{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreifli57ful6midhsawwthgji5ekac4spmfijpwlmyisol7hxiax3zu",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mi55mbeklme2"
  },
  "path": "/t/local-ai-question/36445#post_4",
  "publishedAt": "2026-03-28T15:31:54.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "a few vulnerabilities in Ollama"
  ],
  "textContent": "To know if something is privacy respecting or not, the easiest thing to do is ask for the source code. Usually it’s on GitHub. If the application is not FOSS, then I’m afraid it has a bit of a smell to it. You can’t fully validate it’s not sending data unless you analyze network requests going to/from the device.\n\nIt seems like they do, which increases trust, and is GPLv3, which is the best for local applications.\n\nAnon789523r:\n\n> and am aware of a few vulnerabilities in Ollama.\n\nNot to say you shouldn’t pay attention to CVE, but CVE exists to understand current and historical issues with a service. Some CVEs may not be a big deal for you depending on your threat model (I.e. denial of service on a locally hosted model only on LAN is probably a nothing issue for you).\n\nOllama fits a different use case than the other app you mentioned. Ollama is a Swiss Army knife with lots of integrations. The other app is an iOS app just for drawing. The less an app does, the less attack surface it has and is generally less likely to be vulnerable.\n\nPG recommendations aren’t the end all be all either, it’s just the top recommendations for general use cases.",
  "title": "Local AI question"
}