This UUID is generally a private access link. However, when the user toggled the checkbox to make chat discoverable, ChatGPT allowed the search engines to crawl the generated link and index the same on their web results.

Web Crawling versus User Privacy?

The issue is not with the link’s security, but with its public visibility. The key factor of this is OpenAI’s “Robots.txt” File. OpenAI, the company behind ChatGPT, has a robots.txt file that explicitly tells search engines like Google that it’s okay to crawl and index the “/share/ path” on its website. Because of this, search engine “spiders” i.e., automated bots that crawl the internet, find these public links, follow them, and add the content of the shared conversations to their index.[4]

Private Sharing and Public Indexing

When a user shares a ChatGPT conversation privately with another person, they make a conscious decision to grant access to a specific, known individual. The user’s intent is to control who sees the conversation. This action is predicated on the assumption that the link will remain private between the two parties.

The problem arises when that same shareable link is made publicly available through search engine indexing. Users alleged that this is not an action they intended or chose. Their desire was to share the conversation with a few people, not to make it discoverable by anyone in the world who performs simple search. The users believed that the link is private and only accessible to those with whom all they chose to share it with, like an unlisted YouTube video or a private Google drive file. Explicit consent to share means that the user is fully aware of the consequences of their actions and choices.

Lack of Explicit Transparency

While the “discoverable” checkbox wasn’t hidden, it failed to clearly communicate the significant consequences of its selection. There’s a big difference between simply sharing a link and allowing that content to be permanently indexed by global search engines which the OpenAI failed to communicate clearly. This highlights a need for greater transparency and user-friendly explanations of how these tools operate.

Open AI’s Liability or User Responsibility?

OpenAI did, have a specific toggle labeled “Make this Chat discoverable” and below that “Allows it to be shown in web searches” within the share dialogue box. This indicates that the functionality was available as advertised. The problem is that there was no friction between sharing a conversation privately and sharing it publicly.

The simple checkbox, located right next to the share link creation button, could easily be mis-clicked. This design choice created a high potential for users to accidentally make their conversations public without fully realizing the consequences. The feature works as advertised, but the user experience led to unintended public exposure of private conversations. This fact was also acknowledged by OpenAI’s Chief Information Security Officer (hereinafter referred to as ‘CISO’). [5]

Did the Rollback rectify the Public Indexing?

On August 1, 2025, OpenAI’s CISO, through X, released a statement informing that the ‘Make this chat discoverable’ feature has been recalled. It was also reported that active steps are being taken to remove the already indexed conversations as OpenAI is in talks with multiple search engines.[6]

However, as per a report published on August 7, 2025, cyber researchers have found that over 1.3 lakh conversations with Claude, Grok, ChatGPT and other AI LLMs are publicly indexed on the Archive.org website. These conversations are open to public access. Further, the director of company which operates Archive.org website has stated that they have not received any requests for large scale Uniform Resource Locator (hereinafter referred to as ‘URL’) exclusion of “chatgpt.com/share” URLs asserting that if they receive any such requests from OpenAI, they intend to honor them. [7]

Therefore, while this may be considered as a poorly integrated feature which has been recalled, it has left long-lasting privacy implications such as indefinite public exposure of the private conversations of the users as once certain information is made public on the internet, complete removal of the same is not possible.

What is the real-life magnitude of sensitive information in indexed chats?

A cyber investigative report[8] released by an internationally recognized expert[9] in online research methods states different types of conversations consisting of range of personal and sensitive information which have been indexed on search engines.

