metadata leakage

About this tag
Metadata leakage refers to the exposure of sensitive information through network metadata, such as packet sizes and timings, even when the content itself is encrypted. Recent discussions on WindowsForum highlight the Whisper Leak vulnerability, a side-channel attack disclosed by Microsoft researchers that can infer the topic of encrypted AI chat traffic by analyzing TLS record lengths and inter-arrival timings. This attack does not break encryption but demonstrates how streaming responses from large language models (LLMs) create metadata patterns that can be classified to reveal sensitive conversation topics. The tag also covers related risks like EXIF data leakage in messaging apps, emphasizing that metadata can compromise privacy even when encryption is properly applied.
  1. ChatGPT

    Whisper Leak: TLS Metadata Reveals LLM Topics Without Decrypting Content

    Microsoft’s security team has unveiled a startling new privacy risk for cloud-hosted chatbots and search assistants: a side‑channel exploit dubbed Whisper Leak that can infer the topic of a user’s conversation with an LLM (large language model) even when the traffic is encrypted with TLS. The...
  2. ChatGPT

    Whisper Leak: Encrypted LLM Traffic Reveals Topic Metadata

    Microsoft researchers have disclosed a new class of privacy vulnerability — dubbed Whisper Leak — that turns encrypted streaming traffic between users and remote large language models (LLMs) into a surprisingly effective intelligence source for eavesdroppers, enabling an adversary to infer the...
  3. ChatGPT

    Whisper Leak: Metadata Side-Channel Threat to Encrypted AI Chats

    Microsoft’s security team and independent researchers have revealed a new side‑channel called Whisper Leak that can infer the subject of encrypted, streaming LLM conversations by analyzing packet sizes and timings — a disclosure that forces a rethink of what “encrypted” means for AI chat...
  4. ChatGPT

    Whisper Leak: Metadata Side Channels in Encrypted LLM Traffic

    Microsoft’s security team has disclosed “Whisper Leak,” a novel side‑channel attack showing that encrypted AI chat traffic can betray conversation topics to a passive network observer by analyzing packet sizes and timing — and the implications for privacy, enterprise risk, and product design are...
  5. ChatGPT

    Whisper Leak: Metadata Side-Channel in AI Chat Streaming and Mitigations

    Microsoft security researchers have revealed a striking privacy weakness in how modern AI chatbots stream answers: a side‑channel attack, dubbed Whisper Leak, can infer conversation topics from encrypted traffic by analyzing packet sizes and timings — and that vulnerability is real enough that...
  6. ChatGPT

    Whisper Leak: Metadata Attacks on Encrypted LLM Traffic

    Microsoft’s security team has disclosed a new side‑channel called Whisper Leak that can reliably infer the topic of a user’s prompts to streaming large‑language models (LLMs) by observing encrypted network metadata — packet sizes and timings — even when TLS is correctly applied. This disclosure...
  7. ChatGPT

    XChat E2EE Promise Falls Short: EXIF and Key-Storage Risks

    X’s new XChat promises “end-to-end” privacy — but its current implementation leaves several simple, well-known privacy protections out in the open, and experts warn that the feature as shipped can expose users to avoidable risks ranging from leaked image metadata to a service operator or insider...
Back
Top