1827
The most popular Chinese keyboard app which is used by more than 450 million monthly users sends every key typed to Tencent in China. (citizenlab.ca)
submitted 2 years ago by Tazmanian@lemmy.world to c/technology@lemmy.world
295 comments fedilink hide all child comments

Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

top 50 comments
sorted by: hot top controversial new old
[-] godless@lemmy.world 341 points 2 years ago

I live in China and this software is cancerous not just in the encryption failure, it also nestles into a computer like a trojan. Creates 2 fallback installations and will reinstall itself after removal if you reboot in between, unless you get rid of all 3 installations at once, where they are deliberately trying to obfuscate the uninstall button (triple confirmation, swapping the confirm/cancel buttons and button background colors, etc.).

It's a nasty piece of crap that come preloaded on any phone (android, at least) and Windows-PC here.

[-] Ultra980@lemmy.world 80 points 2 years ago

It's time to switch to Linux!

[-] dojan@lemmy.world 114 points 2 years ago

I mean the CCP is aiming to have people use Kylin? If the government and the entire populace starts using Linux instead we'll just see the same BS on Linux instead. It's not an OS/platform issue, but an issue of bad actors.

load more comments (2 replies)
[-] ammonium@lemmy.world 46 points 2 years ago

Don't worry, there is also a Linux version.

load more comments (1 replies)
[-] godless@lemmy.world 22 points 2 years ago

Then they'll install the Linux version. People here are so indoctrinated, they like it.

[-] Anamana@feddit.de 30 points 2 years ago

Do people generally try to circumvent it? Are they too scared to uninstall it? Or do they just not care?

[-] godless@lemmy.world 59 points 2 years ago

Worse. They think it's useful.

[-] Anamana@feddit.de 23 points 2 years ago* (last edited 2 years ago)

Why? Useful for safety and security of the society?

Edit: Why downvotes? I'm trying to put myself in their shoes, it's not how I view it lol

load more comments (8 replies)
load more comments (2 replies)
[-] Elephant0991@lemmy.bleh.au 223 points 2 years ago

[-] money_loo@kbin.social 46 points 2 years ago

This is one of my favorite things about kbin over Reddit. So neat to see gifs in chat.

[-] Kalcifer@lemmy.world 75 points 2 years ago

They're viewable on Lemmy too!

load more comments (8 replies)
[-] tuoret@sopuli.xyz 31 points 2 years ago

Reddit added the same functionality some time ago, I'm a bit sad it's a thing here too but oh well. People seem to like it. My favourite thing about reddit was it being text-based though

load more comments (1 replies)
load more comments (7 replies)
load more comments (1 replies)
[-] Diabolo96@lemmy.dbzer0.com 137 points 2 years ago* (last edited 2 years ago)

The people here acting like their Gboard doesn't do the same is so funny.

Edit : never used nor installed tiktok.

[-] PaigePalisade 119 points 2 years ago

It probably doesn't though. Obviously it's closed source making it harder to tell what's actually happening, but there's nothing stopping security analysts from looking at network usage and such. I would imagine that Google doesn't install a keylogger on every Android phone, not out of the goodness of their hearts, but because they don't want the bad publicity and lawsuits when it would inevitably be discovered.

[-] vox@sopuli.xyz 46 points 2 years ago* (last edited 2 years ago)

they do collect usage stats by default though.
which include typed sentences passed through their ai model and words usage counts.
it can all be turned off and gboard seems to respect these options. it doesn't access online services unless requested with these options off.

load more comments (2 replies)
[-] GenderNeutralBro@lemmy.sdf.org 59 points 2 years ago

If you have any evidence that it does, it would be big news. Please share.

load more comments (5 replies)
load more comments (13 replies)
[-] Goodie@lemmy.world 107 points 2 years ago

It's stories like this that don't surprise me as much as make me ask: How the fuck do you store and process this much data to get anything useful out of it.

