“Free Research Preview. ChatGPT may produce inaccurate information about people, places, or facts. [ChatGPT September 25 Version]”
I am a paying customer.
It seems that if I am unable to reach oaistatic.com, I can’t use ChatGPT4 anymore. Has anyone any idea how to work around this?
Good answer. I switched to Google DNS and it works perfectly. Thanks.
I live in Cyprus and I have a Cyta router which is called ZHXN H268Q V7.0. The admin pages of the router don’t show the DNS server.
I believe uses 195.14.130.220 and 195.14.130.170 based on this:
https://www.cyta.com.cy/mp/informational/docs/settingforthirdpartymodem.pdf
192.168.0.254 as I am behind a consumer router which hides all network information.
Novice speaking rn. I use a laptop owned by the organization I work for and I’m have the same issue like everyone else is having regarding the “Free Research Preview. ChatGPT may produce inaccurate information about people, places, or facts. ChatGPT September 25 Version”. I’m unable to mess around with the DNS setting of my device due to it being locked by my organization.
Is this my organizations way of saying “No more using ChatGPT”? Because I can’t seem to find a fix other than messing with the settings in the DNS.
The same here.
It seems like everything was working OK yesterday and now it does not.
For OPENAI team would be useful to use ChatGPT option on trying to predict what would be the response for a general chat-user when the Company switched some of the services to a newly created domain. The most anti-viruses software treat the newly created domains as a potentially harmful. For the professional OPENAI developer team that would be probably a ‘common knowledge’, which is not the fact for general ChatGPT-user.
Please consider this constructive feedback for future releases of very useful AI platform as ChatGPT.
Best wishes from occasional user of ChatGPT.
Victor
You can go into your WiFi router’s configuration portal.
In many, they allow you to keep the dynamic IP address that is assigned by your ISP, while at the same time you can modify the DNS server that is used for name lookups.
DNS servers:
1.1.1.1 - Cloudflare
4.2.2.4 - Level3
8.8.8.8 - Google
I understand that the number of affected users is relatively small, but it would be helpful to have more specific information on the percentage. Could you please provide clarification on what is meant by ‘incredibly small’? Is it around 10%, 40%, or some other number?
While it is true that the majority of DNS servers are updated within 24-48 hours, it would have been more user-friendly if OpenAI had waited for a month before redirecting traffic to the new domain. This is because it typically takes that amount of time for a newly created DNS domain to transition from ‘new’ to ‘not-new’ status, which would have avoided any potential issues.
I respectfully disagree with the statement that OpenAI did exactly what they should have done. It would have been beneficial to take preventive measures if the new configuration of the service affected even a small group of users. Especially if these prevention efforts are easy to implement.
I understand that waiting forever is not expected, but a reasonable waiting period of one month would have facilitated a smoother transition to the new service.
Regarding the statement about antivirus software, it appears that the term ‘antivirus’ is being used to refer to blocking software that prevents access to ChatGPT services.
In the future, OpenAI should definitely consider aging a newly registered domain for a period of one month prior to general use.
Many security platforms and DNS filtering solutions block NRDs: Zscaler, FortiGuard, Palo Alto, Check Point, NextDNS, ControlD… Many of these block NRDs by default. Consequently, for users within high-security environments, ChatGPT could potentially become generally unavailable for an extended period of time.
(I’m wondering how much extraneous volume OAICS had to absorb as a result of oaistatic.com).
It’s also an industry-standard security recommendation to block NRDs:
Based on the high volume of problem reports that I’ve observed across multiple channels—and distinct users—I would suspect that the impact has been significantly greater than what some may believe.
Quite the opposite. If NRDs were not blocked, it would be borderline abusive: the blocking of NRDs alone prevent an astonishing number of cybercrimes. NRD blocking is a vital—and uniquely effective—countermeasure against bad actors.
Infact, it’s so effective that this very forum leverages the same general strategy. New users start out untrusted, just like newly-registered domains. As a user ages, and engages in reputation-building activities, the user gains trust, and consequently limitations are lifted; same for NRDs.
No. If you’re volunteering to author an RFC on a trust protocol for NRDs, you have my full encouragement.
You can thank the bad actors that ruined it for everyone else: well over a whopping 7 out of every 10 NRDs are malicious.
