The most popular Chinese keyboard app which is used by more than 450 million monthly users sends every key typed to Tencent in China.
Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/Open linkView original on lemmy.world2039
Comments458
I live in China and this software is cancerous not just in the encryption failure, it also nestles into a computer like a trojan. Creates 2 fallback installations and will reinstall itself after removal if you reboot in between, unless you get rid of all 3 installations at once, where they are deliberately trying to obfuscate the uninstall button (triple confirmation, swapping the confirm/cancel buttons and button background colors, etc.).
It's a nasty piece of crap that come preloaded on any phone (android, at least) and Windows-PC here.
It's time to switch to Linux!
I mean the CCP is aiming to have people use Kylin? If the government and the entire populace starts using Linux instead we'll just see the same BS on Linux instead. It's not an OS/platform issue, but an issue of bad actors.
On the plus side maybe then it’ll finally be the year of the Linux desktop.
monkeys paw curls
Don't worry, there is also a Linux version.
Oof
Then they'll install the Linux version. People here are so indoctrinated, they like it.
Do people generally try to circumvent it? Are they too scared to uninstall it? Or do they just not care?
Worse. They think it's useful.
Why? Useful for safety and security of the society?
Edit: Why downvotes? I'm trying to put myself in their shoes, it's not how I view it lol
Comes with a built in translator and spell checker, and since access to Google translate is blocked, that's often the only alternative.
Ah ok makes sense
Lol “I love this tool that they made, because they blocked me from Google translate.”
Nah. They don't know Google translate. Or Google, for that matter. They know what they are supposed to know.
Of course some people know better, and those are the ones who will eventually get around the block - finding and installing a VPN is not rocket science, not even here. But if you keep 98% of the population contained, the rest won't reach critical mass.
I thought we are talking about a keyboard app?
Yeah, wtf is that equivalency?
“Why do people smoke”
“Well some people like to eat at restaurants or watch movies with their friends so”
Haha, exactly my thought
It was a “what about” analogy. It compares a app that steals data without the users consent and the other one is the keyboard app. Both seem to be wanted by consumers despite the steeling parts.
Yeah but a social media platform has completely different qualities. Therefore the reasons for people how and why they use them will be completely different. Also the keyboard app is forced on the phones by the state while the use of social media platforms is optional. Just too many different factors at play here imo.
Some weird downvotes, and I want to know too. Why does a keyboard app mean anything to anyone? The keyboards included on iOS and latest Android versions are great.
Don't know about this keyboard or Chinese, but a language specific feature might be one of the reason.
I use SwiftKey and I love how it supports multilingual autocorrect and prediction for Indonesian and English without needing to switch between keyboard language.
iOS built in keyboard supports multilingual typing for some languages, but not Indonesian.
I assume people love it also because some specific feature that doesn't exist in the stock keyboard.
My guess is that it might either be more accurate in predictions or some additional convenience factors that makes typing this logographic language much easier and faster lol.
Or people are also simply used to it since it's everywhere.
Be careful jumping the firewall.
Sure. Foreigners aren't really sanctioned though, that's more of a risk for the locals. But even then usually only if they want to get someone disappeared and don't have anything substantial against them.
Alright China shills, you can stop changing the subject to how Google and the US are the "same".
https://en.m.wikipedia.org/wiki/1989_Tiananmen_Square_protests_and_massacre
If you lived in China you'd likely not know about this, since people who talk about it go to prison.
Yeah the US is exactly like this so let's not talk about the Chinese government being awful to their citizens /s
Simple solution is to block lemmygrad and hexbear in your app. That cuts down quite a few tankies and mainlaind Taiwan shills.
Imagine being in Taiwan and having full access to information about China and the west and still shilling for China. Those types of people should be looking for a dominatrix, not a political philosophy...
I think they might be using "mainland Taiwan" as a way of saying China - Taiwan is an island which China thinks is "theirs" for some reason.
The politicians have to play nice and be polite. Right up until they don't have to anymore.
The people can recognize that Taiwan is what happened to the last freely elected government of Western Taiwan, and that the CCCP are nothing more than despots and authoritarian tyrants that freely abuse their own people, and would absolutely be bullying the world, if they were actually as powerful as they claim to be.
The CCCP ≠ China or the Chinese people.
The CCCP = Western Taiwan
"Yes, but history..." they will say.
And in history China used to be the opium export market of the Brits so by historic rules it has to be that again. I guess they'll say "but that's different".
no one tell this guy what happened to the native taiwanese
https://en.wikipedia.org/wiki/White_Terror_(Taiwan)
Tbf, it was theirs - until it wasn't. At this point, it is a bit like the British were insisting that the US was theirs.
The history of Taiwan is quite a bit more complex than that, but the PRC (current government in mainland China) has never controlled Taiwan - it was never theirs.
