Privacy considerations for the /chat endpoint

[sabaimran]

I had a privacy-oriented question for the /chat endpoint, and I wanted to document my explorations here.

Does OpenAI's ChatGPT API store my data? Yes, for 30 days, after which it is deleted (as of March 1, 2023). Data passed to the API is not used for training.

As of March 1st, 2023, we retain customer API data for 30 days but no longer use customer data sent via the API to improve our models. You can learn more in our data usage policy.

With that information, I'm hesitant to share sensitive data to Khoj. When everything is hosted locally and running directly from my machine, I have no concerns with sensitive information. This causes a slight adoption constraint for me for the /chat endpoint, as I'd have to split out any of my more sensitive data to prevent it from being indexed, and subsequently passed to the ChatGPT API.

What data is sent to the ChatGPT API?

Khoj will first execute the search based on the generated embeddings I have locally. Then, choosing the top two results - (see /chat endpoint in api.py), it will pass those to ChatGPT as context. As such, GPT will be exposed to as much information as is deemed relevant by the top two results in Khoj.

Solution

To continue using Khoj and integrate the /chat endpoint in my workflow, I'll remove any sensitive data from my notes that are being indexed.

[debanjum]

When everything is hosted locally and running directly from my machine, I have no concerns with sensitive information. This causes a slight adoption constraint for me, as I'd have to split out any of my more sensitive data to prevent it from being indexed, and subsequently passed to the ChatGPT API.

Fair issue with providing such personal data to a company. I'm guessing this adoption constraint is just for Khoj Chat?
Khoj Search runs completely locally. And Khoj only sends data to OpenAI when/if you add your own OpenAI API key to Khoj. See existing instructions and warning in Readme.

Context

• Khoj Chat is currently meant to test how far we can take a personal chat assistant given a personal knowledge base. It will be optimized for privacy, speed after. (This is unlike Khoj search which gives fast, decent results, while maintaining privacy already)
• Given above, using ChatGPT (or other online models) for Khoj Chat are the only viable options currently. Once we can get decent offline chat models those will be incorporated into Khoj Chat (as a configuration option)

[sabaimran]

That sounds great. Another possible solution to this could be having a flag that the user can expose in their notes to tag data as sensitive, which is then either not indexed at all by Khoj or eliminated from any data passed to an endpoint on an external service. This would be a more bespoke solution, so I would definitely advocate using models that can run locally when/if that's made possible.

[debanjum]

Yeah, that does sound a little bespoke, though if enough folks request that as a requirement for them to try khoj chat, we can add that in

[huertasdanny]

A way to limit what data get sent to OpenAI would definitely be ideal. Another alternative would be a
Local AI solution. I’ve just started looking deeper into this space but I bumped into an open source solution so I can run searches locally using Nuclia vector database. Essentially convert the vault into a vector database that can be searched and queried

[debanjum]

Hey @huertasdanny, thanks for looking into Khoj!

I can run searches locally using Nuclia vector database. Essentially convert the vault into a vector database that can be searched and queried

As mentioned earlier, search in Khoj run locally. It converts the vault data into a vector list to be searched across on user query (a vector db isn't necessary for this).

Another alternative would be a
Local AI solution.

See #201 for discussions on using offline chat models for Khoj chat. The summary is: Offline chat model ecosystem is rapidly evolving but isn't reliable enough yet to deploy across different consumer hardware IMHO. We will integrate such models the moment they are stable enough.

A way to limit what data get sent to OpenAI would definitely be ideal.

Yeah, it would be ideal. I'm open to suggestions. Would tagging your sensitive notes with special ignore tags work? E.g all notes you tag with #ignore are never sent to OpenAI.

Anyway do try Khoj (Chat and/or Search) to see if it works for your use-case

[edwinx333]

• Given above, using ChatGPT (or other online models) for Khoj Chat are the only viable options currently. Once we can get decent offline chat models those will be incorporated into Khoj Chat (as a configuration option)

Is this a chat model that could be used?

https://www.llamaindex.ai/

I came across this project right before learning about Khoj

Edit: actually I think this goes back to openai as well. So never mind me. My bad.

[debanjum]

Thanks for the reference! We've looked at LlamaIndex, by default they use OpenAI. I should check how easy it is to integrate offline chat models using LlamaIndex