DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers

cybersin@lemm.ee

The fact that anyone thinks they have any semblance of privacy when typing into an online AI chatbot is saddening.

Of course anything you type into a externally hosted AI is going to be harvested and sold.

But sure, in this case you are also potentially exposing your queries to your ISP or someone listening on your local network too.

breadsmasher@lemmy.world

️️

🫦

breadsmasher@lemmy.world

Regardless of the downstream server, you should expect the interim traffic to be encrypted in transit

mnbychoice@midwest.social

Maybe they want 3rd parties snooping?

cybersin@lemm.ee

If you are implying that a government wants your data, they can just buy it or request it from the company directly. They don't have to snoop to get it. Also SSL isn't going to stop them.

cybersin@lemm.ee

Sure, it's not a bad thing and it should be standard practice, but to act like encrypted traffic guarantees privacy is silly.

cadekat@pawb.social

A penny saved is still a penny saved. I'm not saying it would amount to much, but it is non-zero.

stephen01king@lemmy.zip

Tell me where in this thread are anyone expecting privacy from any online LLM service, or anyone saying encrypted traffic guarantees privacy?

ulrich@feddit.org

I sincerely doubt they're bad at it.

ulrich@feddit.org

Privacy is not the same as security

prettybunnys@sh.itjust.works

The thing is that with the traffic unencrypted it opens the door to all sorts of attacks on that traffic.

It’s not just privacy.

If you can intercept and interpret you have the ability to replace as well.

mjhelto@lemm.ee

How the fuck do I explain this boner, now?

misk@sopuli.xyz

If leaking data is intentional then there are better ways than doing it in the open. Doubly so if you supposedly are in cahoots with your hosting and Chinese government.

0xd@infosec.pub

These are completely different systems. It doesn't make a difference.

aeronmelon@lemmy.world

loudly places hand on side of face

ziltoid1991@lemmy.world

And that's why you use local instances...

trolololol@lemmy.world

Yep it also prevents anyone in the airport impersonating the WiFi and the bytedance server (which is trivial) and crafting payloads that run insecure code on your phone ( not that easy but there's heaps of CVEs like this in apps like Safari over the years, so there's at least 2x as many in an app like this)

trolololol@lemmy.world

Yep I'm with you.

It's so easy to use https with secure encryption. It's the default. You have to go out of your way to use s symmetric key or to even allow http without SSL in xcode or Android studio.

dragonlobster@programming.dev

Well many of China's websites don't even use HTTPS. Look at china.org.cn, or en.people.cn for example

gens@programming.dev

"Open"ai is definitely sharing everything you tipe with your government. Only difference is that chinese care less about your illusions. That said we are not even a blip in the sea of data so it doesn't matter anyway.

Bdw your patriot act says that any data that goes over your border can be stored and used indefinitely. So me seing your comment means your nsa will store it and can use it, even though spying on your own people is against your constitution or something.