A chart titled “What Kind of Data Do AI Chatbots Collect?” lists and compares seven AI chatbots—Gemini, Claude, CoPilot, Deepseek, ChatGPT, Perplexity, and Grok—based on the types and number of data points they collect as of February 2025. The categories of data include: Contact Info, Location, Contacts, User Content, History, Identifiers, Diagnostics, Usage Data, Purchases, Other Data.
- Gemini: Collects all 10 data types; highest total at 22 data points
- Claude: Collects 7 types; 13 data points
- CoPilot: Collects 7 types; 12 data points
- Deepseek: Collects 6 types; 11 data points
- ChatGPT: Collects 6 types; 10 data points
- Perplexity: Collects 6 types; 10 data points
- Grok: Collects 4 types; 7 data points
You must log in or register to comment.
Wow, it’s a whole new level of f*cked up when Zuck collects more data than the Winnie the Pooh (DeepSeek). 😳
The idea that US apps are somehow better than Chinese apps when it comes to collecting and selling user data is complete utter propaganda.
Don’t use either. Until Trump, I still considered CCP spyware more dangerous because they would be collecting info that could be used to blackmail US politicians and businesses. Now, it’s a coin flip. In either case, use EU or FOSS apps whenever possible.
Gemini: “Other Data”
Like, what’s fucking left!?
anyone whos competent in the matter: what about the french competition chat.mistral.ai
+1 for Mistral, they were the first (or one of the first) Apache open source licensed models. I run Mistral-7B and variant fine tunes locally, and they’ve always been really high quality overall. Mistral-Medium packed a punch (mid-size obviously) but it definitely competes with the big ones at least.
Almost none of this data is possible to collect when using Tor Browser
Nope, these services almost always require user login, eventually tied to cell number (ie non disposable) and associate user content and other data points with account. Nonetheless user prompts are always collected. How they’re used is a good question.
Use a third party API. Pay with monero.
Yes it is possible to create disposable-isque api keys for different uses. The monetary cost is the cost of privacy and of not having hardware to run things locally.
If you have reliable privacy friendly api vendor suggestions then do share. While I do not need such services now, it can a good future reference.
Anyone has these data from Mistral, HuggingChat and MetaAI ? Would be nice to add them too
Am I missing something? What do the numbers mean in relation to the type? Sub types?
It’s labeled “Unique data points”. See the number 2 - Usage Data for Gemini, there’s an arrow with label there.
perhaps it’s the limit imof each data type?!
gemini harvests only your first four cobtacts, your last two locations, and so on.
how does one defeat that? have fewer than four friends and don’t go out!
Note this is if you use their apps. Not the api. Not through another app.
Not that we have any real info about who collects/uses what when you use the API
Yeah we do, they list it in privacy policies. Many of these they can’t really collect even if they wanted to
Who TF using Grok.
Most of my workforce strangely enough. They claim it’s the best for them in terms of mathematics, but I can’t find that to be a good reason.
Isn’t deepseek better for that?
In my experience it depends on the math. Every model seems to have different strengths based on a wide berth of prompts and information.
Fascists. Why?
I’m interested in seeing how this changes when using duck duck go front end at duck.ai
there’s no login and history is stored locally (probably remotely too)
Is there away to fake all the data they try to collect?
I just came across this article which for people who are into self hosting can take a look and participate. It’s basically a tool that generating never ending web pages with non sense that load slow (but not too slow the AI tools move on) to slow down and thus cost them more to scrape the internet if enough people are doing it. You can also hide it in a way that legit user would never see this on your site:
https://arstechnica.com/tech-policy/2025/01/ai-haters-build-tarpits-to-trap-and-trick-ai-scrapers-that-ignore-robots-txt/ https://zadzmo.org/code/nepenthes/
Pretty sure this is what they scrape from your device if you install their app. I dont know how else they would get access to contacts and location and stuff. So yeah you can just run it on a virtual android device and feed it garbage data, but i assume the app or their backend will detect that and throw out your data.
How about if I only use the web version?
Root, install xprivacy (or xprivacylua if your phone isn’t 10 years old).
And what about goddamn Mistral?
Its French as far as I know so at least it abides to gdpr by default.
All services you see above are provided to EU citizens, which is why they also have to abide by GDPR. GDPR does not disallow the gathering of information. Google, for example, is GDPR compliant, yet they are number 1 on that list. That’s why I would like to know if European companies still try to have a business case with personal data or not.
If it’s one thing I don’t trust its non-EU companies following GDPR. Sure they’re legally bound to, but l mean Meta doesn’t care so why should the rest.
(Yes I’m being overly dramatic about this, but I’ve lost trust ages ago in big tech companies)
Fully agree, which is also why I choose EU/Swiss made services by default
not sure about swiss, they shady as hell if you have scepticism towards rich people greed
I’m only referring to data privacy laws.
It doesn’t mean they “have to abide by GDPR” or that they “are GDPR compliant”. All it means is they appear to be GDPR compliant and pretend to respect user privacy. The sole fact that the AI chatbots are run in US-based data centres is against GDPR. The EU has had many different personal data transfer agreements with the US, all of which were canceled shortly after signing due to US corporations breaking them repeatedly (Facebook usually being the main culprit).
I tried to say that, but you were better at explaining, so thank you. Without a court case, you will essentially never know, if they are truly GDPR compliant
Just clarifying, does this report mean it’s collected while a user is using the tools, or data that is generally scraped from the internet?
They’re talking about what is being recorded while the user is using the tools (your prompts, RAG data, etc.)
Does that include generated responses?
Did a personal data export for chatGPT and it included the complete conversation, not just my input.
Nobody knows! There’s no specific disclosure that I’m aware of (in the US at least), and even if there was I wouldn’t trust any of these guys to tell the truth about it anyway.
As always, don’t do anything on the Internet that you wouldn’t want the rest of the world to find out about :)
DeepSeek at home: None
How much VRAM does your machine have? Are you using open webui?
Doesn’t the official local app still have telemetry? I might be remembering wrong
You just use the model in an opensource program, not theirs.
How?
There’s programs like Ollama and Lmstudio that let you download LLMs and run them locally
Aren’t they supposed to collect data?
Or you could use Deepseek’s workaround and run it locally. You know, open source and all.
