LLM memory: either the best or worst thing about chatbots (birchtree.me)

A recent discussion highlights growing security and privacy tensions as browsers and apps embed agent-capable LLMs that can take actions and maintain persistent “memory” about users. The piece flags prompt injection as a clear and ongoing attack surface when agents can act on web content, and it surfaces a sharp split in user sentiment: some want a blank slate every session to avoid tracking and surprise behavior, while others prize memory for personalized, context-aware responses that save time and improve relevance. For the AI/ML community this is both a UX and systems-design problem: memory enables stronger personalization and long-term task continuity, but it also amplifies privacy, consent and attack-surface risks. Technical implications include designing robust prompt-sanitization and sandboxing to prevent injection, fine-grained memory scopes (ephemeral vs. persistent), explicit consent and revocation controls, encrypted/hashed storage or differential-privacy techniques, and audit trails for agent actions. How teams balance these tradeoffs will shape adoption, regulatory responses, and architectures for safe, user-controlled LLM assistants.