Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
It’s stories like this that don’t surprise me as much as make me ask: How the fuck do you store and process this much data to get anything useful out of it.
You just save the first 50 digits typed after some email is typed, and you have all the passwords you need!
This only applies if a username is a email
And if it is then what happens when people actually email someone? Autocorrect during login?
They weren’t describing a use case for every single type of situation.
I don’t think they’re saying that method would yield 100% clean data but it would give you all the “necessary” data with the absolute bare minimum storage requirement. At some point people will log into their email and for most people if you have their email password you have the password they use for everything
Yep, I only reacted to a “new requirement”: save space :)
And how can autosuggest / autocorrect be so bad with so much training data
Did you ever see how an average person types? It’s not the amount of data that is the problem. We have too much dumb data!
The real answer is compute power. At the moment it’s very expensive to run the computations necessary for big LLMs, I’ve heard some companies are even developing specialized chips to run them more efficiently. On the other hand, you probably don’t want your phone’s keyboard app burning out the tiny CPU in it and draining your battery. It’s not worth throwing anything other than a simple model at the problem.
deleted by creator
I could be wrong, and this is a generalization of any country you can name, but my impression is data is stored on everyone so when they decide someday to look you up they already have all the data collected. It’s not really processed until needed.
And in hopes of it being useful later, when processing power is better.
Hey GovGPT8, please rank the 10 citizens most likely to organize protests if we institute curfews.
Exaaaactly
deleted by creator
you just look for users that have power in their governments. Getting a senators username/password would be invaluable to china
surveillance fetish going strong
The article states the software users external endpoints, whether encrypted or not. The CCP already has the ability to obtain all of this information from those endpoints. The article identified poor software design choices that may expose user keyboard data to anybody on the network…
This is news? I would have been extremely surprised if it wasnt. This is normal for China, the CCP is eavesdropping on everything
deleted by creator
Looks like very few people have actually read the article, and that the cancerous anti-China sentiment migrated from reddit to lemmy too.
These findings underscore the importance for software developers in China to use well-supported encryption implementations such as TLS instead of attempting to custom design their own.
lol.
The writer out here acting like this wasn’t an intended feature lol
And this is the only point of the article. Idk what all these other comments are on about, but this article is outlining lack of standardized protocols that made the software vulnerable to network eavesdropping.
This doesn’t point to a big CCP conspiracy, it’s just bad design.
China being China, no surprise here.
Wait till you hear about US
US, you mean, your own instance/community?
Changed “US” to the pronoun “us”
US as in USA as in United States of America, I believe
removed by mod
removed by mod
what’s your purpose?
I mean in life…
Wait til you hear about whataboutism lawl
The Xzibit begins to compound itself. Soon there is so much whataboutism compressed into other instances of whataboutism that the singularity has formed. Faintly, all you can make out above the constantly repeating “Yo dawg, we heard…” is the whoosh of the empty air spinning around inside OP’s head. And suddenly, with a cacophonous roar there is nothing but silence. And then, triumphantly, a yellow sickle and hammer emblazon themselves against a red background as the Soviet National anthem plays. OP is at peace.
removed by mod
removed by mod
Hmm…
I use AnySoftKeyboard instead of the default android keyboard or the Samsung keyboard just to preemptively avoid these kind of “issues” creeping up in the future.
Should I still be worried?
Is there a way to sandbox or scope the software keyboards to never see the network (wired ethernet, Wi-Fi, LTE, 5G or otherwise) on stock Android 13 ?
Other than:
Settings > Connections > Data Usage >
Allowed networks for apps > {app} > Wi-Fi only (and not use Wi-Fi) or Mobile data only (and not use Mobile data)
and
Mobile data usage > {app} > Allow background data usage > Disabled
Moreover, there is no “Network Permissions” setting option from what I can see even within Permission manager > Additional permissions.
Oh wow, who would have ever thought they’d do that? What a fucking surprise.
I don’t get it? Why are they talking in the article about not using the right type of encryption. The problem isn’t the encryption, but the fact that it is sending your keystrokes to the mothership, right?
Just gonna plug FlorisBoard here. A bit barebones for now but at least it respects your privacy.
isn’t it dead?
Apparently they’ve been caught up in working on predictions for a good while which has been harder than they expected, so that’s slowed development and releases considerably. So not abandoned by the devs for what its worth.
Perhaps. The last update is from June 2022 and the last contribution is 3 months old
How does it compare to OpenBoard?
I wish the development was active , i been using florisboard since years now
Typed with florisboard:
https://discuss.tchncs.de/post/1629183In short word suggestions are hard to implement
Tbh i started using florisboard coz i found word suggestions on google board very scary , it felt like they been tapping each word typed by me ! Florisboard is nicely customizable , although auto correct would be a nice feature to have !
If it’s a app, including fucking tik tok you bunch of morons, that was developed by a Chinese company all of the data on your device is going back to the CCP. It’s just that fucking simple people.
Tencent began investing on Reddit several years back.
Tencent owns sizeable pieces (and outright owns) of more companies than you can imagine.
Yes, I have seen their market cap.
They invest in basically any tech company that is open to investment and willing to accept Chinese investors. To the ccp the data of the west is worth any price.
deleted by creator
Jeremy Clarkson:
“The Chinese are very good at this sort of thing.”So when the Chinese do it it’s scary, but when the Americans do it it’s just “established practice”?
