Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
I live in China and this software is cancerous not just in the encryption failure, it also nestles into a computer like a trojan. Creates 2 fallback installations and will reinstall itself after removal if you reboot in between, unless you get rid of all 3 installations at once, where they are deliberately trying to obfuscate the uninstall button (triple confirmation, swapping the confirm/cancel buttons and button background colors, etc.).
It’s a nasty piece of crap that come preloaded on any phone (android, at least) and Windows-PC here.
It’s time to switch to Linux!
I mean the CCP is aiming to have people use Kylin? If the government and the entire populace starts using Linux instead we’ll just see the same BS on Linux instead. It’s not an OS/platform issue, but an issue of bad actors.
On the plus side maybe then it’ll finally be the year of the Linux desktop.
monkeys paw curls
deleted by creator
Don’t worry, there is also a Linux version.
Oof
Then they’ll install the Linux version. People here are so indoctrinated, they like it.
Do people generally try to circumvent it? Are they too scared to uninstall it? Or do they just not care?
Worse. They think it’s useful.
Why? Useful for safety and security of the society?
Edit: Why downvotes? I’m trying to put myself in their shoes, it’s not how I view it lol
Comes with a built in translator and spell checker, and since access to Google translate is blocked, that’s often the only alternative.
Ah ok makes sense
Lol “I love this tool that they made, because they blocked me from Google translate.”
Nah. They don’t know Google translate. Or Google, for that matter. They know what they are supposed to know.
Of course some people know better, and those are the ones who will eventually get around the block - finding and installing a VPN is not rocket science, not even here. But if you keep 98% of the population contained, the rest won’t reach critical mass.
Why do people use Facebook and Instagram? Because they think it’s cool and fun to share with friends, regardless what data FB is gathering on them.
I thought we are talking about a keyboard app?
Yeah, wtf is that equivalency?
“Why do people smoke”
“Well some people like to eat at restaurants or watch movies with their friends so”
Haha, exactly my thought
It was a “what about” analogy. It compares a app that steals data without the users consent and the other one is the keyboard app. Both seem to be wanted by consumers despite the steeling parts.
Yeah but a social media platform has completely different qualities. Therefore the reasons for people how and why they use them will be completely different. Also the keyboard app is forced on the phones by the state while the use of social media platforms is optional. Just too many different factors at play here imo.
Some weird downvotes, and I want to know too. Why does a keyboard app mean anything to anyone? The keyboards included on iOS and latest Android versions are great.
Don’t know about this keyboard or Chinese, but a language specific feature might be one of the reason.
I use SwiftKey and I love how it supports multilingual autocorrect and prediction for Indonesian and English without needing to switch between keyboard language.
iOS built in keyboard supports multilingual typing for some languages, but not Indonesian.
I assume people love it also because some specific feature that doesn’t exist in the stock keyboard.
My guess is that it might either be more accurate in predictions or some additional convenience factors that makes typing this logographic language much easier and faster lol.
Or people are also simply used to it since it’s everywhere.
Be careful jumping the firewall.
Sure. Foreigners aren’t really sanctioned though, that’s more of a risk for the locals. But even then usually only if they want to get someone disappeared and don’t have anything substantial against them.
Alright China shills, you can stop changing the subject to how Google and the US are the “same”.
The troops advanced into central parts of Beijing on the city’s major thoroughfares in the early morning hours of 4 June and engaged in bloody clashes with demonstrators attempting to block them, in which many people – demonstrators, bystanders, and soldiers – were killed. Estimates of the death toll vary from several hundred to several thousand, with thousands more wounded.[15][16][17][18][19][20]
https://en.m.wikipedia.org/wiki/1989_Tiananmen_Square_protests_and_massacre
If you lived in China you’d likely not know about this, since people who talk about it go to prison.
Yeah the US is exactly like this so let’s not talk about the Chinese government being awful to their citizens /s
Simple solution is to block lemmygrad and hexbear in your app. That cuts down quite a few tankies and mainlaind Taiwan shills.
