AI is being forced on us in pretty much every facet of life, from phones and apps to search engines and even drive-throughs, for some reason. The fact that we’re now getting web browsers with baked-in AI assistants and chatbots shows that the way some people are using the internet to seek out and consume information today is very different from even a few years ago.
But AI tools are more and more asking for gross levels of access to your personal data under the guise of needing it to work. This kind of access is not normal, nor should it be normalized.
Not so long ago, you would be right to question why a seemingly innocuous-looking free “flashlight” or “calculator” app in the app store would try to request access to your contacts, photos, and even your real-time location data. These apps may not need that data to function, but they will request it if they think they can make a buck or two by monetizing your data.
These days, AI isn’t all that different.
Take Perplexity’s latest AI-powered web browser, Comet, as an example. Comet lets users find answers with its built-in AI search engine and automate routine tasks, like summarizing emails and calendar events.
In a recent hands-on with the browser, TechCrunch found that when Perplexity requests access to a user’s Google Calendar, the browser asks for a broad swath of permissions to the user’s Google Account, including the ability to manage drafts and send emails, download your contacts, view and edit events on all of your calendars, and even the ability to take a copy of your company’s entire employee directory.
Perplexity says much of this data is stored locally on your device, but you’re still granting the company rights to access and use your personal information, including to improve its AI models for everyone else.
Perplexity isn’t alone in asking for access to your data. There is a trend of AI apps that promise to save you time by transcribing your calls or work meetings, for example, but which require an AI assistant to access your real-time private conversations, your calendars, contacts, and more. Meta, too, has been testing the limits of what its AI apps can ask for access to, including tapping into the photos stored in a user’s camera roll that haven’t been uploaded yet.
Signal president Meredith Whittaker recently likened the use of AI agents and assistants to “putting your brain in a jar.” Whittaker explained how some AI products can promise to do all kinds of mundane tasks, like reserving a table at a restaurant or booking a ticket for a concert. But to do that, AI will say it needs your permission to open your browser to load the website (which can allow the AI access to your stored passwords, bookmarks, and your browsing history), a credit card to make the reservation, your calendar to mark the date, and it may also ask to open your contacts so you can share the booking with a friend.
There are serious security and privacy risks associated with using AI assistants that rely on your data. In allowing access, you’re instantly and irreversibly handing over the rights to an entire snapshot of your most personal information as of that moment in time, from your inbox, messages, and calendar entries dating back years, and more. All of this for the sake of performing a task that ostensibly saves you time — or, to Whittaker’s point, saves you from having to actively think about it.
You’re also granting the AI agent permission to act autonomously on your behalf, requiring you to put an enormous amount of trust in a technology that is already prone to getting things wrong or flatly making things up. Using AI further requires you to trust the profit-seeking companies developing these AI products, which rely on your data to try to make their AI models perform better. When things go wrong (and they do, a lot), it’s common practice for humans at AI companies to look over your private prompts to figure out why things didn’t work.
From a security and privacy point of view, a simple cost-benefit analysis of connecting AI to your most personal data just isn’t worth giving up access to your most private information. Any AI app asking for these levels of permissions should send your alarm bells ringing, just like the flashlight app wanting to know your location at any moment in time.
Given the reams of data that you hand over to AI companies, ask yourself if what you get out of it is really worth it.