Taiwan was a Japanese colony from 1894 until 1945 when Japan was forced to hand it over to the ROC (the successor government to the Qing dynasty, which was the last time you could argue China controlled the island - the Qing managed to almost fully colonize it before losing it to the Japanese, although a lot of the mountainous parts of Taiwan were still mostly autonomous at that time and inhabited by aboriginal Taiwanese who continued to resist the Qing rule)
The ROC takeover of the island is also seen as another colonization by many Taiwanese as well - the descendants of the Qing era colonists who were mostly Hokkien speakers from Fujian, while the ROC migration in 1949 was mostly Mandarin speakers from wider China, who fairly brutally imposed their rule over the island (see 4 decades of martial law, etc.)
ROC managed to reform itself over time, and Taiwan is now a vibrant democratic country which is forging its new national identity where most people would prefer to be left alone to control their own affairs.
You've got it backwards - Taiwan (the Republic of China) actually used to control the mainland before the Chinese civil war that resulted in the modern-day government (the People's Republic of China) taking control. Source: https://en.m.wikipedia.org/wiki/Chinese_Civil_War
"Taiwan" was never the administrative centre of China, come on. Some of the Chinese ruling classes fled there after the revolution. It's like saying the capital of Germany was always Bonn.
Sorry, bad phrasing. I intended to say "The current government of Taiwan"
There's a bunch of Taiwanese people who would welcome Chinese rule. I don't know why.. The CPC sucks my balls
That's kind of the history of humanity regarding religion. To some degree when the religious prophets were alive it make sense, but hundreds of years later it's a story book (or oral tradition) and people still strive for the authority.
We haven't really had that many teachers like Carl Sagan who describe the history and our favoring of authority - inability to question them. It's pretty weird, as they often aren't attractive or good speakers, but you see people just accept almost anything they say. I mean in the USA I witnessed so many people who would trust Rush Limbaugh and Alex Jones kind of blindly, and there is some mechanism at play that humanity in total seems to keep engaging.
A must have on apps to be able to block/filter instances
Been using lemmy for a few days and I am already feeling the need to do just that.
How so? I've been using since the API blackout and not seen any content from either instance.
Wtf is up with hexbear?
If I understand correctly, hexbear is where the refugees ended up after Reddit banned r/ChapoTrapHouse.
Check it out for yourself ![email protected]
You must mean West Taiwan. Sadly they refuse to acknowledge the authority of Taiwans government.
No one is saying Google massacred protestors, but if you're gonna be against keyboard apps spying on you it should be irrelevant who they're spying for. Criticizing shitty things American companies do doesn't make you a China shill and calling everyone who does it a China shill is intellectually dishonest.
I mean, ill always say that China is worse than the US. But you can find plenty of examples of the US doing awful things to its people too.
Like the MOVE bombing https://en.wikipedia.org/wiki/1985_MOVE_bombing
or The Tusla Massacre that involved law enforcement bombing black neighbourhoods https://en.wikipedia.org/wiki/Tulsa_race_massacre
Or any of the countless of times cops perpetrated mass violence against black people during the civil war era and cracked down harshly on protests.
Or when the did the same to anti-war protestors during the vietnam war.
Or the numerous times they experimented on their own citezens such as MK ultra, The Tuskegee Syphilis Experiment, or any of the dozens upon dozens of radiation experimentation, like when almost 1000 pregnant mothers were injected with radioactive iron, causing many miscarriages and cancers(and thats not the only time they injected pregnant mothers with radioctive material to see if it fucked up the baby), or when inserting radium rods up the nostrils of school children and then observing how their health declined, or when they dosed hundreds of inuit with radioactive iodine to see its affects on the thyroid.
Like I dont think this makes China's atrocities any more excusable, but the reverse is true to. The US really isnt much better than China.
The world ain't just good or bad and there's various degrees of "bad". The fact that many US people can even talk about this stuff makes them already just ever so slightly better for many outsiders. This is how it is, neither country is "good" but they align more with western ideals than an authoritarian state which for many of us is bad by default...which it is of course. :)
Don’t forget operation sea spray! Next time you laugh at someone talking about chemtrails remember the us government actually did chemtrails!
As bad as those two linked incidents were, they weren't exactly government sanctioned. Police sanctioned, sure, and the government should do more to reign that shit in, but comparing them to Tiennamen is disingenuous at best.
The Chinese government hates letting its citizens have a voice.
Shills gonna shill
I tend to lean into accepting that ‘the US government has done some pretty horrific shit too’ camp, but I don’t do it as a way to shill for China, because fuck that authoritarian place. But it is dumb not to recognize massacres like Kent State, Tulsa, or the systematic genocides of First Nations peoples.
Tiananmen Square really isn’t the best example to use as an example of how China isn’t like the US. There’s plenty of much more insidious dystopian shit happening in China every day to use than that.
