DeepSeek collects keystroke data and more, storing it in Chinese servers
Ferk @ Ferk @lemmy.ml Posts 0Comments 290Joined 4 yr. ago
Ferk @ Ferk @lemmy.ml
Posts
0
Comments
290
Joined
4 yr. ago
But that's not what the terms on both Google/Meta and Deepseek say.
There's no term in their ToS saying Google/Meta restricts the data collection to forms, which means that if the ToS allowed them to collect them from forms (and as you admitted, we do know for a fact that they do), then it also allows them to collect it outside of forms. The reason I put the search suggestions as example is because it's one we CAN know (and thank you for agreeing on that), but that doesn't mean they don't do other captures at times we DON'T know... and also it's not the only place, Google owns several captcha mechanisms and capturing input patterns is common on those too (and captchas capture outside forms too!). Another obvious example is Google docs, another is Google translate... and again, those are only the obvious ones, we don't know if there are non-obvious ones.
In the other direction too, Deepseek terms don't say it does it outside of forms either. You are jumping into assumptions by saying it acts the same as a traditional keylogger and that the keystrokes are captured for "anything typed". For all we know the only place they might be capturing is when the user is in very specific steps of the login process, maybe for captcha purposes too, or specific forms for preloading results, etc. There's no reason you should trust they do it any less/more than Google/Meta does, the ToS in both have the same lack of information in that respect.
You can only make assumptions one way or the other, since the terms are not specific on what exactly they allow themselves to do, in the case of Google/Meta they're so sneaky that they avoid saying they do capture them (even though they do, as you yourself admitted), while in the case of Deepseek, even though they are a bit more specific by using the word "keystrokes", they also don't specify where/when/why (other than "to give you a seamless log-in experience and for security purposes" ..but that's also unclear wording).
Yes, it's possible. To be honest, I find it very sad that we have grown so dependent on ISP and big telecom companies to have a working network.
In theory, you could have an infrastructure in your neighborhood and be able to play Quake with your neighbors without making use of the phone line at all, completely free of monthly fees and with a very efficient and fast connection too! you'd just need cabling connecting the apartments/houses and some decent routers controlling/restricting access on each subnet. It's a pity that's not a standard thing when designing residences.
Though less efficient and more limited in range, you can technically do it with Wifi and mesh networking too... there are projects like B.A.T.M.A.N (https://www.open-mesh.org/), however, it's not very user-friendly to set up. I believe there have been some projects that attempted to launch embedded devices to act as mini routers for this, but the spread has not been wide enough to make it worth it, sadly.
I think the argument is that those alternatives already existed before. Twitter was not being prioritized, it was essentially mirroring the content already available in RSS, mastodon, etc. So effectively, there's now one less place where the news will be visible.
However, I do agree with the move, but only because Debian being a FOSS initiative should stay away from proprietary platforms and promote FOSS, even if it means effectively "shutting off" a portion of users who don't wanna leave the twitter bubble.
Were they using Twitter to provide exclusive updates not available anywhere else?
My impression from the post is that they are publishing the exact same updates in multiple locations, including mastodon at https://framapiaf.org/@debian ...so just because they were publishing in that one extra site to make it accessible to a particular subset of people does not mean all other people were being shut off from receiving updates.
However, I do agree with the move, but only because Debian being a FOSS initiative should stay away from proprietary platforms and promote FOSS.
I don't know enough detail about ATproto, but I wonder if it's technically possible to block access to posts without also blocking federation. From what I've heard the functionality is more modular than Activitypub (content indexing being a separate service from content hosting) so I wouldn't be surprised if it wasn't possible.
Thanks, I did not know. I think you are referring to this: https://www.freevacy.com/news/noyb/trumps-actions-to-dismantle-pclob-threatens-eu-us-data-transfers/6088
To be completely honest... as an European I would be happy if they actually did make it so that no EU-US data transfer were allowed... we need to stop depending on all these US-based services... but like you said, they probably don't have the balls to pull the plug. Which makes me wonder if that board was actually really any protection at all for privacy or it had always been an empty shell used as an excuse on both sides just to keep up appearances and maintain the plug on.
