As the previous thread with a connected topic has been closed I’ll start this new one.
I would like to analyze texts of users on mobile devices, but without sending their information first to a web service under my control. Instead I want to directly contact the OpenAI API from the client device.
Obviously I can’t put an API key into a public app.
So how are we supposed to do this?
I don’t think there will be any good news for the case you outlined.
There are many advantages to routing the traffic through your own server and using your own API key because that’s the way the system has been designed.
Maybe you want to share why you think going another route would be a good idea in your case?
Either way, I hope this helps somewhat.
Yeah, it’s for privacy reasons.
For a certain set of users it may be acceptable that the app is sending their private information to OpenAI. Obviously they will be fully aware of this, as this is the whole purpose of the app. However, additionally sending it to some other party is not making things better.
It sounds rather trivial to solve this issue. I wonder if somebody has some insights why it is a good idea to keep the system as it now is.
If the user doesn’t trust you, why should they use your app?
Unless it’s open source and the user can bring their own key, maybe.
This is not how security and data protection works.
Only because you trust your neighbour you won’t ask him to communicate your health issues to a doctor, whom you also trust.
Let’s send personal data to the smallest number of systems as possible!
If I don’t trust the messenger then I won’t ask the messenger to help me.
I was about to suggest to use a open source model but then again the data would have to go though your own server, which is apparently not an option…
But I will leave it at this.
Maybe somebody else can pick up from here.
It would be interesting to know if OpenAI has mentioned somewhere that they plan to add this capability. Otherwise what I would find satisfying is to understand the reason behind not doing it. Perhaps they have a really good point and we all would totally support not having this API functionality.
Hey champ, I can see where you’re coming from. Could you elaborate on this?
More specifically, what type of data are we talking about? is it health data? Financial information? Geolocation data? Or educational records?
There’s many different types of “private data” and the correct way of handling these differ quit a bit depending on the type.
It’s super nice of you guys that you try to help. I reckon OpenAI won’t reply or step in here, so at least we know what the current situation is.
Try “Litellm OpenAI Proxy”, it has multiple advantages that might suit your use case
OpenAI wants the developer to route their users traffic through a server the developer controls
So openai is not interested in developers building scalable applications on openai platform?
Your platform has only one workflow for app credentials: to click in the console and copy secret strings around. Which means, at the very basic level, openai offers no integration to manage even basic permissions for the external apps.
And the credentials for the app’s user identities is a whole other level that’s completely absent.