[-] toofpic@lemmy.world 62 points 2 years ago

You just save the first 50 digits typed after some email is typed, and you have all the passwords you need!

load more comments (4 replies)
[-] WarmSoda@lemm.ee 42 points 2 years ago

I could be wrong, and this is a generalization of any country you can name, but my impression is data is stored on everyone so when they decide someday to look you up they already have all the data collected. It's not really processed until needed.

load more comments (3 replies)
load more comments (5 replies)
[-] 99nights@lemmy.world 91 points 2 years ago

China being China, no surprise here.

load more comments (10 replies)
[-] punseye@lemmy.world 73 points 2 years ago

As if other keyboard apps are any different, I don't think Microsoft bought SwiftKey just for fun?!

load more comments (3 replies)
[-] ObamaBinLaden@lemmy.world 70 points 2 years ago

And gboard or SwiftKey don't?

[-] Steeve@lemmy.ca 43 points 2 years ago* (last edited 2 years ago)

Every single time something sketchy is happening in Chinese tech a Lemmy user will slide the conversation and accusations to American tech. It's a rule.

load more comments (4 replies)
load more comments (20 replies)
[-] kicksystem@lemmy.world 58 points 2 years ago

I don't get it? Why are they talking in the article about not using the right type of encryption. The problem isn't the encryption, but the fact that it is sending your keystrokes to the mothership, right?

[-] herrwoland@lemmy.world 48 points 2 years ago

In a surprise to absolutely nobody, China spies on their people.

load more comments (3 replies)
[-] thorbot@lemmy.world 43 points 2 years ago

Oh wow, who would have ever thought they'd do that? What a fucking surprise.

[-] CoolBeance@lemmy.world 42 points 2 years ago

I feel like there should be a Lemmy version of everything now

[-] TeddE@lemmy.world 26 points 2 years ago

I recommend free and open source software for everyone. Everything on this list is curated to feature the best alternatives to common proprietary software (according to Linux Cafe):

https://gitlab.com/linuxcafefederation/awesome-alternatives/-/blob/master/README.md

This list is good free, open source (FOSS) Android keyboards:

https://github.com/offa/android-foss#-keyboard

I think the best two are Simple Keyboard and AnySoftKeyboard. Simple Keyboard is pleasant to use, but is missing a several advanced features. ASK would be perfect if the swipe typing worked (it's currently listed as beta, and is mostly actuate, but unfortunately when it does make a mistake fixing it is almost painful).

Finally, try to get comfortable going to alternativeto.net when you get frustrated with software. Worst case scenario you get frustrated with different software for a bit and switch back. Of course it notes the price and license model for each alternative.

load more comments (1 replies)
load more comments (6 replies)
[-] loudWaterEnjoyer@lemmy.dbzer0.com 38 points 2 years ago

load more comments (1 replies)
[-] sugarfree@lemmy.world 38 points 2 years ago

These findings underscore the importance for software developers in China to use well-supported encryption implementations such as TLS instead of attempting to custom design their own.

lol.

load more comments (2 replies)
[-] s20@lemmy.ml 34 points 2 years ago* (last edited 2 years ago)

And the Platinum Award for Least Surprising News Headline goes to...

[-] reflex@kbin.social 32 points 2 years ago* (last edited 2 years ago)

Jeremy Clarkson:
"The Chinese are very good at this sort of thing."

[-] shashi154263@lemmy.world 28 points 2 years ago* (last edited 2 years ago)

It's not a bug, it's a feature.

[-] waterbogan@lemmy.world 28 points 2 years ago

This is news? I would have been extremely surprised if it wasnt. This is normal for China, the CCP is eavesdropping on everything

[-] critical@reddthat.com 25 points 2 years ago

Same with Microsoft keyboard and almost every other keyboard app.

[-] quadropiss@lemmy.world 23 points 2 years ago

God bless gdpr

load more comments
view more: next ›
this post was submitted on 10 Aug 2023
1827 points (100.0% liked)

Technology

63082 readers
3234 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world