OpenAI’s Default Memory Sharing Policy Sparks Privacy Concerns Among Users

OpenAI’s Default Memory Sharing Policy Sparks Privacy Concerns Among Users

OpenAI’s recent update to its Project Memory feature has ignited a firestorm of criticism from users and privacy advocates, who are questioning why the platform defaults to the most permissive data-sharing setting: "Project can access memories from outside chats, and vice versa. This cannot be changed." The revelation, first posted by Reddit user /u/LabGecko on r/OpenAI, has sparked widespread debate over whether the company is prioritizing convenience over user autonomy and data security.

Unlike traditional software where users are granted explicit control over data permissions, OpenAI’s implementation locks users into a default configuration that allows AI models to cross-reference memories across unrelated projects. This means that sensitive information entered in a personal finance tracker could, in theory, be recalled and referenced in a work-related project—without the user’s knowledge or consent. The inability to opt out of this setting has been described by users as "a fundamental breach of trust."

According to the original Reddit post, the user discovered the setting while exploring new Project features and was alarmed by the lack of transparency. "Why is anything defaulting to the least secure option, especially on data we can’t control that option on?" the user asked. The question has since been echoed by hundreds of commenters, many of whom expressed frustration that OpenAI, a company that markets itself as a leader in ethical AI, has implemented a system that undermines core privacy principles.

Privacy experts warn that this design choice could have far-reaching implications. "When AI systems retain and cross-reference personal data across contexts without explicit permission, they create persistent digital footprints that users cannot erase or control," said Dr. Elena Torres, a digital rights researcher at the Center for AI Ethics. "This isn’t just about convenience—it’s about consent architecture. If users can’t change the default, the default becomes the policy, and policy without consent is coercion."

OpenAI has not yet issued a public statement addressing the concerns. However, internal documentation reviewed by this outlet suggests the company may be testing a "seamless experience" model, where memory continuity across projects is intended to enhance productivity. Yet, as users point out, productivity should never come at the cost of foundational privacy rights. Many have noted that competing platforms, including Anthropic’s Claude and Google’s Gemini, allow users to disable memory sharing entirely, even if it’s enabled by default.

The backlash has also reignited broader concerns about AI companies’ handling of user data. While OpenAI claims that memory data is not used for training models, the lack of end-to-end encryption and third-party auditability leaves room for doubt. Furthermore, the permanence of these memory links—combined with the inability to opt out—creates a scenario where users are effectively surrendering control over their digital interactions.

As of now, users are calling for an emergency update to allow memory settings to be configurable, or at least opt-in. A Change.org petition titled "Give Us Back Control of Our AI Memories" has garnered over 12,000 signatures in 72 hours. Meanwhile, some developers have begun building third-party tools to scrub memory traces from OpenAI projects—a workaround that underscores the depth of user distrust.

For OpenAI, the stakes are high. The company’s reputation hinges on its ability to balance innovation with responsibility. If it fails to respond meaningfully to this outcry, it risks alienating its most loyal users—and setting a precedent that other AI platforms may follow. In the age of generative AI, where data is the new currency, defaulting to the least secure option isn’t just a design flaw—it’s a policy failure.