this post was submitted on 06 Feb 2025
428 points (100.0% liked)

Technology

67669 readers
5231 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
428
DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers (arstechnica.com)
submitted 1 month ago by cm0002@lemmy.world to c/technology@lemmy.world
53 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] pennomi@lemmy.world 81 points 1 month ago (3 children)

The hell? There’s no reason to use plain HTTP instead of HTTPS.

And symmetric encryption is wildly irresponsible as well.

[–] webghost0101@sopuli.xyz 45 points 1 month ago (2 children)

Not for s second do I believe this was a accidental oversight.

I am sure they had very good reasons, all alligned with their actual interests with no thought spared to even consider consequences for small fish users.

[–] kinsnik@lemmy.world 27 points 1 month ago (2 children)

i just can't think of any. like the article says, i fully expected the app to send data to china. but even if you are maliciously spying on users, why would you send the stolen data on unsecured channels? so that everyone in the path takes advantage of the data your wanted to steal?

[–] sunzu2@thebrainbin.org 7 points 1 month ago

Sounds plain sloppy lol

Badest AI, rookie opsec

[–] fmstrat@lemmy.nowsci.com 1 points 1 month ago

If forced to relocate servers to a US partner,it leaves an attack vector.

[–] trolololol@lemmy.world 5 points 1 month ago

Yep I'm with you.

It's so easy to use https with secure encryption. It's the default. You have to go out of your way to use s symmetric key or to even allow http without SSL in xcode or Android studio.

[–] dragonlobster@programming.dev 13 points 1 month ago

Well many of China's websites don't even use HTTPS. Look at china.org.cn, or en.people.cn for example

[–] cadekat@pawb.social 3 points 1 month ago (1 children)

Depends on how much traffic you're talking about. Encrypting/decrypting isn't free.

[–] pennomi@lemmy.world 28 points 1 month ago (1 children)

It’s trivial compared to the compute they dedicate to AI models. Like, not even a rounding error.

[–] cadekat@pawb.social 3 points 1 month ago (1 children)

A penny saved is still a penny saved. I'm not saying it would amount to much, but it is non-zero.

[–] 0xD@infosec.pub 3 points 1 month ago

These are completely different systems. It doesn't make a difference.