Casper: Prompt Sanitization for Protecting User Privacy in Web-Based Large Language Models
It addresses privacy protection for users of web-based LLMs, but is incremental as it builds on existing sanitization methods.
The paper tackles the privacy risks of sensitive data exposure in web-based LLM services and third-party plugins by proposing Casper, a prompt sanitization technique that runs as a browser extension, achieving 98.5% accuracy in filtering PII and 89.9% in privacy-sensitive topics.
Web-based Large Language Model (LLM) services have been widely adopted and have become an integral part of our Internet experience. Third-party plugins enhance the functionalities of LLM by enabling access to real-world data and services. However, the privacy consequences associated with these services and their third-party plugins are not well understood. Sensitive prompt data are stored, processed, and shared by cloud-based LLM providers and third-party plugins. In this paper, we propose Casper, a prompt sanitization technique that aims to protect user privacy by detecting and removing sensitive information from user inputs before sending them to LLM services. Casper runs entirely on the user's device as a browser extension and does not require any changes to the online LLM services. At the core of Casper is a three-layered sanitization mechanism consisting of a rule-based filter, a Machine Learning (ML)-based named entity recognizer, and a browser-based local LLM topic identifier. We evaluate Casper on a dataset of 4000 synthesized prompts and show that it can effectively filter out Personal Identifiable Information (PII) and privacy-sensitive topics with high accuracy, at 98.5% and 89.9%, respectively.