surprised pikachu no one could see this coming from a few thousand miles away
DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers
Submitted 1 year ago by cm0002@lemmy.world to technology@lemmy.world
Comments
kawa@reddeet.com 1 year ago
OfficerBribe@lemm.ee 1 year ago
To be honest, not using TLS nowadays is pretty surprising.
sugar_in_your_tea@sh.itjust.works 1 year ago
Yeah, it’s actually easier to use TLS than not due to browser checks.
admin@reddeet.com 1 year ago
surprised pikachu
daniskarma@lemmy.dbzer0.com 1 year ago
There’s zero relationship between data being unencrypted and it being sent to chinese servers.
If you use a chinese service it’s obvious that data is going to be sent to a chinese server and that the chinese server would be able to read it.
Unencrypted data transfer, it’s a totally different thing. I would like to see if it’s truly unencrypted or just not using apple proprietary encryption.
I luckily don’t own any apple product, but I have deepseek app on my android device. If I’m bored later I’ll try to intercept my own data to see if it’s truly unencrypted. This is easy to test. If it’s not true that newspaper is going to my “block list” asap.
CallateCoyote@lemmy.world 1 year ago
Does this actually matter so long as I just ask it questions I want answers to? I’m not feeding it any personal information.
ILikeBoobies@lemmy.ca 1 year ago
Having an app installed gives it a lot of information
Unencrypted just means people on the way to that server can peek
Toribor@corndog.social 1 year ago
I’ve started using Firefox to install sites ‘as a web app’. I use that for cloud services and things I self host. Basically works like a native app but way more control over data.
AnxiousDuck@feddit.it 1 year ago
You wouldn’t believe how little information can be personally identifying, especially when combined with other little pieces.
Also, knowing what’s on the mind of western people, how you write, how you engage in conversations can be extremely valuable information.
coolmojo@lemmy.world 1 year ago
Oh no. They will know that I don’t know how to implement cache invalidation in python. /s
ZILtoid1991@lemmy.world 1 year ago
And that’s why you use local instances…
Wildly_Utilize@infosec.pub 1 year ago
2nd place is duck.AI in via tor browser
oysterenjoyer@sh.itjust.works 1 year ago
True, but you need powerful server in order to run the most capable Deepseek model, which most people don’t have.
brucethemoose@lemmy.world 1 year ago
That’s an understatement. It won’t even fit well in 8xA100, you need an EPYC server to run it in CPU RAM, very slowly.
cybersin@lemm.ee 1 year ago
This is dumb.
Even if you encrypt network traffic, the receiving server still knows what you’re doing. All it does is prevent third parties from snooping.
Usually.
trolololol@lemmy.world 1 year ago
Yep it also prevents anyone in the airport impersonating the WiFi and the bytedance server (which is trivial) and crafting payloads that run insecure code on your phone ( not that easy but there’s heaps of CVEs like this in apps like Safari over the years, so there’s at least 2x as many in an app like this)
MNByChoice@midwest.social 1 year ago
Maybe they want 3rd parties snooping?
cybersin@lemm.ee 1 year ago
If you are implying that a government wants your data, they can just buy it or request it from the company directly. They don’t have to snoop to get it. Also SSL isn’t going to stop them.
stephen01king@lemmy.zip 1 year ago
Yes, so not only are they doing something shady, they’re doing something shady and exposing your data to anyone wanting to snoop it. What’s dumb about criticising the latter part?
cybersin@lemm.ee 1 year ago
The fact that anyone thinks they have any semblance of privacy when typing into an online AI chatbot is saddening.
Of course anything you type into a externally hosted AI is going to be harvested and sold.
But sure, in this case you are also potentially exposing your queries to your ISP or someone listening on your local network too.
Tarkcanis@lemmy.world 1 year ago
[deleted]prettybunnys@sh.itjust.works 1 year ago
Do you understand what you’re commenting on or just commenting hoping it’s funny?
