You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
metadata leakage
About this tag
Metadata leakage refers to the exposure of sensitive information through network metadata, such as packet sizes and timings, even when the content itself is encrypted. Recent discussions on WindowsForum highlight the Whisper Leak vulnerability, a side-channel attack disclosed by Microsoft researchers that can infer the topic of encrypted AI chat traffic by analyzing TLS record lengths and inter-arrival timings. This attack does not break encryption but demonstrates how streaming responses from large language models (LLMs) create metadata patterns that can be classified to reveal sensitive conversation topics. The tag also covers related risks like EXIF data leakage in messaging apps, emphasizing that metadata can compromise privacy even when encryption is properly applied.
Microsoft’s security team has unveiled a startling new privacy risk for cloud-hosted chatbots and search assistants: a side‑channel exploit dubbed Whisper Leak that can infer the topic of a user’s conversation with an LLM (large language model) even when the traffic is encrypted with TLS.
The...
Microsoft researchers have disclosed a new class of privacy vulnerability — dubbed Whisper Leak — that turns encrypted streaming traffic between users and remote large language models (LLMs) into a surprisingly effective intelligence source for eavesdroppers, enabling an adversary to infer the...
Microsoft’s security team and independent researchers have revealed a new side‑channel called Whisper Leak that can infer the subject of encrypted, streaming LLM conversations by analyzing packet sizes and timings — a disclosure that forces a rethink of what “encrypted” means for AI chat...
Microsoft’s security team has disclosed “Whisper Leak,” a novel side‑channel attack showing that encrypted AI chat traffic can betray conversation topics to a passive network observer by analyzing packet sizes and timing — and the implications for privacy, enterprise risk, and product design are...
Microsoft security researchers have revealed a striking privacy weakness in how modern AI chatbots stream answers: a side‑channel attack, dubbed Whisper Leak, can infer conversation topics from encrypted traffic by analyzing packet sizes and timings — and that vulnerability is real enough that...
Microsoft’s security team has disclosed a new side‑channel called Whisper Leak that can reliably infer the topic of a user’s prompts to streaming large‑language models (LLMs) by observing encrypted network metadata — packet sizes and timings — even when TLS is correctly applied. This disclosure...
X’s new XChat promises “end-to-end” privacy — but its current implementation leaves several simple, well-known privacy protections out in the open, and experts warn that the feature as shipped can expose users to avoidable risks ranging from leaked image metadata to a service operator or insider...
auditing
data retention
end-to-end encryption
exif
forward-secrecy
four-digit-pin
metadataleakagemetadata-control
open source
pfs
privacy
privacy hygiene
secure communication
security research
server-side-keys
threat model
windows
xchat