Is anyone actually surprised by this?
it is open-source, if they did something like this, we would know it for sure
This article is what US propaganda looks like folks. Mashable should be ashamed.
Literally all AI companies do this to run their services. Except you can actually download Deepseek and run it completely securely on your own devices. You know who doesn’t allow that security? OpenAI and the other US companies currently being screwed.
as opposed to OpenAI which also stores keystrokes and then sells them to anyone who’d pay?
They should store the data in US servers like OpenAI does. Apparently then Mashable won’t write an article about it.
The criticism thrown at DeepSeek in the past days is just as applicable to American AI models. But when that was brought up it in the past it was “making things political”.
At least I can run DeepSeek locally.
the company states that it may share user information to "comply with applicable law, legal process, or government requests.
Literally every company’s privacy policy here in the US basically just says that too.
Not only does DeepSeek collect “text or audio input, prompt, uploaded files, feedback, chat history, or other content that [the user] provide[s] to our model and Services,” but it also collects information from your device, including “device model, operating system, keystroke patterns or rhythms, IP address, and system language.”
Breaking news, company with chatbot you send messages to uses and stores the messages you send, and also does what practically every other app does for demographic statistics gathering and optimizations.
Companies with AI models like Google, Meta, and OpenAI collect similar troves of information, but their privacy policies do not mention collecting keystrokes. There’s also the added issue that DeepSeek sends your user data straight to Chinese servers.
They didn’t use the word keystrokes, therefore they don’t collect them? Of course they collect keystrokes, how else would you type anything into these apps?
In DeepSeek’s privacy policy, there’s no mention of the security of its servers. There’s nothing about whether data is encrypted, either stored or in transmission, and zero information about safeguards to prevent unauthorized access.
This is the only thing that seems disturbing to me, compared to what we’d like to expect based on the context of what DeepSeek is. Of course, this was proven recently in practice to be terrible policy, so I assume they might shore up their defenses a bit.
All the articles that talk about this as if it’s some big revelation just boil down to “company does exactly what every other big tech company does in America, except in China”
Oh my, just wait until you learn what Facebook and Google do…
Did the American technology giants think they had the monopoly on capturing human input too?
My gym sock captures human input too.
That’s human output surely?
I input it into the sock.
No, this is just propaganda
Just host it yourself?
This make the news only because it’s going to chinese servers. Didn’t see anything like that about ChatGPT or the one made by Google.
Like every app you have doesn’t collect keystrokes data?
“We store the information we collect in secure servers located in the People’s Republic of China”
Now you Americans know how we Europeans feel when Google, Amazon and Facebook store our information on American servers. Hint: The protective wall between Chinese servers and their government are about as good as the one between American servers and their government - at least for non-US citizens. The last thin veil of privacy for Eurpeans has been ripped to shreds by Trump last week.
The last thin veil of privacy for Eurpeans has been ripped to shreds by Trump last week.
What did he do? I know Trump does not like the GDPR, but did he sign something affecting it last week?
He killed the EU-US Data Privacy Framework. Theoretically, no company is allowed to transfer data of European citizens to US-based servers anymore. Sadly, Ursula von der Leyen is lacking the balls to act on this.
Thanks, I did not know. I think you are referring to this: https://www.freevacy.com/news/noyb/trumps-actions-to-dismantle-pclob-threatens-eu-us-data-transfers/6088
To be completely honest… as an European I would be happy if they actually did make it so that no EU-US data transfer were allowed… we need to stop depending on all these US-based services… but like you said, they probably don’t have the balls to pull the plug. Which makes me wonder if that board was actually really any protection at all for privacy or it had always been an empty shell used as an excuse on both sides just to keep up appearances and maintain the plug on.
I honestly think this could be a win for us. Worst case scenario, nothing really changes but some masks fall off and at least some people would stop acting under false pretense (which could open the doors for change). So I’m actually glad he did that.
I’m confused. Isn’t “collecting keystroke data” just an alarmist way to describe text entry?
This is the full paragraph:
We collect certain device and network connection information when you access the Service. This information includes your device model, operating system, keystroke patterns or rhythms, IP address, and system language. We also collect service-related, diagnostic, and performance information, including crash reports and performance logs. We automatically assign you a device ID and user ID. Where you log-in from multiple devices, we use information such as your device ID and user ID to identify your activity across devices to give you a seamless log-in experience and for security purposes.
It looks to me that they are using it to identify the user uniquely, maybe also related to captcha to prevent bots (it’s common practice to capture mouse and keyboard while resolving captchas to see if the movement is human-like).
Looks like there are more things I need to start randomizing and injecting with noise.
Maybe. They could also be doing things like paying attention to input cadence and typos/pre-send typo corrections to use as part of a fingerprint associated with the identifying information a user gives them when creating an account so that they can then attempt to detect the user elsewhere on the web whether they are using an identifying account or not.
This argument applies to literally every single web app you use.
So, basically using Facebook technology in their AI app?
You’ll hear no arguments from me on that point, US tech companies are toxic af.
How far we’ve come
Not exactly. Timing between key presses can be used to identify people.
lol no. only the sounds of the keys can identify the keyboard’s model
The goal is not to identify keyboard model. The goal is to identify person. And people tend to have something called habbits.
the chance of this is almost zero. if you are a dangerous cybercriminal, they will track your device down by a networking solution, wait until you leave it unattended and install a hardware-based spy device and capture evidence. No fbi agent will fuck around with keyboard sounds or movie bs like that
with keyboard sounds
Ok, I see you are intentionally going in circles.
I am literally so paranoid I regularly vary my keysteoke rhythms and explore polyrhytmic techniques to create variations. Not even joking.
this. i mean, the session logs for the prompt are kept at least for your user, right?
Not usually. Keystroke info is different than text input, like if you didn’t click onto any field and typed it would only be captured if keystroke are all being grabbed. It’s especially scary if you keep the app running in the bg and then type something and it still captures it. Not saying they’re doing that, but the privacy policy says they might.
The rhythm part is annoying, it’s commonly used to ID people even through things like ad blocks and dns blocks. Could also (in theory) be used to capture what people are typing just by hearing how they type.
Yes.
Yes, I’m going to be lectured on privacy by people who are still on twitter.