Yeah exactly my point.
this article isn't about the US. I believe there is a reason so many in so many threads like that do what you're doing and worse. THE TOPIC IS NOT THE US, STOP TRYING TO MAKE IT THAT WAY
Jesus Christ, this thread is cursed.
Circling back to the article: it would be easier to name software that doesn't collect your data and send/sell it to your respective government. The point being made in this thread is that it isn't just a China problem. If you think you're safe from government observation just because you don't live in China, I have bad news for you.
I think you know without doubt that this is something NO ONE ever ever ever said. You know this. And yet still -- you want to make this about the united states. Maybe you can explain a way that this got brought up without China shills infecting the thread?
Because the article is not about the US. It's not.
I didn't mention the US.
The article makes it sound like it's UNUSUAL that a phone app is spying on its users and sending user data to the government. It's not an exception, it's the rule. People pointing this out are doing you a favor, because the article's framing would otherwise lead you to believe this is a China problem and not a tech problem.
I think it's a response to how there are so many CHINA BAD articles. You could take each article as isolated, but there is the idea of manufacturing consent and it's how people develop negative feelings towards particular things after seeing so many negative articles about them.
Well, you can post all the bad shit the US has done.
China IS A BAD ACTOR on the international, national, regional, and Municipal levels. The whole state apparatus is corrupted.
It's a lot more quick for me to point out that it's not unique to China. The way you phrase the second part of your post is as if China is unique in this sort of corruption. The US is just as corrupt, plus it has a lot more influence around the world thanks to the sheer amount of resources it controls.
China IS bad. Changing the subject isn't the reaction of an unbiased person.
I’m not trying to change the subject from China to the US, I’m trying to point out that the example of Tiananmen Square is not the best example to use as a distinguishing factor for China vs the US when there are numerous examples of the US commuting similar atrocities throughout its history.
The current and active oppression and genicide of the Uyghurs.
The brutal silencing of political and ideological ‘dissidents’.
The openly dystopian social credit system being developed.
The suppression of free speech and self-expression.
There is a long list of examples to pull from that set China apart from the US.
"China’s Orwellian Social Credit Score Isn’t Real"
https://foreignpolicy.com/2018/11/16/chinas-orwellian-social-credit-score-isnt-real/
"China’s Social Credit System Is Actually Quite Boring – A supposedly Orwellian system is fragmented, localized, and mostly targeted at businesses"
https://foreignpolicy.com/2021/09/15/china-social-credit-system-authoritarian/
It's called Whataboutism. Very common deflection tactic.
yep
Do you even know what the word shill means?
Like wtf do you think I'm trying to sell?
it seems you're selling that idea that China = USA as to minimize bad actions by China.
Thats not really a thing you sell and I literally start my comment with
So it seems you really just cant cope with the fact that the US is a bad guy as well.
ideas are sold every day. maybe there is a reason you want to focus on the US instead? hmm weird no that can't be true at all.
Imagine thinking China is worse than the US when the US killed something like a million Iraqis, and that's just one of the many war the US was waging in the last 30 years while China checks notes attacked nobody in that timeframe.
Sir this is a Wendy's
Or more specifically, a thread about a phone keyboard.
But it is true that Google and Microsoft phone home with your key strokes. That's how they develop their predictive typing and autocorrect.
If you can't see the fundamental intertwining of Google (or any other fortune 500 company) and the US State, then you should really start looking harder. Lobbyists, revolving door membership, corruption, tax writeoffs, corporate power being used to influence day-to-day life, really, US companies' control over the US state is pretty similar to the Chinese State's control over Chinese Companies. I just don't think corporations should be in charge like y'all seem to.
That's false equivalence.
China killing protesters and silencing dissidents does not make it OK for Google or anyone else to spy on you.
Here's a video of an interview with Chai Ling recorded on May 28, 1989 with reporter Philip Cunningham. Chai Ling was arguably the most influential leader of the student protesters at Tiananmen Square. In the interview she openly wishes for the soldiers to massacre the students after her instrumental role in blocking attempts by other activists to move the protest back to campuses, all while refusing to sacrifice herself.
Notable quotes from this interview include:-
"You, the Chinese are not worth my struggle. You are not worth my sacrifice"
"The students keep asking what shall we do next? What can we accomplish? I feel so sad, because how can I tell them what we're actually hoping for is bloodshed - for the moment when the government has no choice but to brazenly butcher the people?"
"Only when the square is awash with blood will the people of China open their eyes. Only then will they really be united"
"If we allow the [protesters] movement to collapse on its own, then the government will be able to wipe out all the leaders of the movement"
Upon being asked if she will stay in the square herself after urging the students to stay she simply responded, "No, I won't".
