Privacy-First Local AI: Threat Model Your Setup in 15 Minutes

Tomas

Running AI locally for privacy is only private if you actually close the gaps. Most setups leak data in places people never check.

The problem with “it’s local so it’s private”

Running Ollama or LM Studio on your machine does not automatically mean your prompts stay private. There are several common leak paths that most guides never mention.

The 15-minute threat model

Answer these four questions and you will know where your actual exposure is.

—

Question 1: What data are you putting into prompts?

List the categories:

Work documents (contracts, emails, strategy docs)?
Personal information (health, finances, relationships)?
Code containing credentials or proprietary logic?
Customer data you are legally obligated to protect?

The more sensitive the category, the higher the cost of a leak. This sets your baseline risk.

—

Question 2: Where could it escape?

The three most common local AI data leak paths:

Telemetry. Some local AI applications phone home. LM Studio had opt-in telemetry that logged prompt metadata (not content, but metadata still matters). Ollama has had similar discussions. Check your settings and firewall.

Cloud sync. If your model chat logs, MEMORY.md files, or workspace folders are inside a synced directory (iCloud, Dropbox, OneDrive, Google Drive), everything you type is going to the cloud. This is the most common accidental leak.

Crash reporters. Applications that use Sentry, Crashlytics, or similar tools may include memory snapshots in crash reports. If the application crashes mid-prompt, that prompt could be in the report.

—

Question 3: Who has access to your local AI traffic?

Check what is running on your machine with network access:

Browser extensions (some intercept local HTTP traffic)
VPN or monitoring software from employers
Parental control software
Other applications that proxy local network traffic

If any of these intercept traffic to localhost:11434 (Ollama’s default port), they can read your prompts.

—

Question 4: What would a leak actually cost you?

This sets your investment level. Casual personal use with no sensitive data: minimal controls needed. Medical records, legal documents, client data: treat it seriously.

Controls by risk level

Low risk:

Check sync settings and exclude AI workspace folders

Medium risk:

Disable telemetry in every local AI app
Use a firewall rule to block outbound traffic from Ollama/LM Studio except to known update servers
Keep sensitive AI work in a dedicated non-synced folder

High risk:

Network-isolated machine for AI work
Full disk encryption
No cloud-connected applications on the same machine
Audit logs for all file access

The one thing most people skip

Check your ~/.ollama or LM Studio data directory. It contains conversation history and model cache. If your home directory is cloud-synced, so is this.

What data privacy controls are you running for your local AI setup?

Curated by Selendia AI 🔒