No one is saying Google massacred protestors, but if you’re gonna be against keyboard apps spying on you it should be irrelevant who they’re spying for. Criticizing shitty things American companies do doesn’t make you a China shill and calling everyone who does it a China shill is intellectually dishonest.
I mean, ill always say that China is worse than the US. But you can find plenty of examples of the US doing awful things to its people too.
Like the MOVE bombing https://en.wikipedia.org/wiki/1985_MOVE_bombing
or The Tusla Massacre that involved law enforcement bombing black neighbourhoods https://en.wikipedia.org/wiki/Tulsa_race_massacre
Or any of the countless of times cops perpetrated mass violence against black people during the civil war era and cracked down harshly on protests.
Or when the did the same to anti-war protestors during the vietnam war.
Or the numerous times they experimented on their own citezens such as MK ultra, The Tuskegee Syphilis Experiment, or any of the dozens upon dozens of radiation experimentation, like when almost 1000 pregnant mothers were injected with radioactive iron, causing many miscarriages and cancers(and thats not the only time they injected pregnant mothers with radioctive material to see if it fucked up the baby), or when inserting radium rods up the nostrils of school children and then observing how their health declined, or when they dosed hundreds of inuit with radioactive iodine to see its affects on the thyroid.
Like I dont think this makes China’s atrocities any more excusable, but the reverse is true to. The US really isnt much better than China.
Removed by mod
Sir this is a Wendy’s
Or more specifically, a thread about a phone keyboard.
But it is true that Google and Microsoft phone home with your key strokes. That’s how they develop their predictive typing and autocorrect.
Removed by mod
That’s false equivalence.
China killing protesters and silencing dissidents does not make it OK for Google or anyone else to spy on you.
This is one of my favorite things about kbin over Reddit. So neat to see gifs in chat.
They’re viewable on Lemmy too!
deleted by creator
Not voyager yet
It just appears as a static image on Infinity. I had to tap on it to go fullscreen and start playing it. Though the app is still in beta, that might change.
It works on Sync
Thunder as well.
Dumb question, but how do you view the kbin page? I’m using Sync
I was talking about gifs
And my axe!
If you think that’s a kbin thing, you’ve not used reddit in years, you haven’t looked at anything lemmy, etc.
You could have gifs on Reddit too
Through New Reddit, which was objectively awful.
It’s viewable in Memmy for lemmy as well, also been on Reddit for years just not used much due to the culture there dog piling it all the time.
How are you seeing gifs in kbin? All I’m seeing is a url link to the gif and have to click the media icon button next to the URL For it to load… is there a setting I need to enable to load pictures/gifs automatically?
I wish there was a setting to get rid of them in the app I use, hate inline images and gifs
Didn’t swiftpad or whatever its called send every key pressed to Microsoft?
Not a China shill. China is horrible. Microsoft less so as they don’t commit genocide in slow motion. But still, I think this sort of thing is more common than we think.
Use FOSS.
It’s stories like this that don’t surprise me as much as make me ask: How the fuck do you store and process this much data to get anything useful out of it.
You just save the first 50 digits typed after some email is typed, and you have all the passwords you need!
This only applies if a username is a email
And if it is then what happens when people actually email someone? Autocorrect during login?
I don’t think they’re saying that method would yield 100% clean data but it would give you all the “necessary” data with the absolute bare minimum storage requirement. At some point people will log into their email and for most people if you have their email password you have the password they use for everything
Yep, I only reacted to a “new requirement”: save space :)
They weren’t describing a use case for every single type of situation.
I could be wrong, and this is a generalization of any country you can name, but my impression is data is stored on everyone so when they decide someday to look you up they already have all the data collected. It’s not really processed until needed.
And in hopes of it being useful later, when processing power is better.
Hey GovGPT8, please rank the 10 citizens most likely to organize protests if we institute curfews.