When the Tiananmen Square incident erupted in violence on June 3rd, Chai Ling escaped from Beijing by train. She was eventually smuggled to Hong Kong via Operation Yellowbird, an MI6/CIA led initiative to extract dissidents who they hoped would form the nucleus of a "Chinese democracy movement in exile". To my knowledge, no details exist about how and when she made contact with them. She was subsequently invited to study at Princeton on a full scholarship due to her pivotal role in the Tiananmen protests. She studied Politics and International Relations there, eventually picking up an MBA from Harvard. Today, she runs an internet company called Jenzabar that she founded with her husband, the lawyer Robert Maginn, a long time associate of the Republican party, having even served as the chairman of the Massachusetts Republican party between 2011 and 2013. Their company serves more than 1300 higher education institutions worldwide, whom they provide with ERP software.
This is one of my favorite things about kbin over Reddit. So neat to see gifs in chat.
They're viewable on Lemmy too!
Not voyager yet
It just appears as a static image on Infinity. I had to tap on it to go fullscreen and start playing it. Though the app is still in beta, that might change.
It works on Sync
Thunder as well.
Dumb question, but how do you view the kbin page? I'm using Sync
I was talking about gifs
And my axe!
Reddit added the same functionality some time ago, I'm a bit sad it's a thing here too but oh well. People seem to like it. My favourite thing about reddit was it being text-based though
I wish they were smaller, like maximum twice the size of an emoji, maybe bigger for gif type images.
If you think that's a kbin thing, you've not used reddit in years, you haven't looked at anything lemmy, etc.
You could have gifs on Reddit too
Through New Reddit, which was objectively awful.
It’s viewable in Memmy for lemmy as well, also been on Reddit for years just not used much due to the culture there dog piling it all the time.
I wish there was a setting to get rid of them in the app I use, hate inline images and gifs
How are you seeing gifs in kbin? All I'm seeing is a url link to the gif and have to click the media icon button next to the URL For it to load...... is there a setting I need to enable to load pictures/gifs automatically?
I'm guessing it's your app. I'm viewing through desktop and it works fine.
Didn't swiftpad or whatever its called send every key pressed to Microsoft?
Not a China shill. China is horrible. Microsoft less so as they don't commit genocide in slow motion. But still, I think this sort of thing is more common than we think.
Use FOSS.
It's stories like this that don't surprise me as much as make me ask: How the fuck do you store and process this much data to get anything useful out of it.
You just save the first 50 digits typed after some email is typed, and you have all the passwords you need!
This only applies if a username is a email
And if it is then what happens when people actually email someone? Autocorrect during login?
I don't think they're saying that method would yield 100% clean data but it would give you all the "necessary" data with the absolute bare minimum storage requirement. At some point people will log into their email and for most people if you have their email password you have the password they use for everything
Yep, I only reacted to a "new requirement": save space :)
They weren't describing a use case for every single type of situation.
I could be wrong, and this is a generalization of any country you can name, but my impression is data is stored on everyone so when they decide someday to look you up they already have all the data collected. It's not really processed until needed.
And in hopes of it being useful later, when processing power is better.
Hey GovGPT8, please rank the 10 citizens most likely to organize protests if we institute curfews.
Exaaaactly
And how can autosuggest / autocorrect be so bad with so much training data
Did you ever see how an average person types? It's not the amount of data that is the problem. We have too much dumb data!
The real answer is compute power. At the moment it's very expensive to run the computations necessary for big LLMs, I've heard some companies are even developing specialized chips to run them more efficiently. On the other hand, you probably don't want your phone's keyboard app burning out the tiny CPU in it and draining your battery. It's not worth throwing anything other than a simple model at the problem.
China being China, no surprise here.
Wait til you hear about whataboutism lawl
what's your purpose?
I mean in life..
The Xzibit begins to compound itself. Soon there is so much whataboutism compressed into other instances of whataboutism that the singularity has formed. Faintly, all you can make out above the constantly repeating "Yo dawg, we heard..." is the whoosh of the empty air spinning around inside OP's head. And suddenly, with a cacophonous roar there is nothing but silence. And then, triumphantly, a yellow sickle and hammer emblazon themselves against a red background as the Soviet National anthem plays. OP is at peace.
US as in USA as in United States of America, I believe
Oh wow, who would have ever thought they'd do that? What a fucking surprise.
As if other keyboard apps are any different, I don't think Microsoft bought SwiftKey just for fun?!
I don't get it? Why are they talking in the article about not using the right type of encryption. The problem isn't the encryption, but the fact that it is sending your keystrokes to the mothership, right?
In a surprise to absolutely nobody, China spies on their people.
I feel like there should be a Lemmy version of everything now
The people here acting like their Gboard doesn't do the same is so funny.
Edit : never used nor installed tiktok.
It probably doesn't though. Obviously it's closed source making it harder to tell what's actually happening, but there's nothing stopping security analysts from looking at network usage and such. I would imagine that Google doesn't install a keylogger on every Android phone, not out of the goodness of their hearts, but because they don't want the bad publicity and lawsuits when it would inevitably be discovered.
they do collect usage stats by default though.
which include typed sentences passed through their ai model and words usage counts.
it can all be turned off and gboard seems to respect these options. it doesn't access online services unless requested with these options off.
