Despite my best attempts to avoid it I am a ’recent convert to AI. I understand the criticism of AI and agree with alot of it but the power it gives me is undeniable and I want to make better use of it.
For that reason I am planning on installing OpenAI’s new Codex app on my Desktop. This is not as irresponsible as it first sounds as the desktop in question is a windows KVM vm that is isolated from my wider network. It gets its internet connection from a separate vm running a tor only gateway that it connects to via its virtual NIC e.g. Windows VM → Whonix Gateway → Internet. So all traffic is anonymized over the tor network.
I also have proxifier running on the windows VM so I can route the connection to a proxy vm at the end if I need to obfuscate tor exit nodes from OpenAI or other software that would fuss about it.
There is no identifiable info of mine on the Windows VM. I plan on using it as an anonymous development environment where I can run windows, AI and other privacy antagonistic software while minimizing my exposure.
What do you guys think about this? Is it relatively safe? How would you improve it? Thanks.
Your first step is also your first problem, as Codex either requires a ChatGPT account or an OpenAI API key:
Either of them behave as a persistent identifier and will correlate any queries directed towards Codex. Unless you created a ChatGPT account or an OpenAI API key anonymously, these will be also associated with other personal information you have provided to OpenAI.
I would improve the setup by replacing Codex with self-hosted GPT-OSS, Llama, or Mistral so that any Linux distribution can be utilized. This would eliminate using OpenAI credentials as well as proxy software after Tor as dependencies. I would also restrict the model as the only permitted use case on the hardware and redirect all other privacy antagonistic software on a different device.
I should have mentioned the ChatGPT account was created anonymously.
Self-hosted would definitely be an improvement but I don’t have the hardware to run a model locally and all the cloud options I’ve looked up e.g. RunPod require credit card info to KYC even though they accept crypto as payment, so not anonymous. Unless you have any suggestions on that front?
You can enquire to ShopinBit about handling the KYC issue on your behalf:
Their technical requirement is that the generated invoice from the KYC-encumbered product or service must specify their legal business name, so if that is fulfilled, then you can access RunPod or other third-party options without providing personal information.
Screw Sam Altman, uninstall anything from Open AI, and use Anthropic. Not saying Anthropic is truly benevolent, but it’s not Sam Altman.
Aside from that, your privacy with AI is in whatever you send it. Think of every request you send as a Google search being logged. Don’t propagate secrets, or anything confidential.
I’d also suggest you to look into opencode. It’s open source and has quite a big community. Like codex/claude code it allows you to set rules for what AI is allowed to do and what it’s now allowed to do.
I also has the advantages that you’re not bound to one ecosystem unlike for codex and claude code.
You can use it with self-hosted models, (open weight) models from trusted providers etc.
I’ll consider using claude instead but ChatGPT is more affordable to acquire for me right now. And I take your point about watching what I send to the AI. Its particularly hard when copying text from terminal output to be sure I’m not sending identifiable info but I’m doing my best. Thanks.
I hadn’t heard of opencode until now so appreciate you mentioning it and I’ll add it to my “to be researched” note, it looks like a good option. Thanks.
So I would also use something like opencode or if you use an ide like vscodium, then use the continue extension or cline extension.
This way you can use whatever model provider you want. There are several that have what they call a “zero data retention policy” which I think just means they only process your prompt in their servers memory (not stored in persistent storage like a drive). Meaning once your prompt is received and the response is sent, neither the prompt nor response exist on their servers. Of course they are using open source models (not Gemini, Claude, or ChatGPT)
There are others that use a trusted execution environment (TEE) called a secure enclave. to process your prompts that apparently make it very difficult for even the provider itself to snoop in on your prompts. Though I’m not entirely sure how it works.
Maple AI is one I know of (although their model selection is limited)
