Millions of users input sensitive information into ChatGPT daily—tax documents, medical records, and emails containing client names, to name a few. Now, OpenAI has introduced a free tool that pre-cleans this data before it reaches the chatbot.
The newly launched Privacy Filter is available under the Apache 2.0 license, enabling anyone to download, use, modify, or commercialize products based on it. Hosted on Hugging Face and GitHub, the model boasts 1.5 billion parameters—indicative of its knowledge potential—and can run on a standard laptop.
Functioning like spellcheck for privacy, Privacy Filter takes a block of text and replaces sensitive data with placeholders such as [PRIVATE_PERSON] or [ACCOUNT_NUMBER]. Imagine if redacting Jeffrey Epstein’s files involved more than black markers; this tool could have provided a seamless solution.
The model scrutinizes eight types of personal information: names, addresses, emails, phone numbers, URLs, dates, account numbers, and confidential data like passwords and API keys. It reviews the entire text in one go, tagging sensitive parts for masking or redaction.
In a practical demonstration from OpenAI’s announcement, an email stating:
“Thanks again for meeting earlier today (…) For reference, the project file is listed under 4829-1037-5581. If anything changes on your side, feel free to reply here at [email protected] or call me at +1 (415) 555-0124…”
is processed by Privacy Filter to:
“Thanks again for meeting earlier today (…) For reference, the project file is listed under [ACCOUNT_NUMBER]. If anything changes on your side, feel free to reply here at [PRIVATE_EMAIL] or call me at [PRIVATE_PHONE].”
Unlike traditional black-box methods, this tool alters the text itself.
While existing tools detect phone numbers and emails by pattern recognition (e.g., “three digits, dash, three digits”), they falter with context-dependent data. For instance, does “Annie” refer to a person or a brand? Is “123 Main Street” a home address or a business location? Pattern matching fails here, but Privacy Filter succeeds as it comprehends the surrounding text.
OpenAI’s model excels in this area, scoring 96% on the PII-Masking-300k benchmark initially and achieving 97.43% with test adjustments.
Although not infallible (missing 4% of private data), Privacy Filter offers a robust solution by running locally. This means your text remains within your device for processing, avoiding potential security risks associated with cloud-based services.
The open-source nature allows researchers to explore and enhance the tool without legal concerns. Data is sanitized on your laptop before being transmitted elsewhere. For businesses, this means AI can summarize customer emails without revealing names; lawyers can input case notes safely; doctors can draft patient referrals without compromising identity; and developers can debug code securely.
For everyday users, it offers a simple solution for tasks like rewriting an email to a landlord without sharing your address with OpenAI. The ability to run open-source AI models locally is no longer limited to enthusiasts with gaming GPUs, thanks to user-friendly tools like LM Studio.
OpenAI emphasizes the tool’s limitations: Privacy Filter isn’t an anonymization tool or compliance certification and should not replace policy reviews. It may miss unique identifiers, over-redact short texts, and perform variably across languages, underscoring that 96% accuracy is still less than perfect.