If you mean by "collect usage stats" train their AI model on-device and send the training result to Google, then yes. If you mean that the actual words get sent to Google's servers, then no. There was a study shared recently that looked into this. Only metadata about what's typed is sent. That's not nothing of course, but it's not what Tencent does at all.
E: Found it.
If you have any evidence that it does, it would be big news. Please share.
I mean he's not wrong, but also not really the same thing. Gboard does send a substantial amount of data about the things you typed to google. It is supposedly anonymous, but they do this to get anylitics, and they use this data to improve the suggestions given to you.
There has been at least one article where someone intercepted the data leaving from Gboard and found it's either unencrypted or just hashed into something like base64. This was a while back so things hopefully changed.
While google does try not to phone home users passwords, how can you tell what is and isent private?
Info
Even if i had it, do you honestly think i would waste my life to be completely forgotten and left to rot for disclosing it like Snowden. Yep, no one will ever reveal anything after that shit show.
ok.gif
https://media.tenor.com/NP4p6NFHd00AAAAM/richard-simmons-sure-jan.gif
I'm going to guess you're one of the people who defends tiktok and compares it to every other social media app by saying the US government is basically the same as the Chinese government
No it's not a "warning," it's just boring old whataboutism.
The first part of your comment is like a textbook example of the fallacy.
I'm not so sure. The China apologists are in every thread like this and I don't think it's something to dismiss
It seems to be a very common fallacy in geopolitics to believe that a rival of the US must automatically be morally better. You see plenty of "left wing" imperialism defenses that blame Ukraine for the invasion and insist they should give up and do whatever Russia wants them to do.
It's apparently disappointingly complex for some people to believe that X can oppose Y and both of them can be horrible bastards. They can't take criticism of China or Russia because they automatically see an implicit "America better" that's not really there.
yeah, that's fair. I think that it is more common to like a thing (tiktok) and defend it however you can.
Absolutely, yeah. I'd like to think I'm able to give a more objective take since I got into TikTok late, but I honestly don't know that I do.
It seems people can't understand this. Am not American so i have an outside view that's free from any patriotic feeling and the spoon fed propaganda since childhood.
Not op, I know for sure that China's been trying to grab as much intelligence as possible going as far as installing sniffing type software in network controllers and servers, and grabbing keystrokes from a keyboard is absolutely despicable and something they would do to grab more intelligence.
The thing I have trouble figuring out is why in the hell people would care about TikTok. What signal intelligence is coming from my wife swiping through 14,000 cat and home organization videos.
Location is turned off The app is sandboxed It's not allowed to access the camera or the speaker without giving some minor notification that they're on and people would notice.
I totally get the China will do bad if they can but I fail to see the ultimate danger of TikTok.
From "the olden times" (Reddit link):
I don't know what you mean by sandboxed but I'm pretty sure it cannot be as private as it seems, even if you're using a VPN. But regardless, 99.99% of tiktok users are not taking steps to protect their data. hundreds of billions of data points that help an authoritarian government know how people think is nothing to shrug at.
Mobile apps aren't in the wild west anymore. They don't get access to the other apps and can't wander around unlimited on your device without clear permission. If you say no location, they don't get location. It used to be different, but apple and google are on the same page now and they don't let apps abuse you without clear permission anymore.
Even pulling your IP and giving them a vague city level location, They're correlating that with liking 30 second random content videos and music. This isn't even the level of intelligence you 'd get from FB or Youtube people aren't searching tictok to see how to use software or edit code or how public infrastructure works. You're getting organziation, cat videos, kids coming home from the dentist saying crazy things. I just don't really see it as a big deal.
you say all this and trillions of dollars still ride on their ability, which we very much knows exists, to stitch together billions of datapoints to know things about their users.
I will now answer any questions that boils down to "but we're the good guys" to "not American"
What the fuck are you talking about? This has nothing to do with America, the problem here is you're falsely equating a horrifyingly authoritarian government and basically writing it off as the "sAmE aS gOoGlE"
I don't know. What i read on Wikileaks made me believe they're not that different you know. Go read it, it will open your mind.
How many times has the US military ever murdered 900+ protestors in broad daylight then censored it from all media and imprisoned anyone who talks about it decades later?
Educate yourself. Jesus fucking Christ.
For the record I don't need to read more about the US government corruption, that's known. The fact that you're comparing the two is disturbing af
Several in fact. Most famously they bombed Tulsa oklahoma when black people there got too wealthy. But now multiple states are banning the teaching of it, alongside banning the teaching of our genocide of the Native Americans.
We do most of our murder of innocent people these days abroad though which isn't really much better, but most Americans are apparently completely fine with children being murdered so long as they aren't white and they aren't here, or they aren't in an American school being shot by one of their peers.