I honestly think this could be a win for us. Worst case scenario, nothing really changes but some masks fall off and at least some people would stop acting under false pretense (which could open the doors for change). So I'm actually glad he did that.
The last thin veil of privacy for Eurpeans has been ripped to shreds by Trump last week.
What did he do? I know Trump does not like the GDPR, but did he sign something affecting it last week?
The argument stands, though.
Yes, not ALL other apps do that, but the comment was specifically talking about companies like Google and Meta... they definitely do collect incomplete strings from search forms (down to individual characters) when they display search suggestions, for example. They might not mention "keystrokes" in the legal text, but I don't see why they wouldn't be able to extrapolate your typing pattern since they do have the timing information which should be enough data to, at some level, profile it.
It’s worth noting that presently mozilla earns $0 from my not using google, and not seeing sponsored tabs.
I thought Google pays (or paid?) Mozilla just to be the default engine out the box, regardless of whether you change it or not.
Another point is that it's so easy to turn those things off (the sponsored shortcuts too) that I wonder if it would be worth the cost of launching an alternate version behind a paywall while making sure it works only for people who pay (which could be seen as DRM anyway, with potentially massive backslash). So I imagine the end result would not be that profitable (whether they decide to paywall it properly or not). Those who wanna donate and have no ads can do that already, those who want a cleaned up version of Firefox can have that and from neutral and independent third parties which I'd argue is better than if it were Mozilla who did it (and you can donate to Mozilla while using those too).. so I'm not sure it would make sense.
But it would make sense to have a donation pool specifically to fund Firefox development. That would be something interesting, considering Mozilla does other things besides Firefox. But I expect they don't do that because they probably fear all donations will move there and they don't want to lose funds for other things. We might need to create a separate organization if we want an independent fund for Firefox-based browsers.
I had a look at wikipedia, and it seems that there are conflicting studies about this:
This view was largely unchallenged until the late 1980s. Since that time, several studies have shown that transitioning from walking to running actually resulted in an increase in energy expenditure, while other studies have supported an energetic benefit from the transition. In the time since the energetics optimization view was first challenged, a number of mechanical, kinetic, and kinematic factors have been explored to explain the transition. Weak to moderately strong correlations have been found between several variables and the PTS, but work from a variety of researchers in the 1990s and 2000s agrees that ultimately it is fatigue and discomfort (or imminent fatigue/discomfort) in the tibialis anterior and other dorsiflexor muscles of the ankle that is the primary stimulus for the transition from walking to running in humans
I think there are situations that fsync does not cover very efficiently, to the point that it can cause timing issues that lead to some bugs / incompatibilities. The timing issues might be rare, but that doesn't mean the overall efficiency is the same. It would be interesting to see benchmarks of fsync vs ntsync.
When you walk faster and faster and faster, there is a point in which you automatically start running.
Really? for me, this does not happen. If I actually want to walk faster and faster I begin walking super funny (the steps become wider and wider while still maintaining a foot always on the ground) and it becomes harder and harder to increase speed beyond a certain point when my muscles cannot move any faster. If I want to switch to running I need to consciously switch to running, it only takes me a split second to decide to switch, but it does not happen "automatically".
When I want to reach a certain speed, I make a very quick decision on what's the most comfortable (or sometimes, socially acceptable) way (run or walk?) and based on my internalized experience I do that.. but it's not on the level of a reflex like removing your hand from fire, but rather closer to reaching to get a glass of water with your hand and tracing a comfortable path with your arm. I expect the better you know your body the closer you'll be at making the right call, just the same as there's people that sit with good posture and people that sit with bad posture, I find it strange that it would be an "automatic" thing. I'd also guess that a person that's more used to marching would be more comfortable walking at faster speeds, whereas people that are not used to marching will switch to running much earlier because they aren't used to walking fast. And vice-versa, someone who's not used to running might take longer to switch.. this might also depend on the state of their joints, if the person is overweight, etc.
Here’s a way to look at it: if you try to walk a long distance at a very high speed, you’ll get exhausted, but if you run the same distance at that same speed, you’ll be less tired.
