A GitHub project called GPT4free offers free access to OpenAI’s GPT4 and GPT3.5 language models by funneling queries through sites that have incorporated GPT4, such as You.com and Quora. However, OpenAI has sent a letter demanding that the project’s developer take it down within five days or face a lawsuit, as the project may be causing financial losses for the sites that are paying OpenAI fees to use its language models. While the developer said he does not believe he is liable for what others do with his script, he is seeking legal advice before making a decision to take down the project.
What are people’s thoughts on this?
Should this even be OpenAI’s battle?
Does something like this indicate a greater problem?
Is this not treating a symptom, rather than the cause?
Is it fair for OpenAI to be involved and threaten the owner of the GitHub when, as mentioned
[…] that OpenAI should not be targeting him for using other sites’ APIs, which are available unsecured on the open web.
It’s obviously terrible to inject your own queries using other people’s API keys - it’s essentially theft. But why would OpenAI bother with this? Streisand Effect anybody?
This isn’t a paid service, it’s an open-source repo that the website owners should use to identify & strengthen their security.
Attacking the developer, in my opinion makes no sense. This situation would not exist if the security was better. It doesn’t matter who the developer is/would be, the situation will happen again, and continue to happen until the root cause is addressed.
OpenAI has a duty to protect its customers and uphold the integrity of its services. Part of that duty involves reinforcing and ensuring compliance with its terms of service, which are designed to maintain a fair, secure, and consistent user experience.
Yet, threatening an open-source script is a fruitless effort. The true solution is to overcome the exploit, which would be much easier if the person that is now very educated on it, would be willing to talk.
Collaboration over confrontation.
A public attempt of collaboration would be nice.
This (I would think) is an issue directly between the repo owner, and the website that they have managed to exploit. Funnily enough, these owners have reached out to the owner as well to threaten with lawsuits, rather than attempt to fix their own code and implement better security measures.
As this code is already out there, now the concept is known, there will be many duplicates now made under false identities that cannot be tracked. Less white-hats will be willing to be more “open” with their discoveries.
Now with the threat of lawsuits, now seeing the cards that are played in the situation, the only entities left will be black-hats who can offset the liability with profit, and won’t open source their exploits.
Of course, there’s the bug bounty program. Which I think is wonderful.
However in the case of this repo, is not applicable.
If it was, why not publicly reach out and apply it?
Surely it would have been cheaper than the potential lawyer fees?
- Will OpenAI jump to the aid of other websites which are being exploited?
- How can this be effectively combated? I have been looking through the GitHub and they are simply using an http client or Selenium (A web automation tool commonly used for automating tasks such as data mining)
Disclaimer: I am in no way supporting what the GitHub developer is doing. It’s a tool for theft, and should be treated as such.