Privacy

33156 readers

554 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

471

DeepSeek collects keystroke data and more, storing it in Chinese servers (mashable.com)

submitted 2 days ago by restingboredface@sh.itjust.works to c/privacy@lemmy.ml

349 comments fedilink hide all child comments

Is anyone actually surprised by this?

you are viewing a single comment's thread
view the rest of the comments

[–] ArchRecord@lemm.ee 42 points 1 day ago (1 children)

the company states that it may share user information to "comply with applicable law, legal process, or government requests.

Literally every company's privacy policy here in the US basically just says that too.

Not only does DeepSeek collect "text or audio input, prompt, uploaded files, feedback, chat history, or other content that [the user] provide[s] to our model and Services," but it also collects information from your device, including "device model, operating system, keystroke patterns or rhythms, IP address, and system language."

Breaking news, company with chatbot you send messages to uses and stores the messages you send, and also does what practically every other app does for demographic statistics gathering and optimizations.

Companies with AI models like Google, Meta, and OpenAI collect similar troves of information, but their privacy policies do not mention collecting keystrokes. There's also the added issue that DeepSeek sends your user data straight to Chinese servers.

They didn't use the word keystrokes, therefore they don't collect them? Of course they collect keystrokes, how else would you type anything into these apps?

In DeepSeek's privacy policy, there's no mention of the security of its servers. There's nothing about whether data is encrypted, either stored or in transmission, and zero information about safeguards to prevent unauthorized access.

This is the only thing that seems disturbing to me, compared to what we'd like to expect based on the context of what DeepSeek is. Of course, this was proven recently in practice to be terrible policy, so I assume they might shore up their defenses a bit.

All the articles that talk about this as if it's some big revelation just boil down to "company does exactly what every other big tech company does in America, except in China"

[–] tux@lemmy.world -1 points 1 day ago (1 children)

Collecting keystrokes is very different from collecting text inputted into fields. Keystroke rhythms is even more alarming as that is often used to identify users despite them using privacy settings, or used to collect what’s typed via audio collection.

Your argument that this is no different than other apps is complete crap. Don’t trust any app that collects that information

[–] Ferk@lemmy.ml 5 points 18 hours ago* (last edited 17 hours ago)

The argument stands, though.

Yes, not ALL other apps do that, but the comment was specifically talking about companies like Google and Meta... they definitely do collect incomplete strings from search forms (down to individual characters) when they display search suggestions, for example. They might not mention "keystrokes" in the legal text, but I don't see why they wouldn't be able to extrapolate your typing pattern since they do have the timing information which should be enough data to, at some level, profile it.