  1. Extracting Self-Incriminating Information In one of the instances, a lawyer of an Italian based multinational group had asked chat GPT to help him build a deal to offer the Amazonian Indigenous community to displace them from territories in order to build a dam and hydroelectric plant on that land. The conversation reveals several individual and corporate incriminating aspects including exploiting the indigenous community into a discriminatory deal.
  2. Violation of Corporate confidentiality – As per a 2023 report by Cyberhaven, 11% of the data pasted into ChatGPT by corporate employees is confidential information.[10] In April, 2023, employees of a tech giant submitted source code and internal meetings in chat GPT on three separate occasions.[11] Indexing these conversation on search engines can result in large scale unauthorized access to data protected by company confidentiality.
  3. Legal Counsel – In another instance, a legal professional requested Chat GPT to take the role of litigation expert under the pretext of him being compelled to represent his client before the Court as his colleague had met with an accident. In the process, the user gave personal details of the parties involved along with evidentiary details containing a wide range of data.[12]
  4. Medical/ Health Information – As per the report, a medical professional had asked Chat GPT to act as an oncologist to treat a patient with Stage IIIA non-small cell lung cancer. In the processes, personal information of the patient including the name and age, along with critical sensitive information containing medical history of the patient was shared.

(To read more on the scope of personal information processed by AI Chatbots, refer – https://ssrana.in/articles/ghibli-under-scrutiny-state-cyber-cells-warns-data-privacy-threats/ )

How can Personal Information in Chat GPT Conversations be misused?[13]

The public indexing of private chat GPT conversation can result in much broader personal data exposure when compared to a traditional Information Technology (hereinafter referred to as ‘IT’) systems. In case of traditional IT systems, limited types of sensitive personal information is processed depending on the purpose of processing, however, in case of Large Language model AI systems (hereinafter referred to as ‘LLMs’), there is no specific or defined purpose. A user can input any type of personal information as there are no defined fields of input. This could vary based on multiple factors.

  1. Unauthorized access – Developers paste error logs or infrastructure paths into ChatGPT for code rectifications, which if exposed can make the infrastructure vulnerable to unauthorized access.
  2. Targeted Cyber Attacks and Scams – Marketers, analysts, or customer support reps summarize client data during AI-assisted drafting which could include personal information that could be used for personal profiling, analytics and targeted attacks by threat actors.
  3. Exposure of Privileged Documents – Employees and management of corporates upload strategy discussions, pre-launch features, and even legal drafts which if disclosed can lead exposure of company trade secrets.

(To read more on Privacy Concerns in AI Chatbots, refer – https://ssrana.in/articles/privacy-concerns-in-ai-chatbots-a-comparative-analysis/ )

Can OpenAI be penalized for this incident?

Overview of Regulatory Purview

Since the conversations indexed publicly included a broad range of sensitive personal information, following regulatory frameworks may come into play –

  • European Union’s Artificial Intelligence Act, 2024 (hereinafter referred to as ‘EU AI Act’)[14]
  • European Union’s General Data Protection Regulation, 2018,[15]
  • India’s Digital Personal Data Protection Act, 2023,[16]
  • The Information Technology Act, 2000[17]
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.[18]
  • The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.[19]
  • Gramm-Leach-Billey Act, 1999[20]
  • Health Insurance Portability and Accountability Act, 1996 [21]

Can these frameworks apply on OpenAI for this incident?

The clear answer would be no, mainly because all the regulations governing data protection and privacy ascertain and prescribe liabilities for data breach or mishandling of personal information only when there is non-compliance with the relevant requirements such as maintaining reasonable security measures, obtaining consent, giving privacy notice and upholding rights of data principals.

Even the EU AI Act, which specifically regulates AI systems, classifies AI LLM models like Chat GPT as low-risk system and prescribes negligible compliances or penalties for it. The reason why ChatGPT cannot be held liable is:

  1. This incident wasn’t a security breach, but a failure in user experience for which there are no specific regulations prescribed.
  2. Enabling discoverability required a deliberate action which the users opted for.

This incident falls within the grey area of these regulations where OpenAI had provided an explicit opt in mechanism with description of what would be the result of opting in. This incident has sparked wide concerns regarding need to integrate explicit warning messages, additional friction and steps in the user interface before the user opts in for a feature or option that could result in compromising sensitive personal information. This need is based on providing the user adequate time and opportunity to pause and consider the question, “Should this really be out there forever?”

Therefore, the only penalty or fine that is imposed on Chat GPT because of this incident is loss of user trust. The pertinent question here, which the Courts need to clarify is – “Whether such practice amounts to being unfair or akin to dark patterns?”

