AI in the Browser
Contents
Full Title
AI is getting added to everything, including the Web Browser, which will have some severe unanticipated downside for the user.
Author: Tom Jones 2024-09-21
Context
Google has been trying to make web apps, that are downloaded from web sites, as attractive and useful as native apps, that are downloaded from the app store. Now that AI is getting added to
Problems
User Profiling
The web site will be able to ask the AI loaded on the user's device for a UI would would match what the user would see has the local AI is used in that personal user device.
Prompt Injection
Mixing data and control over a single channel is akin to cross-site scripting. The use of data input to the AI to modified future behavior of the AI creates such a mixture of data and control that is proposed to be fully accessible to any attacker's web site via JavaScript.
Cycle Stealing
Optimization of web sites has long included pushing more of the web site code into JavaScript which runs on the browser both to make the site more responsive as well as to reduce the compute load on the server. For the point of view of the web server, cycles on the browser are free compute resources. It would even possible now for the web site to try several different user prompts on the local AI to see what the user would see if they asked their local AI about the display on the browser. This kind of feedback could be sent to the web site enabling it to learn from any and all of their user's what text is best. Allowing the web site's user to help the web site optimize their content at the user's expense.