The most popular Chinese keyboard app which is used by more than 450 million monthly users sends every key typed to Tencent in China.

Tazmanian@lemmy.world to Technology@lemmy.world – 2005 points –
citizenlab.ca

Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

419

You are viewing a single comment

The most popular Western OS (and probably the other commercial OSs too) sends every key typed back to base. Plus every website visited. Plus every document amended.

Not that it would surprise me in any way, but do you have a source for this claim?

What, you don't take whataboutist claims trying to deflect attention from CCP spyware at face value?

Nope (and neither do I abide the flip side of this, whattaboutist claims to deflect from US or European bullshit).

You know, network sniffers exist. You can verify if this is true yourself if you know how to use one. Kill all other network services and just start typing and see if it starts spewing packets.

The internet is not some black box where us regular users can't see what's going on.

Any sources for this? I know Windows and probably MacOS send analytics but every keystroke and every document amended seems unlikely to me, maybe I'm wrong though.

Analytics is a broad concept, but every document is indeed a bit much.

The timeline feature on Windows that shows your info across devices when your account is signed in, contains websites, apps and services. They say you can see it for 30 days, but I doubt they delete it after, even if they say they do. They probably at minimum process the meta-data.

I don't see why c/technology scream about privacy violations every other post, and then suddenly turn forgetful when geopolitics comes into play. I used to watch 'exposés about China' and anti-sjw stuff on youtube back in 2015 too - and then just as I stopped watching them, they became an 'official geopolitical enemy'. The last decade has been a ride.

Because all the sinophobe tech bros have migrated to Lemmy and don't actually understand the shit they're talking about. They think the tech THEY use is super cool and want to keep using it, and also think China is scary and an imminent threat to them sitting in their gamer chair surrounded by doritos.

Or maybe, just maybe, people have been packet sniffing Microsoft's shit for ages and haven't found them to be doing things quite as egregiously. Go ahead, you can look this shit up.


Most of the spying features in Windows are able to be explicitly disabled through options Microsoft publishes themselves. It's Group Policy, only available on Pro licenses, but anyone concerned about privacy should be on that anyway or spoofing their license using again, Microsoft published techniques (KMS). There's also often registry keys to toggle it as well, but they tend to not be as reliable and change over updates.

There are also tons of ways to strip out entire components of Windows from the install media before installation, and also after it has been installed. Can't collect telemetry "X" if the telemetry "X" service isn't there.

Lastly, host file allows blocking network traffic to specific endpoints, and the very few times Microsoft has bypassed that it has made news. You can just block Microsoft's entire IP block through host if you're really paranoid.


Beyond that, I've seen plenty of people concerned about the US's data collection. It's just not always spoken about as a US thing but more as a general tech thing, likely because internet discussion is still very US centric outside the great firewall and most big tech in the English speaking world comes from the US. So i think the US connection often just goes without saying.


I'll give you this: framing much of this as related to any nation state instead of just all tech's hoovering up of data is disingenuous.

Also, if your threat model truly needs to be concerned about any nation state actors specifically then you're probably already fucked.

3 more...