Anarki_@lemmy.blahaj.zone 1 year ago
⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⣠⣤⣶⣶ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⢰⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣀⣀⣾⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⡏⠉⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿ ⣿⣿⣿⣿⣿⣿⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⠉⠁⠀⣿ ⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠙⠿⠿⠿⠻⠿⠿⠟⠿⠛⠉⠀⠀⠀⠀⠀⣸⣿ ⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣴⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠀⢰⣹⡆⠀⠀⠀⠀⠀⠀⣭⣷⠀⠀⠀⠸⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠈⠉⠀⠀⠤⠄⠀⠀⠀⠉⠁⠀⠀⠀⠀⢿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⢾⣿⣷⠀⠀⠀⠀⡠⠤⢄⠀⠀⠀⠠⣿⣿⣷⠀⢸⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡀⠉⠀⠀⠀⠀⠀⢄⠀⢀⠀⠀⠀⠀⠉⠉⠁⠀⠀⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿lemmy.blahaj.zone/comment/12622279)
breadsmasher@lemmy.world 1 year ago
🌕🌕🌕🌕🌕🌕🌕🌕
🌕🌕🌕🌕🌕🎩🌕🌕
🌕🌕🌕🌕🌘🌑🌒🌕
🌕🌕🌕🌘🌑🌑🌑🌓
🌕🌕🌖🌑👁️🌑👁️🌓
🌕🌕🌗🌑🌑🫦🌑🌔
🌕🌕🌘🌑🌑🌑🌒🌕
🌕🌕🌘🌑🌑🎀🌓🌕
🌕🌕🌘🌑🌑🌑🌔🌕
🌕🌕🌘🌔🍆🌑🌕🌕
🌕🌖🌓🌕🌗🌒🌕🌕
🌕🌗🌓🌕🌗🌓🌕🌕
🌕🌘🌔🌕🌗🌓🌕🌕
🌕👠🌕🌕🌕👠🌕🌕
mjhelto@lemm.ee 1 year ago
How the fuck do I explain this boner, now?
Stovetop@lemmy.world 1 year ago
Ah, the ol’ Blahaj Pik-a-choo
giacomo@lemm.ee 1 year ago
its nice of them not to encrypt it at least. it can get harvested along the way!
misk@sopuli.xyz 1 year ago
Volcengine is a platform of cloud services released by Bytedance in 2021 to help enterprises with digital transformation. Bytedance connection to China is well established. Sensitive data or data effective for fingerprinting and tracking are in bold.
So they use a Chinese CDN? That’s kinda alarmist.
Ulrich@feddit.org 1 year ago
I sincerely doubt they’re bad at it.
misk@sopuli.xyz 1 year ago
If leaking data is intentional then there are better ways than doing it in the open. Doubly so if you supposedly are in cahoots with your hosting and Chinese government.
don@lemm.ee 1 year ago
Fucking duh
pennomi@lemmy.world 1 year ago
The hell? There’s no reason to use plain HTTP instead of HTTPS.
And symmetric encryption is wildly irresponsible as well.
dragonlobster@programming.dev 1 year ago
Well many of China’s websites don’t even use HTTPS. Look at china.org.cn, or en.people.cn for example
cadekat@pawb.social 1 year ago
Depends on how much traffic you’re talking about. Encrypting/decrypting isn’t free.
pennomi@lemmy.world 1 year ago
It’s trivial compared to the compute they dedicate to AI models. Like, not even a rounding error.
webghost0101@sopuli.xyz 1 year ago
Not for s second do I believe this was a accidental oversight.
I am sure they had very good reasons, all alligned with their actual interests with no thought spared to even consider consequences for small fish users.
trolololol@lemmy.world 1 year ago
Yep I’m with you.
It’s so easy to use https with secure encryption. It’s the default. You have to go out of your way to use s symmetric key or to even allow http without SSL in xcode or Android studio.
kinsnik@lemmy.world 1 year ago
i just can’t think of any. like the article says, i fully expected the app to send data to china. but even if you are maliciously spying on users, why would you send the stolen data on unsecured channels? so that everyone in the path takes advantage of the data your wanted to steal?
HowAbt2morrow@futurology.today 1 year ago
No shit?
Crackhappy@lemmy.world 1 year ago
Absolutely “shocked” I tell you.
aeronmelon@lemmy.world 1 year ago
loudly places hand on side of face
Nobilmantis@feddit.it 1 year ago
Basically anything else you use here in the west sends all data to Amazon-controlled servers. But they make sure its encrypted so only them can see it. Nice.