And that's why you use local instances...
this post was submitted on 06 Feb 2025
280 points (97.6% liked)
Technology
61815 readers
3959 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
This is dumb.
Even if you encrypt network traffic, the receiving server still knows what you're doing. All it does is prevent third parties from snooping.
Usually.
Yep it also prevents anyone in the airport impersonating the WiFi and the bytedance server (which is trivial) and crafting payloads that run insecure code on your phone ( not that easy but there's heaps of CVEs like this in apps like Safari over the years, so there's at least 2x as many in an app like this)
Yes, so not only are they doing something shady, they're doing something shady and exposing your data to anyone wanting to snoop it. What's dumb about criticising the latter part?
The fact that anyone thinks they have any semblance of privacy when typing into an online AI chatbot is saddening.
Of course anything you type into a externally hosted AI is going to be harvested and sold.
But sure, in this case you are also potentially exposing your queries to your ISP or someone listening on your local network too.
Privacy is not the same as security
Regardless of the downstream server, you should expect the interim traffic to be encrypted in transit
Sure, it's not a bad thing and it should be standard practice, but to act like encrypted traffic guarantees privacy is silly.
The thing is that with the traffic unencrypted it opens the door to all sorts of attacks on that traffic.
It’s not just privacy.
If you can intercept and interpret you have the ability to replace as well.
This is the integrity of your data
Tell me where in this thread are anyone expecting privacy from any online LLM service, or anyone saying encrypted traffic guarantees privacy?
Maybe they want 3rd parties snooping?
If you are implying that a government wants your data, they can just buy it or request it from the company directly. They don't have to snoop to get it. Also SSL isn't going to stop them.
Absolutely "shocked" I tell you.
loudly places hand on side of face
🌕🌕🌕🌕🌕🌕🌕🌕
🌕🌕🌕🌕🌕🎩🌕🌕
🌕🌕🌕🌕🌘🌑🌒🌕
🌕🌕🌕🌘🌑🌑🌑🌓
🌕🌕🌖🌑👁️🌑👁️🌓
🌕🌕🌗🌑🌑🫦🌑🌔
🌕🌕🌘🌑🌑🌑🌒🌕
🌕🌕🌘🌑🌑🎀🌓🌕
🌕🌕🌘🌑🌑🌑🌔🌕
🌕🌕🌘🌔🍆🌑🌕🌕
🌕🌖🌓🌕🌗🌒🌕🌕
🌕🌗🌓🌕🌗🌓🌕🌕
🌕🌘🌔🌕🌗🌓🌕🌕
🌕👠🌕🌕🌕👠🌕🌕
How the fuck do I explain this boner, now?
Ah, the ol' Blahaj Pik-a-choo
The hell? There’s no reason to use plain HTTP instead of HTTPS.
And symmetric encryption is wildly irresponsible as well.
Well many of China's websites don't even use HTTPS. Look at china.org.cn, or en.people.cn for example
Not for s second do I believe this was a accidental oversight.
I am sure they had very good reasons, all alligned with their actual interests with no thought spared to even consider consequences for small fish users.
Yep I'm with you.
It's so easy to use https with secure encryption. It's the default. You have to go out of your way to use s symmetric key or to even allow http without SSL in xcode or Android studio.
i just can't think of any. like the article says, i fully expected the app to send data to china. but even if you are maliciously spying on users, why would you send the stolen data on unsecured channels? so that everyone in the path takes advantage of the data your wanted to steal?
Sounds plain sloppy lol
Badest AI, rookie opsec
Volcengine is a platform of cloud services released by Bytedance in 2021 to help enterprises with digital transformation. Bytedance connection to China is well established. Sensitive data or data effective for fingerprinting and tracking are in bold.
So they use a Chinese CDN or hosting? Shocking stuff. Hilarious that a company so bad at basic security beat OpenAI.
I sincerely doubt they're bad at it.
If leaking data is intentional then there are better ways than doing it in the open. Doubly so if you supposedly are in cahoots with your hosting and Chinese government.
"Open"ai is definitely sharing everything you tipe with your government. Only difference is that chinese care less about your illusions. That said we are not even a blip in the sea of data so it doesn't matter anyway.
Bdw your patriot act says that any data that goes over your border can be stored and used indefinitely. So me seing your comment means your nsa will store it and can use it, even though spying on your own people is against your constitution or something.
Yeah, I’m not an American and not here to argue one’s better than the other because if you care about your data you just don’t give them opportunity to see it. I’m having fun pointing out how silly this poo-slinging between US and China looks to bystanders, that’s all. It’s like denouncing DeepSeek is a modern day swearing fealty to the American lords.
its nice of them not to encrypt it at least. it can get harvested along the way!
Fucking duh
No shit?