Exaaaactly
deleted by creator
And how can autosuggest / autocorrect be so bad with so much training data
Did you ever see how an average person types? It’s not the amount of data that is the problem. We have too much dumb data!
The real answer is compute power. At the moment it’s very expensive to run the computations necessary for big LLMs, I’ve heard some companies are even developing specialized chips to run them more efficiently. On the other hand, you probably don’t want your phone’s keyboard app burning out the tiny CPU in it and draining your battery. It’s not worth throwing anything other than a simple model at the problem.
you just look for users that have power in their governments. Getting a senators username/password would be invaluable to china
deleted by creator
China being China, no surprise here.
Removed by mod
Removed by mod
Removed by mod
Removed by mod
Removed by mod
Wait til you hear about whataboutism lawl
what’s your purpose?
I mean in life…
The Xzibit begins to compound itself. Soon there is so much whataboutism compressed into other instances of whataboutism that the singularity has formed. Faintly, all you can make out above the constantly repeating “Yo dawg, we heard…” is the whoosh of the empty air spinning around inside OP’s head. And suddenly, with a cacophonous roar there is nothing but silence. And then, triumphantly, a yellow sickle and hammer emblazon themselves against a red background as the Soviet National anthem plays. OP is at peace.
US, you mean, your own instance/community?
Changed “US” to the pronoun “us”
US as in USA as in United States of America, I believe
Oh wow, who would have ever thought they’d do that? What a fucking surprise.
As if other keyboard apps are any different, I don’t think Microsoft bought SwiftKey just for fun?!
Really? Isn’t this kind of thing scandalous enough to tank companies?
It’s in their EULA read their terms of services
deleted by creator
What a shocker!
I don’t get it? Why are they talking in the article about not using the right type of encryption. The problem isn’t the encryption, but the fact that it is sending your keystrokes to the mothership, right?
I feel like there should be a Lemmy version of everything now
I recommend free and open source software for everyone. Everything on this list is curated to feature the best alternatives to common proprietary software (according to Linux Cafe):
https://gitlab.com/linuxcafefederation/awesome-alternatives/-/blob/master/README.md
This list is good free, open source (FOSS) Android keyboards:
https://github.com/offa/android-foss#-keyboard
I think the best two are Simple Keyboard and AnySoftKeyboard. Simple Keyboard is pleasant to use, but is missing a several advanced features. ASK would be perfect if the swipe typing worked (it’s currently listed as beta, and is mostly actuate, but unfortunately when it does make a mistake fixing it is almost painful).
Finally, try to get comfortable going to alternativeto.net when you get frustrated with software. Worst case scenario you get frustrated with different software for a bit and switch back. Of course it notes the price and license model for each alternative.
ASK would be perfect if the swipe typing worked (it’s currently listed as beta, and is mostly actuate, but unfortunately when it does make a mistake fixing it is almost painful).
It crashes for me so often that I finally gave up using it.
Also there was a weird bug of where if you were working on a long document, towards the bottom of the document all of a sudden it will drag you all the way up to the top of the document, so then you had to scroll all the way back to where you were before, at the bottom of the document.
I use Florisboard
Even lemmy has privacy problems if you don’t know.
Explain please :)
https://www.reddit.com/r/privacy/comments/144clka/warning_lemmy_federated_reddit_clone_doesnt_care/ Though it says misleading title, there is some truth to that (read the article)
That seems less of an article and more of a hit job. I’d be more comfortable believing what was said in that blog if it was substantiated by other more well-known media sources.
Also it seems like it would go against the EU laws for deleting account data, which they would have to implement.
Lets see, I hope they do.
In a surprise to absolutely nobody, China spies on their people.
And everyone’s people
TIL this only happens in China
As opposed to which country?
It’s not a bug, it’s a feature.
These findings underscore the importance for software developers in China to use well-supported encryption implementations such as TLS instead of attempting to custom design their own.
lol.