Given that reality, and given that a trust protocol for NRDs doesn’t yet exist; temporarily blocking all NRDs is a sensible approach to keep users much safer than they would otherwise be. This is why it has been adopted as the default across most flagship security platforms.
Users were literally greeted with NXDOMAINs for weeks when they visited ChatGPT.
So you’re—as examples—blaming a 19-year-old anthropology student for not being able to access ChatGPT for weeks because someone on her university’s technical staff, years ago, implemented a recommended security practice? And you’re blaming a 23-year-old intern at a startup for not being able to access ChatGPT because a contractor that set up the startup’s network implemented controls required to pass a security audit?
To the extent that OpenAI is interested in ensuring that this doesn’t happen again, it would be OpenAI’s responsibility to conform to an industry standard—not for industry, that has adopted a reasonable security practice, to be attacked for adopting a reasonable security practice.
This isn’t a networking standard, but it is a security best practice to consider the risk of NRD’s. In fact, this originated in the mail security space, where every mail security platform has NRD as one of the attributes it considers for spam/suspicious/malicious content filtering.
You can find research online that have similar conclusions along the lines of (generalizing) “70% of NRD’s including malicious content such as phishing or are otherwise not safe for use at work.”
As a security best practice, there are multiple approaches to reducing risk from NRD’s. For example, Palo Alto Networks doesn’t just block them outright, they utilize the “block-continue” response which redirects the user to a customizable warning page describing the risk and website categorization before continuing.
Usually that redirected warning page via “block-continue” is a good middle ground that doesn’t impact UX that often (because users generally aren’t visiting new domains that often). The problem with ChatGPT is that their site started using calls to cdn.oaistatic[.]com in link preload at the top of the html, so the browser, even in environments that use “block-continue,” just loads nothing for the .css and .js files rather than redirecting the user to a warning page.
Further, the implementation of risk reduction vs. NRD’s varies by vendor. Using Palo Alto Networks again, they don’t classify NRD’s just based on registrar date, but based when they first see the domain it in their global network of passive DNS monitoring. Then, for the next 33-days, that domain is dynamically categorized as an NRD within the Palo Alto Networks ecosystem.
Of course, one can customize security policues and exempt specific domains or the NRD categorization altogether. My point, though, is to provide context on how common a practice it is to block NRD in various ways within an enterprise network.
I am happy for discussion around technical aspects of ChatGPT as well as aspects of it’s use and problems encountered to reside on the developer forum.
It should be noted that requests for assistance on specific issues relating to accounts, payments and access should be addressed to help.openai.com for resolution.
On this particular topic, the facts are these:
The typical way to manage this situation would be to contact the network administration team and inform them of the issue, they can then use there own internal best practices to make a determination of work to be carried out. Hopefully this work involves allowing the OpenAI domain through the firewall. If this is not the case then it is up to the individual concerned to raise the problem with their department head to be escalated.
The new domain is a requirement of authentication systems used by industry and are not optional, use of the OpenAI services is clearly dependant upon a compatible network infrastructure being available.
This issue is self resolving 30 days from the domain creation so hopefully it will be moot shortly.
The issue is because OpenAI is using a newly registered domain (oaistatic[.]com) to host some content. A common red flag for malicious content is new domains. Many security tools and DNS providers prevent resolving DNS lookups of new domains. They registered the domain in late September 2023. If you go to developer tools you will see calls to cdn[.]oaistatic[.]com
@elmstedt Newly registered domains are a common vector used by bad actors for phishing campaigns and Command and Control. It is also not a practice relegated to small niche players or draconian lockdown measure. Palo Alto’s Unit 42 found that over 70% of NRDs were used for malicious. It is common, good, security practice to block NRDs. Not just for unsophisticated.
And those banking and government use cases are of such crucial importance to OpenAI that OpenAI has dedicated multiple, sections of its website referencing these customers, which include, but are not limited to:
Further, OpenAI’s own research shows that 4 out of every 5 Fortune 500 companies use ChatGPT for work. All of which run high-security network environments.
Everyone makes mistakes. OpenAI made a mistake here. That reality caused far-reaching consequences—especially to OpenAI’s commercial customers. I’m confident that this has been a lesson-learned for OpenAI, and that it’s not something that we’ll see recur.
