I know I should ditch gmail and I’m working on it.
I guess technically, but the LLM doesn’t have access to anything, so the only real consequence would be an inaccurate summary
Should I be worried about "Prompt ejection" attacks on my gmail?
Submitted 3 days ago by colourlesspony@pawb.social to [deleted]
Comments
palebluethought@lemmy.world 3 days ago
pinball_wizard@lemmy.zip 3 days ago
Yes. Email has always been one of the more vulnerable parts of the computer ecosystem, because any stranger can use it to send a file into your computer or server for precessing.
Simpler email is safer. Every new feature has bugs. Some bugs are vulnerabilities.
Gmail adding leaning models is creating a new risk for you.
How large that risk is, has yet to be discovered.
My armchair opinion is that the new risk is minimal, compared to the rest of the risks is using email. But time will tell.
vk6flab@lemmy.radio 3 days ago
I work in ICT. Leaving Gmail is much easier said than done. It has the best spam filtering bar none and integrates with a whole host of other services that I use daily, like the mobile phone I’m writing this on for example, the one that integrates my calendar, tasks, contacts, photos, websites, YouTube channel, spreadsheets and, oh yeah … that other thing … Gmail.
So, if wishing made it so.
What I’d like is a Google Workspace tier that is entirely without AI.
terrific@lemmy.ml 3 days ago
Proton is pretty good and covers IMO the most critical parts of the Google ecosystem. I made the move a couple of weeks ago and it has been pretty easy, honestly.
Stillwater@sh.itjust.works 3 days ago
I’ve left gmail and had no real challenges with spam filtering or anything else so far. I lost integration between calendar photos drive etc, which has removed some convenience, but that was also kind of the point.
pinball_wizard@lemmy.zip 3 days ago
Yea. It is a difficult long process to DeGoogle.
We even have a support group for it, here:
We’re all at different stages, but swap tips and tricks.
nandeEbisu@lemmy.world 2 days ago
As far as prompt injection is concerned, I don’t think it’s a risk unless you’re using some kind of agent to go though emails, which is not a Gmail specific thing.
If we’re taking about Google scraping your data the risk is more one of them having an incorrect profile on you, but running a conversational agent is quite expensive, I don’t they would have that as a large scale part of their pipeline. Embedding and clarification models likely aren’t instruction tuned so prompt injection won’t do anything.
pinball_wizard@lemmy.zip 2 days ago
Agreed. Architecturally, there’s no reason to have a prompt injection risk, of any kind, here.
But, that was true about Log4J, as well - until we learned otherwise.
I tend toward extra caution in this modern era of libraries stacked on libraries.
nandeEbisu@lemmy.world 2 days ago
Only if you are piping those emails into something like an LLM assistant or search tool, especially if you’re not checking the results. And in that case, it doesn’t matter what email provider you use.
I can see it maybe messing with search results when you look through your email, but again that’s independent of email provider.
Ragnor@feddit.dk 1 day ago
If I got a warning about prompt injections, I would check my browsers add-ons and remove anything that I didn’t absolutely trust. Your email likely contains a lot of personal info that can be used for identity theft and other related things.
Swedneck@discuss.tchncs.de 3 days ago
so this is how i learn that gmail has AI shit integrated, lmao
slazer2au@lemmy.world 3 days ago
Only if you are a llm pretending to be an A.I.