You're right let's talk about America not China. No agenda there at all. Nope.
Starting with the native American or i don't count it ? I don't know ? Is shooting a bus full of kids and laughing about it saying they'll grow up to be terrorist anyway isn't that far off and this is the tip of the iceberg buddy. USA is good at hiding murdering brown people by prefixing the word terrorists.
And yet you won't face life in prison for writing that. Yeah you're right, SAME
if you wanted to make this a whataboutism is bad argument i'd be with you, but you're still toeing the line of "oh but it's okay when america does bad stuff, it's not the same"
No I am towing the line of "stop changing the subject and erasing history"
No one is acting. It doesn't do the same. There you have it.
Did you read it ? Can you share the part with relevant info. I tried to read it but it kept going abouts how Gboard and the Microsoft keyboard both gather huge amount of data and yet that both are opaque and you can't know what data is sent to the server backend.
Also, ever heard of 5,9 and 14 eyes ?
Oh shit, Google is sending my stuff to China?
It depends. Ever heard of databrokers ?
Google doesn't sell to data brokers. Not yet at least. They have a competitive advantage they will lose if they sold their data (our data) to third parties, especially third party resellers. If/when they begin circling the drain, that may change.
The big issue is Google isn’t owned by the state.
I mean... Does It change anything? They are owned by a board of directors that want profits over anything else
Of course it change, at least the authorities have to buy from companies with public money instead of getting for free.
Yes, not being owned by the world's most terrifying government turns out to be different than being owned by the world's most terrifying government. Funny how that works
Where are the Snowdens of yesteryear?
Not sure what you mean.
It's a quote from the book Catch-22 and just popped into my head when I saw your user name. Highly recommend the book but there's a short explanation of the phrase here if you're curious.
Man, Snowden wasted his entire life to tell you USA literally spy on everything you do and when caught their answer was : yeah, so what you gonna do about it, maybe you should do the same.
Instead they are about to be their own state.
Btw, companies are absolutistic by default.
They are the state at this point. So same thing.
no they are just compelled by the state and secret courts which is totally different obviously
I love how people overlook this part. You get all the knuckledraggers who want to claim the US is somehow just as bad as China is.
The anti-American sentiment in here is obnoxious.
I've never thought that the knuckledraggers were anti-american. I think they are anti-intellectual. Using tiktok is more important to them than the future of humanity.
Some of the knuckledraggers are. I guess I should have added that a lot of the edgel0rds like to rustle some feathers by posting anti-American views.
Total false take, don't just say your suspicions like they are facts.
It's not a bug, it's a feature.
lol.
The writer out here acting like this wasn’t an intended feature lol
And this is the only point of the article. Idk what all these other comments are on about, but this article is outlining lack of standardized protocols that made the software vulnerable to network eavesdropping.
This doesn't point to a big CCP conspiracy, it's just bad design.
And the Platinum Award for Least Surprising News Headline goes to...
And gboard or SwiftKey don't?
Every single time something sketchy is happening in Chinese tech a Lemmy user will slide the conversation and accusations to American tech. It's a rule.
Is not about American/Chinese government, is about privacy. ANY company or government storing your data can be extremely problematic in the future.
Yeah the Sogou Keyboard send data to Tencent, the same thing happens or could happens with others proprietary keyboards in the future. How about trying a FOSS one?
It's absolutely about the American/Chinese government, I don't see comments forum sliding into Chinese tech on every post about Google.
But no, swift and gboard don't send your data to the American government.
There's also a dangerous misconception around here that FOSS == privacy safe. It doesn't.
There is also a differece between invading your privacy and compromising your security. Both are bad, but one is much worse at least in my view. Keylogging and then sending those keystrokes back to base with a dodgey custom rolled encryption framework is not just a breach of privacy.
On all social media, that seems to happen and it makes me sick.
People not knowing how scary the Chinese government is speaks volumes about the future of other countries. We had all the opportunity to see it happen and avoid it and these morons dismiss the truth and whatabout every damned thing
Well, we have actual evidence here of dodgy shit happening, but what about this other thing I assume is also happening based on absolutely nothing? See, both just as bad!
Gboard doesn't at least. It does send some stuff but not keystrokes
It sends whole words instead!
Any data you submit to Google is stored and analysed. That's different from sending keystrokes as they happen though.
I'm all for criticising invasive data use and collection which Google is definitely guilty of. It's not the same as keylogging though which is not just a privacy concern but a pretty serious security one as well. Also we have actual evidence here of Tencent doing this which makes a difference to me at least.
I’m not sure if that’s true. You know, it’s Google. Every keystroke in your gmail email is analysed, so can’t imagine gboard is any different to them.
We can't know for sure if they're not open source
While GBoard is closed source, they have documented that they use federated learning. Meaning their model is generated on-device and only the inferences are sent to Google.