I feel I'm missing something because this seems contradictory with the previous statement. If you are at a high speed but you don't "automatically start running" and can walk, then that would mean you are below the switching threshold. And you said that under that threshold walking is more efficient, so shouldn't it make you less tired to walk?
I feel the kind of "exhaustion" I get from walking is fundamentally different than the "exhaustion" from running.. walking too fast for too long can make my muscles hurt but it does not make me lose my breath the way running (even at low speeds) does.
It'll probably release on March, since there's a release every 2 months and 6.13 was on Jan 20th.
They will release the first RC at the end of this week, so maybe someone will make an AUR package already (but no idea if current Wine can already take advantage of it, though).
Most methods for syncing a file also let you sync a whole directory of files (for example syncthing).
So if your main issue is keeping them on sync across devices, keep different kdbx files in the same directory and sync that.
However, I've found that switching between databases is not very convenient with most keepass clients. So I tend to only keep separate files when the context is really different and I won't need to be switching back and forth (eg. personal vs work).
This specific comment thread is focused on that because that was the topic started by the choice of words of the first comment.
The conversation would not have continued in that direction if instead of doubling down there simply were an admission that what really was meant to say is not that Proton betrayed some hypothetical anti-Trump principles they had, but that they have proven now being sympathetic towards Trump and this made people feel unsafe (and some branches of the thread implied that conclusion).
What's being argued is that this is not surprising. This is as silly as thinking that Zuckerberg is a betrayer because of the recent changes in moderation policy, as if Facebook was ever on the side of any particular political ideology other than their own interests.
What makes you think tuta is against all and every policy coming from the far-right including the ones that align with their stated goal of digital privacy? If (hypothetically) tuta had some level of relationship with a left-wing party (pick your favorite) and made a post about how they are happy about certain changes that party is pushing that are beneficial to privacy, would that be a betrayal of their own principles? I would say it's not, regardless how many alt-right customers might "feel betrayed" if they had some parasocial alt-right image of tuta.
I think the "he" there was @anonymous@lemm.ee, not the CEO of Proton.
The comment from anonymous implied that there was no real betrayal. Just because someone fights for digital privacy does not mean he's on the same side for other topics. Feeling betrayed and actually being betrayed are not the same thing.
But those are small fries, not “the provider of games”
They have less to loose, then. That's just as dangerous, if not more.
I'm a small fry too, would you run a binary I send you without any form of sandboxing?
we don’t run games as root
No, we typically run them with the same user that stores all our useful private data and that we typically type our passwords with.
Also, why are you OK with that level of sandboxing? don't you want more "control"? You say containers are bad, but using user roles to protect parts of the system is ok? why are you not running all as root if you want "control"?
we are speaking about Wine, so what they see is limited to WINEPREFIX
Not really, by default you have access to other drives (Z:\ being /, the fs root), wine is not a perfect sandbox, it's not designed for that.. and if you actually did want it to become one (which ultimately would also lead to a need for memory separation to fight memory-leak attacks) then it would not be that different from what's being pursued. You'd be essentially building the container in a custom version of wine shipped by Valve on Steam, it does not make any difference in terms of "control".
Currently, in order for Android app to appear in the official Store, developer has to allow Google to repackage their app and sign it with Google key. So while we can inspect what is there in the code of the app in git, we don’t really know what lands on our phones if installed via Google Play
You can still open an APK and decompile it.. it being signed with a specific key is no different than the digital signatures some attach to their emails, it's a way to prove authenticity, not a way to encrypt the message.. you can open the email without having to even care about the signature.
We have no control over what they put in those containers
Most games on Steam are proprietary software you don't control to begin with. It seems reasonable to keep them encapsulated in containers (+1 if you run Steam on flatpak or so) rather than granting them the capacity to run amok in the entire system, which we would have even less control over.
It seems contradictory to want to remove barriers that are preventing the software from taking more control, and at the same time complaining about how they are having too much control.
This is the full paragraph:
It looks to me that they are using it to identify the user uniquely, maybe also related to captcha to prevent bots (it's common practice to capture mouse and keyboard while resolving captchas to see if the movement is human-like).