DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers

anarki_@lemmy.blahaj.zone

⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⣠⣤⣶⣶ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⢰⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣀⣀⣾⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⡏⠉⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿ ⣿⣿⣿⣿⣿⣿⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⠉⠁⠀⣿ ⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠙⠿⠿⠿⠻⠿⠿⠟⠿⠛⠉⠀⠀⠀⠀⠀⣸⣿ ⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣴⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠀⢰⣹⡆⠀⠀⠀⠀⠀⠀⣭⣷⠀⠀⠀⠸⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠈⠉⠀⠀⠤⠄⠀⠀⠀⠉⠁⠀⠀⠀⠀⢿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⢾⣿⣷⠀⠀⠀⠀⡠⠤⢄⠀⠀⠀⠠⣿⣿⣷⠀⢸⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡀⠉⠀⠀⠀⠀⠀⢄⠀⢀⠀⠀⠀⠀⠉⠉⠁⠀⠀⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿

stovetop@lemmy.world

Ah, the ol' Blahaj Pik-a-choo

tarkcanis@lemmy.world

prettybunnys@sh.itjust.works

Do you understand what you’re commenting on or just commenting hoping it’s funny?

cybersin@lemm.ee

This is dumb.

Even if you encrypt network traffic, the receiving server still knows what you're doing. All it does is prevent third parties from snooping.

Usually.

kinsnik@lemmy.world

i just can't think of any. like the article says, i fully expected the app to send data to china. but even if you are maliciously spying on users, why would you send the stolen data on unsecured channels? so that everyone in the path takes advantage of the data your wanted to steal?

stephen01king@lemmy.zip

Yes, so not only are they doing something shady, they're doing something shady and exposing your data to anyone wanting to snoop it. What's dumb about criticising the latter part?

cadekat@pawb.social

Depends on how much traffic you're talking about. Encrypting/decrypting isn't free.

pennomi@lemmy.world

It’s trivial compared to the compute they dedicate to AI models. Like, not even a rounding error.

cybersin@lemm.ee

The fact that anyone thinks they have any semblance of privacy when typing into an online AI chatbot is saddening.

Of course anything you type into a externally hosted AI is going to be harvested and sold.

But sure, in this case you are also potentially exposing your queries to your ISP or someone listening on your local network too.

breadsmasher@lemmy.world

️️

🫦

breadsmasher@lemmy.world

Regardless of the downstream server, you should expect the interim traffic to be encrypted in transit

mnbychoice@midwest.social

Maybe they want 3rd parties snooping?

cybersin@lemm.ee

If you are implying that a government wants your data, they can just buy it or request it from the company directly. They don't have to snoop to get it. Also SSL isn't going to stop them.

cybersin@lemm.ee

Sure, it's not a bad thing and it should be standard practice, but to act like encrypted traffic guarantees privacy is silly.

cadekat@pawb.social

A penny saved is still a penny saved. I'm not saying it would amount to much, but it is non-zero.

stephen01king@lemmy.zip

Tell me where in this thread are anyone expecting privacy from any online LLM service, or anyone saying encrypted traffic guarantees privacy?

ulrich@feddit.org

I sincerely doubt they're bad at it.

ulrich@feddit.org

Privacy is not the same as security

prettybunnys@sh.itjust.works

The thing is that with the traffic unencrypted it opens the door to all sorts of attacks on that traffic.

It’s not just privacy.

If you can intercept and interpret you have the ability to replace as well.