That being said, I use OpenBoard.
Plus it also has the feature where you can drag on the space bar to move the letterhead!
I prefer OpenBoard, it doesn't send keystrokes to any server
The fork even has support for swipe, autocorrect, word prediction, clipboard management, etc, and is way more lightweight than Gboard and the rest. Zero reason to use anything else at the moment.
What's the fork? I've been using Florisboard beta (ehich is also opensource) and pretty happy with it. The only things I miss is swipe for dictionary words
https://github.com/Helium314/openboard
Important to note that you need to install a library from inside the app's settings to enable swipe typing. Ctrl+F "enable gesture typing" on the Github page to see where to get it.
I loaded the library but couldn't see a toggle to turn it on.
Uhhh it's pretty blatant.
OpenBoard Settings > Gesture Typing > Enable Gesture Typing
Is this a different fork
They don't.
Not if you block internet connection at system level. I think it can be done if GBoard in installed as an user app, not as a system one.
Might as well just use Open Board.
Of course. My "problem" is that I need to write in 3 languages at the same time and switching languages manually in Open board is a bit cumbersome, while in GBoard it happens automatically.
This "they're all bad" shit aimed at the Chinese government makes me so sad. How many of you dullards have even heard of Tienanmen square
The downvotes tell me some people need to Google Tienanmen square. From outside China. Inside china, it didn't happen. Erases from history
It's not called the 'Tiananmen Square' by the Chinese - that's just the name of the place. Either 六四屠殺 (June 4 massacre) or 六四鎮壓 (June 4 crackdown) would be more likely. And yes, expect loads of downvoting on Lemmy if you're ever critical of China.
Never use a closed source keyboard app. It can read what you send for messages, websites you go to, search engine queries.
"Notice the lack of surprise."
God bless gdpr
This is news? I would have been extremely surprised if it wasnt. This is normal for China, the CCP is eavesdropping on everything
In fact it's hard to find open source Chinese input methods that work well enough, the only ones I know of are Trime and Fcitx5_for_android.
Naomi Wu has literally been talking about pwnd Chinese IMEs for years in her sidechannel critiques of Signal.
Same with Microsoft keyboard and almost every other keyboard app.
https://www.howtogeek.com/348699/how-to-see-what-data-windows-10-is-sending-to-microsoft/
Joke's on them I don't tap I swipe
It's to help improve the user experience right? ...right?
Tencent began investing on Reddit several years back.
Tencent owns sizeable pieces (and outright owns) of more companies than you can imagine.
They invest in basically any tech company that is open to investment and willing to accept Chinese investors. To the ccp the data of the west is worth any price.
Yes, I have seen their market cap.
Just gonna plug FlorisBoard here. A bit barebones for now but at least it respects your privacy.
I wish the development was active , i been using florisboard since years now
Typed with florisboard:
https://discuss.tchncs.de/post/1629183
In short word suggestions are hard to implement
Tbh i started using florisboard coz i found word suggestions on google board very scary , it felt like they been tapping each word typed by me ! Florisboard is nicely customizable , although auto correct would be a nice feature to have !
How does it compare to OpenBoard?
isn't it dead?
Apparently they've been caught up in working on predictions for a good while which has been harder than they expected, so that's slowed development and releases considerably. So not abandoned by the devs for what its worth.
Perhaps. The last update is from June 2022 and the last contribution is 3 months old
that's why i use my dick to type haha
FOSS keyboards for Android:
Neither of which supports Chinese, so that's useless for any actual users of Sogou.
I use https://github.com/osfans/trime to type Chinese.
That looks nice. I'll check it out if I have some time later; though my written Chinese is fairly limited. So far the Windows keyboard layout did just fine.
Oh, the one I linked to was actually https://rime.im/ ported to Android. If you want to use it on Windows, please use this link instead. By the way, the required setup on Android is quite a hassle compared to the Windows, macOS, or Linux version.
To repeat a comment I made a bit back, I'm a little disappointed even by the state of English-language Android FOSS onscreen keyboards.
Thanks for the unexpexted Keyboard link, didn't knowabout it.
surveillance fetish going strong
The article states the software users external endpoints, whether encrypted or not. The CCP already has the ability to obtain all of this information from those endpoints. The article identified poor software design choices that may expose user keyboard data to anybody on the network..
surprised pikachu face - who would’ve thought?
Imagine willingly installing a keylogger, lol
This is beyond creepy
What's the deal with Android "keyboards"? Why is it just an app that you can install? And why can it have more functionality/permissions from the OS beyond just being a local keyboard? As an iOS user this is very bizarre and foreign to me.
I feel like every time the topic of Android keyboards (again, why is this a thing?) comes up it's some kind of big spyware thing. Seems like most every app on Android and iOS is spyware anyway, of course.
Wow, who would've thought?
Is that really a surprise?
