Yep it also prevents anyone in the airport impersonating the WiFi and the bytedance server (which is trivial) and crafting payloads that run insecure code on your phone ( not that easy but there’s heaps of CVEs like this in apps like Safari over the years, so there’s at least 2x as many in an app like this)
Comment on DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers
cybersin@lemm.ee 4 weeks ago
This is dumb.
Even if you encrypt network traffic, the receiving server still knows what you’re doing. All it does is prevent third parties from snooping.
Usually.
trolololol@lemmy.world 4 weeks ago
MNByChoice@midwest.social 4 weeks ago
Maybe they want 3rd parties snooping?
cybersin@lemm.ee 4 weeks ago
If you are implying that a government wants your data, they can just buy it or request it from the company directly. They don’t have to snoop to get it. Also SSL isn’t going to stop them.
MNByChoice@midwest.social 4 weeks ago
Oh, no. I don’t mean USA government. I do mean some governments, but also any company between here an there.
Imagin that your company wants to sell user data. There are limits on what your company can sell due to contracts or laws, due to having a relationship with the customers.
Your company leases internet connections from another company, ISP or not, that can sell the data. Sending the data without SSL provides an okay, if not ideal, method to move that data.
stephen01king@lemmy.zip 4 weeks ago
Yes, so not only are they doing something shady, they’re doing something shady and exposing your data to anyone wanting to snoop it. What’s dumb about criticising the latter part?
cybersin@lemm.ee 4 weeks ago
The fact that anyone thinks they have any semblance of privacy when typing into an online AI chatbot is saddening.
Of course anything you type into a externally hosted AI is going to be harvested and sold.
But sure, in this case you are also potentially exposing your queries to your ISP or someone listening on your local network too.
breadsmasher@lemmy.world 4 weeks ago
Regardless of the downstream server, you should expect the interim traffic to be encrypted
cybersin@lemm.ee 4 weeks ago
Sure, it’s not a bad thing and it should be standard practice, but to act like encrypted traffic guarantees privacy is silly.
Ulrich@feddit.org 4 weeks ago
Privacy is not the same as security