this post was submitted on 06 Feb 2025
300 points (96.6% liked)

Technology

61820 readers
4174 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s
enu
technopagan
L4s
300
DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers (arstechnica.com)
submitted 14 hours ago by cm0002 to c/technology
38 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 48 points 13 hours ago (3 children)

This is dumb.

Even if you encrypt network traffic, the receiving server still knows what you're doing. All it does is prevent third parties from snooping.

Usually.

[–] trolololol 9 points 5 hours ago

Yep it also prevents anyone in the airport impersonating the WiFi and the bytedance server (which is trivial) and crafting payloads that run insecure code on your phone ( not that easy but there's heaps of CVEs like this in apps like Safari over the years, so there's at least 2x as many in an app like this)

[–] [email protected] 28 points 12 hours ago (1 children)

Yes, so not only are they doing something shady, they're doing something shady and exposing your data to anyone wanting to snoop it. What's dumb about criticising the latter part?

[–] [email protected] 21 points 11 hours ago (2 children)

The fact that anyone thinks they have any semblance of privacy when typing into an online AI chatbot is saddening.

Of course anything you type into a externally hosted AI is going to be harvested and sold.

But sure, in this case you are also potentially exposing your queries to your ISP or someone listening on your local network too.

[–] [email protected] 16 points 10 hours ago

Privacy is not the same as security

[–] breadsmasher 19 points 11 hours ago* (last edited 11 hours ago) (1 children)

Regardless of the downstream server, you should expect the interim traffic to be encrypted in transit

[–] [email protected] -2 points 11 hours ago (2 children)

Sure, it's not a bad thing and it should be standard practice, but to act like encrypted traffic guarantees privacy is silly.

[–] [email protected] 11 points 10 hours ago* (last edited 10 hours ago)

The thing is that with the traffic unencrypted it opens the door to all sorts of attacks on that traffic.

It’s not just privacy.

If you can intercept and interpret you have the ability to replace as well.

This is the integrity of your data

[–] [email protected] 6 points 11 hours ago

Tell me where in this thread are anyone expecting privacy from any online LLM service, or anyone saying encrypted traffic guarantees privacy?

[–] [email protected] 3 points 11 hours ago (1 children)

Maybe they want 3rd parties snooping?

[–] [email protected] 4 points 11 hours ago (1 children)

If you are implying that a government wants your data, they can just buy it or request it from the company directly. They don't have to snoop to get it. Also SSL isn't going to stop them.

[–] [email protected] 1 points 57 minutes ago

Oh, no. I don't mean USA government. I do mean some governments, but also any company between here an there.

Imagin that your company wants to sell user data. There are limits on what your company can sell due to contracts or laws, due to having a relationship with the customers.
Your company leases internet connections from another company, ISP or not, that can sell the data. Sending the data without SSL provides an okay, if not ideal, method to move that data.