So use Fcitx 5 Android instead. It's a open source IME application without requesting any permission except Notification, especially without network permission.
https://github.com/fcitx5-android/fcitx5-android
Can you point to where it says that in the report? It actually says:
So it doesn't send "every key typed".
Until you realized what sequence of letters most commonly not have any suggestion. That's right, when you type your password.
Literally says in bold even:
AKA every keystroke
I assume they mean "if suitable suggestions are not available in the input method’s local database". Like you start typing a word, and when it doesn't find any match locally, it goes to the server. After that, any additional keystroke gets reported to the server "as they type".
Hmm...
I use AnySoftKeyboard instead of the default android keyboard or the Samsung keyboard just to preemptively avoid these kind of “issues” creeping up in the future.
Should I still be worried?
Is there a way to sandbox or scope the software keyboards to never see the network (wired ethernet, Wi-Fi, LTE, 5G or otherwise) on stock Android 13 ?
Other than:
and
Moreover, there is no "Network Permissions" setting option from what I can see even within Permission manager > Additional permissions.
If it's a app, including fucking tik tok you bunch of morons, that was developed by a Chinese company all of the data on your device is going back to the CCP. It's just that fucking simple people.
So when the Chinese do it it's scary, but when the Americans do it it's just "established practice"?
I'm willing to bet that Google keyboards do the same.
It doesn't.
Google doesn't but the US government does. I lost count of the number of countries the US has invaded in my lifetime.
Google isn't owned by a government
it doesn't matter: https://en.wikipedia.org/wiki/CLOUD_Act
Yes the US is fucked up. Why are you deflecting with a whataboutism?
Your original point was nonsense. Companies that are not owned by the government can still serve government interests.
your point that China = US is what is nonsense. This article is about a CHINESE company.
What do you expect from leftists?
Looks like very few people have actually read the article, and that the cancerous anti-China sentiment migrated from reddit to lemmy too.
The most popular Western OS (and probably the other commercial OSs too) sends every key typed back to base. Plus every website visited. Plus every document amended.
Not that it would surprise me in any way, but do you have a source for this claim?
What, you don't take whataboutist claims trying to deflect attention from CCP spyware at face value?
Nope (and neither do I abide the flip side of this, whattaboutist claims to deflect from US or European bullshit).
It's actually all my fault, everyone.
You know, network sniffers exist. You can verify if this is true yourself if you know how to use one. Kill all other network services and just start typing and see if it starts spewing packets.
The internet is not some black box where us regular users can't see what's going on.
Any sources for this? I know Windows and probably MacOS send analytics but every keystroke and every document amended seems unlikely to me, maybe I'm wrong though.
Analytics is a broad concept, but every document is indeed a bit much.
The timeline feature on Windows that shows your info across devices when your account is signed in, contains websites, apps and services. They say you can see it for 30 days, but I doubt they delete it after, even if they say they do. They probably at minimum process the meta-data.
I don't see why c/technology scream about privacy violations every other post, and then suddenly turn forgetful when geopolitics comes into play. I used to watch 'exposés about China' and anti-sjw stuff on youtube back in 2015 too - and then just as I stopped watching them, they became an 'official geopolitical enemy'. The last decade has been a ride.
Because all the sinophobe tech bros have migrated to Lemmy and don't actually understand the shit they're talking about. They think the tech THEY use is super cool and want to keep using it, and also think China is scary and an imminent threat to them sitting in their gamer chair surrounded by doritos.
Or maybe, just maybe, people have been packet sniffing Microsoft's shit for ages and haven't found them to be doing things quite as egregiously. Go ahead, you can look this shit up.
Most of the spying features in Windows are able to be explicitly disabled through options Microsoft publishes themselves. It's Group Policy, only available on Pro licenses, but anyone concerned about privacy should be on that anyway or spoofing their license using again, Microsoft published techniques (KMS). There's also often registry keys to toggle it as well, but they tend to not be as reliable and change over updates.
There are also tons of ways to strip out entire components of Windows from the install media before installation, and also after it has been installed. Can't collect telemetry "X" if the telemetry "X" service isn't there.
Lastly, host file allows blocking network traffic to specific endpoints, and the very few times Microsoft has bypassed that it has made news. You can just block Microsoft's entire IP block through host if you're really paranoid.
Beyond that, I've seen plenty of people concerned about the US's data collection. It's just not always spoken about as a US thing but more as a general tech thing, likely because internet discussion is still very US centric outside the great firewall and most big tech in the English speaking world comes from the US. So i think the US connection often just goes without saying.
I'll give you this: framing much of this as related to any nation state instead of just all tech's hoovering up of data is disingenuous.
Also, if your threat model truly needs to be concerned about any nation state actors specifically then you're probably already fucked.
Their source is their whataboutist rectum
If you have a geopolitics bias, state it and then state your objection. Because atm you're denying reality. And downvoteifgay.