The writer out here acting like this wasn’t an intended feature lol
And this is the only point of the article. Idk what all these other comments are on about, but this article is outlining lack of standardized protocols that made the software vulnerable to network eavesdropping.
This doesn’t point to a big CCP conspiracy, it’s just bad design.
And gboard or SwiftKey don’t?
Every single time something sketchy is happening in Chinese tech a Lemmy user will slide the conversation and accusations to American tech. It’s a rule.
Is not about American/Chinese government, is about privacy. ANY company or government storing your data can be extremely problematic in the future.
Yeah the Sogou Keyboard send data to Tencent, the same thing happens or could happens with others proprietary keyboards in the future. How about trying a FOSS one?
It’s absolutely about the American/Chinese government, I don’t see comments forum sliding into Chinese tech on every post about Google.
But no, swift and gboard don’t send your data to the American government.
There’s also a dangerous misconception around here that FOSS == privacy safe. It doesn’t.
There is also a differece between invading your privacy and compromising your security. Both are bad, but one is much worse at least in my view. Keylogging and then sending those keystrokes back to base with a dodgey custom rolled encryption framework is not just a breach of privacy.
On all social media, that seems to happen and it makes me sick.
People not knowing how scary the Chinese government is speaks volumes about the future of other countries. We had all the opportunity to see it happen and avoid it and these morons dismiss the truth and whatabout every damned thing
Well, we have actual evidence here of dodgy shit happening, but what about this other thing I assume is also happening based on absolutely nothing? See, both just as bad!
Gboard doesn’t at least. It does send some stuff but not keystrokes
It sends whole words instead!
Any data you submit to Google is stored and analysed. That’s different from sending keystrokes as they happen though.
I’m all for criticising invasive data use and collection which Google is definitely guilty of. It’s not the same as keylogging though which is not just a privacy concern but a pretty serious security one as well. Also we have actual evidence here of Tencent doing this which makes a difference to me at least.
I’m not sure if that’s true. You know, it’s Google. Every keystroke in your gmail email is analysed, so can’t imagine gboard is any different to them.
We can’t know for sure if they’re not open source
While GBoard is closed source, they have documented that they use federated learning. Meaning their model is generated on-device and only the inferences are sent to Google.
That being said, I use OpenBoard.
Plus it also has the feature where you can drag on the space bar to move the letterhead!
I prefer OpenBoard, it doesn’t send keystrokes to any server
The fork even has support for swipe, autocorrect, word prediction, clipboard management, etc, and is way more lightweight than Gboard and the rest. Zero reason to use anything else at the moment.
What’s the fork? I’ve been using Florisboard beta (ehich is also opensource) and pretty happy with it. The only things I miss is swipe for dictionary words
https://github.com/Helium314/openboard
Important to note that you need to install a library from inside the app’s settings to enable swipe typing. Ctrl+F “enable gesture typing” on the Github page to see where to get it.I loaded the library but couldn’t see a toggle to turn it on.
Uhhh it’s pretty blatant.
OpenBoard Settings > Gesture Typing > Enable Gesture Typing
Not if you block internet connection at system level. I think it can be done if GBoard in installed as an user app, not as a system one.
Might as well just use Open Board.
Of course. My “problem” is that I need to write in 3 languages at the same time and switching languages manually in Open board is a bit cumbersome, while in GBoard it happens automatically.
Removed by mod
This “they’re all bad” shit aimed at the Chinese government makes me so sad. How many of you dullards have even heard of Tienanmen square
The downvotes tell me some people need to Google Tienanmen square. From outside China. Inside china, it didn’t happen. Erases from history
It’s not called the ‘Tiananmen Square’ by the Chinese - that’s just the name of the place. Either 六四屠殺 (June 4 massacre) or 六四鎮壓 (June 4 crackdown) would be more likely. And yes, expect loads of downvoting on Lemmy if you’re ever critical of China.
