A security research project documenting the discovery that thousands of ChatGPT conversation shares have been indexed and archived by web crawlers and public databases.
This repository contains tools and documentation related to our investigation into ChatGPT share indexing. We discovered that 15,000+ ChatGPT share URLs have been captured by web archives (Wayback Machine, Common Crawl, etc.), creating potential privacy risks for users who thought their shares were "private via link."
Read the full research article: ARTICLE.md
- 15,000+ shares archived in CDX and Common Crawl databases
- ~8% still accessible, 92% deleted or private
- Shares persist in archives even after deletion
- Content includes sensitive information, code, API keys
- No built-in mechanism for users to remove archived shares
Discovers archived ChatGPT shares from the Wayback Machine's Capture Index:
python cdx_discovery.py --source cdx --limit 10000 --output cdx_shares.txtFeatures:
- Query Internet Archive CDX API for all
chatgpt.com/share/*URLs - Extract unique share GUIDs
- Export to database or text file
- Support for date-range filtering
Searches Common Crawl's web archive for ChatGPT shares:
python cdx_discovery.py --source commoncrawl --index CC-MAIN-2024-10 --output cc_shares.txtFeatures:
- Search across Common Crawl index files
- Multi-snapshot support (monthly archives since 2023)
- Parallel processing for large datasets
- Deduplication across snapshots
Tests archived shares to determine current accessibility:
python verify_shares.py --input discovered_shares.txt --output verified_shares.jsonFeatures:
- HTTP status checking (200 OK, 404 Not Found, etc.)
- Content verification (checks for "Can't load shared conversation")
- Categorization: accessible, deleted, private, error
- Rate limiting to respect server resources
- Resume capability for large datasets
Searches archive content for specific patterns or keywords:
python search_archives.py --keyword "API_KEY" --source cdx_shares.txtFeatures:
- Full-text search within archived share content
- Pattern matching (regex support)
- Multiple archive source support
- Privacy-preserving (no content storage)
From our research across multiple archive sources:
| Archive Source | URLs Found | Unique GUIDs | Date Range |
|---|---|---|---|
| Wayback Machine CDX | 10,247 | 8,503 | 2023-02 to present |
| Common Crawl | 5,836 | 4,127 | 2023-03 to present |
| Google Cache | ~2,000 | ~1,800 | 2023-06 to present |
| Total (deduplicated) | 15,412 | 12,641 | 2023-02 to present |
Accessibility Status:
- 8.2% still accessible (valid shares)
- 91.8% deleted/private (return "Can't load" message)
Content Analysis:
- ~65% contain code snippets
- ~30% contain API/documentation discussions
- ~5% contain personal/business information
# Clone the repository
git clone https://github.com/actyra/chatgpt-indexed-shares.git
cd chatgpt-indexed-shares
# Install dependencies
pip install -r requirements.txt
# Run discovery
python cdx_discovery.py --source cdx --limit 1000- Python 3.8+
requestslibrarybeautifulsoup4(for content parsing)tqdm(for progress bars)
- No Content Harvesting: We analyze URLs and patterns, not conversation content
- No Republishing: We do not share or republish discovered conversations
- Responsible Disclosure: Findings shared to raise awareness, not exploit
- Privacy First: All examples use synthetic data
This research was conducted to:
- β Raise awareness about privacy risks
- β Help users protect their data
- β Encourage platform improvements
- β NOT to exploit or access private information
- Audit your shares: Review all conversation shares you've created
- Delete sensitive shares: Remove any containing private information
- Check archives: Search Wayback Machine for your share URLs:
https://web.archive.org/web/*/chatgpt.com/share/YOUR-GUID - Request removal: Contact archive.org to request specific URL removal
- Treat shares as public: Assume any share link may be archived permanently
- Implement
robots.txt: AddDisallow: /share/to prevent crawler indexing - Meta tags: Add
<meta name="robots" content="noindex,noarchive">to share pages - User warnings: Alert users that shares may be indexed by web crawlers
- Archive partnerships: Work with archive services to honor deletion requests
- Expiring links: Consider auto-expiring shares after 30/60/90 days
- Respect privacy: Honor deletion requests for ChatGPT shares
- Pattern recognition: Auto-exclude patterns like API keys from archiving
- Opt-out mechanism: Allow users to remove their content
1. Crawler discovers link β chatgpt.com/share/abc123
2. Page captured and stored
3. Indexed in CDX database (searchable)
4. Retained indefinitely (unless removal requested)
1. Monthly web crawl (petabyte scale)
2. All discovered URLs archived
3. Full-text indexing via AWS Athena
4. Dataset published publicly for research
5. Permanent retention
# Find all archived ChatGPT shares
curl "https://web.archive.org/cdx/search/cdx?url=chatgpt.com/share/&matchType=prefix&output=json&limit=10000"- ChatGPT Share Scanner - GUID pattern analysis and brute-force discovery tools
- Common Crawl Index - Petabyte-scale web archive
- Internet Archive CDX API - Archive query interface
# Discover from CDX
python cdx_discovery.py --source cdx --limit 5000 --output cdx_shares.txt
# Discover from Common Crawl
python cdx_discovery.py --source commoncrawl --index CC-MAIN-2024-10 --output cc_shares.txt# Verify which shares are still accessible
python verify_shares.py --input cdx_shares.txt --output results.json --concurrent 10# Analyze discovery statistics
python analyze_stats.py --input results.json --report stats_report.md# Search for specific content patterns (ethical use only)
python search_archives.py --pattern "api[_-]?key" --input cdx_shares.txt --report findings.txtThis toolset is for security research and privacy awareness only.
Permitted Uses:
- β Personal audit of your own shares
- β Academic research with ethics approval
- β Security analysis and awareness
- β Platform improvement recommendations
Prohibited Uses:
- β Accessing others' private conversations
- β Harvesting sensitive information
- β Republishing discovered content
- β Commercial exploitation of findings
MIT License - See LICENSE for details
Contributions welcome! Please read our contributing guidelines and code of conduct.
Focus areas:
- Additional archive source integrations
- Privacy-preserving analysis techniques
- User-friendly audit tools
- Documentation improvements
- Issues: GitHub Issues
- Security: For sensitive disclosures, see SECURITY.md
- Research: For collaboration inquiries, see CONTRIBUTING.md
- Internet Archive for CDX API access
- Common Crawl for open datasets
- Security research community for responsible disclosure practices
Disclaimer: This research is for educational and security awareness purposes. We do not condone accessing, storing, or republishing private conversations. Always respect user privacy and platform terms of service.