DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers
-
[email protected]replied to [email protected] last edited by
loudly places hand on side of face
-
[email protected]replied to [email protected] last edited by
And that's why you use local instances...
-
[email protected]replied to [email protected] last edited by
Yep it also prevents anyone in the airport impersonating the WiFi and the bytedance server (which is trivial) and crafting payloads that run insecure code on your phone ( not that easy but there's heaps of CVEs like this in apps like Safari over the years, so there's at least 2x as many in an app like this)
-
[email protected]replied to [email protected] last edited by
Yep I'm with you.
It's so easy to use https with secure encryption. It's the default. You have to go out of your way to use s symmetric key or to even allow http without SSL in xcode or Android studio.
-
[email protected]replied to [email protected] last edited by
Well many of China's websites don't even use HTTPS. Look at china.org.cn, or en.people.cn for example
-
[email protected]replied to [email protected] last edited by
"Open"ai is definitely sharing everything you tipe with your government. Only difference is that chinese care less about your illusions. That said we are not even a blip in the sea of data so it doesn't matter anyway.
Bdw your patriot act says that any data that goes over your border can be stored and used indefinitely. So me seing your comment means your nsa will store it and can use it, even though spying on your own people is against your constitution or something.
-
[email protected]replied to [email protected] last edited by
Yeah, I’m not an American and not here to argue one’s better than the other because if you care about your data you just don’t give them opportunity to see it. I’m just having fun pointing out how silly this poo-slinging between US and China looks to bystanders. It’s like denouncing DeepSeek is a modern day swearing fealty to the American lords.
-
[email protected]replied to [email protected] last edited by
Oh, no. I don't mean USA government. I do mean some governments, but also any company between here an there.
Imagin that your company wants to sell user data. There are limits on what your company can sell due to contracts or laws, due to having a relationship with the customers.
Your company leases internet connections from another company, ISP or not, that can sell the data.
Sending the data without SSL provides an okay, if not ideal, method to move that data. -
[email protected]replied to [email protected] last edited by
Does this actually matter so long as I just ask it questions I want answers to? I’m not feeding it any personal information.
-
[email protected]replied to [email protected] last edited by
You wouldn't believe how little information can be personally identifying, especially when combined with other little pieces.
Also, knowing what's on the mind of western people, how you write, how you engage in conversations can be extremely valuable information.
-
[email protected]replied to [email protected] last edited by
True, but you need powerful server in order to run the most capable Deepseek model, which most people don't have.
-
[email protected]replied to [email protected] last edited by
There's zero relationship between data being unencrypted and it being sent to chinese servers.
If you use a chinese service it's obvious that data is going to be sent to a chinese server and that the chinese server would be able to read it.
Unencrypted data transfer, it's a totally different thing. I would like to see if it's truly unencrypted or just not using apple proprietary encryption.
I luckily don't own any apple product, but I have deepseek app on my android device. If I'm bored later I'll try to intercept my own data to see if it's truly unencrypted. This is easy to test. If it's not true that newspaper is going to my "block list" asap.
-
[email protected]replied to [email protected] last edited by
Oh no. They will know that I don’t know how to implement cache invalidation in python. /s
-
[email protected]replied to [email protected] last edited by
2nd place is duck.AI in via tor browser
-
[email protected]replied to [email protected] last edited by
That’s an understatement. It won’t even fit well in 8xA100, you need an EPYC server to run it in CPU RAM, very slowly.
-
[email protected]replied to [email protected] last edited by
To run the 671B parameter R1, my napkin math was something like 3/4 of a million dollars in hardware. But that (plus the much lower training cost) made this a millionaire's game rather than a billionaire's. Plus the distillations do seem better than anything else we have at the smaller sizes at the moment. All that said, I'm looking forward to the first use of deepseek's methods with google's Titan architectures.
-
[email protected]replied to [email protected] last edited by
surprised pikachu no one could see this coming from a few thousand miles away
-
[email protected]replied to [email protected] last edited by
If forced to relocate servers to a US partner,it leaves an attack vector.
-
[email protected]replied to [email protected] last edited by
To be honest, not using TLS nowadays is pretty surprising.
-
[email protected]replied to [email protected] last edited by
Having an app installed gives it a lot of information
Unencrypted just means people on the way to that server can peek
