DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers
-
[email protected]replied to [email protected] last edited by
Tell me where in this thread are anyone expecting privacy from any online LLM service, or anyone saying encrypted traffic guarantees privacy?
-
[email protected]replied to [email protected] last edited by
I sincerely doubt they're bad at it.
-
[email protected]replied to [email protected] last edited by
Privacy is not the same as security
-
[email protected]replied to [email protected] last edited by
The thing is that with the traffic unencrypted it opens the door to all sorts of attacks on that traffic.
It’s not just privacy.
If you can intercept and interpret you have the ability to replace as well.
-
[email protected]replied to [email protected] last edited by
How the fuck do I explain this boner, now?
-
[email protected]replied to [email protected] last edited by
If leaking data is intentional then there are better ways than doing it in the open. Doubly so if you supposedly are in cahoots with your hosting and Chinese government.
-
[email protected]replied to [email protected] last edited by
These are completely different systems. It doesn't make a difference.
-
[email protected]replied to [email protected] last edited by
loudly places hand on side of face
-
[email protected]replied to [email protected] last edited by
And that's why you use local instances...
-
[email protected]replied to [email protected] last edited by
Yep it also prevents anyone in the airport impersonating the WiFi and the bytedance server (which is trivial) and crafting payloads that run insecure code on your phone ( not that easy but there's heaps of CVEs like this in apps like Safari over the years, so there's at least 2x as many in an app like this)
-
[email protected]replied to [email protected] last edited by
Yep I'm with you.
It's so easy to use https with secure encryption. It's the default. You have to go out of your way to use s symmetric key or to even allow http without SSL in xcode or Android studio.
-
[email protected]replied to [email protected] last edited by
Well many of China's websites don't even use HTTPS. Look at china.org.cn, or en.people.cn for example
-
[email protected]replied to [email protected] last edited by
"Open"ai is definitely sharing everything you tipe with your government. Only difference is that chinese care less about your illusions. That said we are not even a blip in the sea of data so it doesn't matter anyway.
Bdw your patriot act says that any data that goes over your border can be stored and used indefinitely. So me seing your comment means your nsa will store it and can use it, even though spying on your own people is against your constitution or something.
-
[email protected]replied to [email protected] last edited by
Yeah, I’m not an American and not here to argue one’s better than the other because if you care about your data you just don’t give them opportunity to see it. I’m just having fun pointing out how silly this poo-slinging between US and China looks to bystanders. It’s like denouncing DeepSeek is a modern day swearing fealty to the American lords.
-
[email protected]replied to [email protected] last edited by
Oh, no. I don't mean USA government. I do mean some governments, but also any company between here an there.
Imagin that your company wants to sell user data. There are limits on what your company can sell due to contracts or laws, due to having a relationship with the customers.
Your company leases internet connections from another company, ISP or not, that can sell the data.
Sending the data without SSL provides an okay, if not ideal, method to move that data.