(To read more on the implication of dark patterns on consumer privacy, refer – https://ssrana.in/articles/securing-consumer-data-in-the-e-commerce-sector/ )

Way Forward

This incident provides an important lesson for the regulators to keep in mind while framing laws to regulate AI. Even though enabling discoverability required deliberate action, the backlash revealed a significant gap between the company’s design and user expectations. The default assumption for many was that creating a link meant sharing it with a specific person, not making it globally searchable. Many users who enabled this setting didn’t realize the full implications—that their chats could be indexed by search engines like Google—assuming they were only creating a private link to share with specific people or bookmark for themselves.

The relationship between a single user and a tech giant is fundamentally asymmetric. A user, acting alone, has limited resources and expertise. In contrast, a conglomerate has vast resources, including teams of psychologists, data scientists, and user experience designers. These experts are employed to create interfaces and experiences that are not only engaging but also highly effective at influencing user behavior. This can lead to situations where a user is subtly coerced into sharing personal information they might not have otherwise disclosed. Given this inherent power imbalance and the sophisticated methods of manipulation, it’s a logical and necessary step to place a greater liability and responsibility of care on the corporations.

[1] https://www.livemint.com/technology/tech-news/openai-kills-chatgpt-feature-that-exposed-personal-chats-on-google-all-you-need-to-know-11754020916936.html

[2] https://www.bondcap.com/report/pdf/Trends_Artificial_Intelligence.pdf

[3] https://worldpopulationreview.com/country-rankings/google-users-by-country#:~:text=But%20it%20might%20not%20be,other%20country%20in%20the%20world.

[4] https://www.resonance.security/blog-posts/how-google-is-indexing-chatgpt-conversations-when-sharing-becomes-leaking

[5] https://www.trendmicro.com/en_in/research/23/g/chatgpt-shared-links-and-information-protection.html

[6] https://coincentral.com/openai-to-scrub-chatgpt-conversations-from-google-after-privacy-backlash/

[7] https://www.digitaldigging.org/p/chatgpt-confessions-gone-they-are

[8] https://www.digitaldigging.org/p/the-chatgpt-confession-files

[9] https://wikitia.com/wiki/Henk_van_Ess#Digital_Digging_Platform

[10] https://www.cyberhaven.com/blog/4-2-of-workers-have-pasted-company-data-into-chatgpt

[11] https://gizmodo.com/chatgpt-ai-samsung-employees-leak-data-1850307376

[12] https://futurism.com/leaked-chatgpt-lawyer-displace-amazonian

[13] https://www.resonance.security/blog-posts/how-google-is-indexing-chatgpt-conversations-when-sharing-becomes-leaking

[14] https://artificialintelligenceact.eu/the-act/

[15] https://gdpr-info.eu/

[16] https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf

[17] https://www.indiacode.nic.in/bitstream/123456789/13116/1/it_act_2000_updated.pdf

[18] https://upload.indiacode.nic.in/showfile?actid=AC_CEN_45_76_00001_200021_1517807324077&type=rule&filename=GSR313E_10511(1)_0.pdf

[19] https://www.meity.gov.in/static/uploads/2024/02/Information-Technology-Intermediary-Guidelines-and-Digital-Media-Ethics-Code-Rules-2021-updated-06.04.2023-.pdf

[20] https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act

[21] https://www.hhs.gov/hipaa/index.html

More Articles

  1. GST Rate Revisions 2025 and Their Impact on LMPC Declarations
  2. Nepal Blocks 26 Social Media Platforms in Historic Ban
  3. Digitization of Transport Data and Securing Personal Information
  4. Battling Hydra-Headed Piracy: JioStar Secures Dynamic+ injunction from Delhi High Court
  5. First Solar v. Adani’s MSPVL: A Cautionary Tale on FTO Due Diligence as a Shield in Global Markets
  6. Prior Art Sinks Novelty: Jayson’s Design Debacle
For more information please contact us at : info@ssrana.com