Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

  • 3arn0wl@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    35
    ·
    1 year ago

    The most popular Western OS (and probably the other commercial OSs too) sends every key typed back to base. Plus every website visited. Plus every document amended.

    • TimeSquirrel@kbin.social
      link
      fedilink
      arrow-up
      17
      arrow-down
      1
      ·
      edit-2
      1 year ago

      You know, network sniffers exist. You can verify if this is true yourself if you know how to use one. Kill all other network services and just start typing and see if it starts spewing packets.

      The internet is not some black box where us regular users can’t see what’s going on.

    • Aurenkin@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      1 year ago

      Any sources for this? I know Windows and probably MacOS send analytics but every keystroke and every document amended seems unlikely to me, maybe I’m wrong though.

        • HaggierRapscallier@feddit.nl
          link
          fedilink
          English
          arrow-up
          7
          ·
          edit-2
          1 year ago

          The timeline feature on Windows that shows your info across devices when your account is signed in, contains websites, apps and services. They say you can see it for 30 days, but I doubt they delete it after, even if they say they do. They probably at minimum process the meta-data.

          I don’t see why c/technology scream about privacy violations every other post, and then suddenly turn forgetful when geopolitics comes into play. I used to watch ‘exposés about China’ and anti-sjw stuff on youtube back in 2015 too - and then just as I stopped watching them, they became an ‘official geopolitical enemy’. The last decade has been a ride.

          • Landrin201@lemmy.ml
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            4
            ·
            1 year ago

            Because all the sinophobe tech bros have migrated to Lemmy and don’t actually understand the shit they’re talking about. They think the tech THEY use is super cool and want to keep using it, and also think China is scary and an imminent threat to them sitting in their gamer chair surrounded by doritos.

            • wizardbeard@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              7
              arrow-down
              2
              ·
              1 year ago

              Or maybe, just maybe, people have been packet sniffing Microsoft’s shit for ages and haven’t found them to be doing things quite as egregiously. Go ahead, you can look this shit up.


              Most of the spying features in Windows are able to be explicitly disabled through options Microsoft publishes themselves. It’s Group Policy, only available on Pro licenses, but anyone concerned about privacy should be on that anyway or spoofing their license using again, Microsoft published techniques (KMS). There’s also often registry keys to toggle it as well, but they tend to not be as reliable and change over updates.

              There are also tons of ways to strip out entire components of Windows from the install media before installation, and also after it has been installed. Can’t collect telemetry “X” if the telemetry “X” service isn’t there.

              Lastly, host file allows blocking network traffic to specific endpoints, and the very few times Microsoft has bypassed that it has made news. You can just block Microsoft’s entire IP block through host if you’re really paranoid.


              Beyond that, I’ve seen plenty of people concerned about the US’s data collection. It’s just not always spoken about as a US thing but more as a general tech thing, likely because internet discussion is still very US centric outside the great firewall and most big tech in the English speaking world comes from the US. So i think the US connection often just goes without saying.


              I’ll give you this: framing much of this as related to any nation state instead of just all tech’s hoovering up of data is disingenuous.

              Also, if your threat model truly needs to be concerned about any nation state actors specifically then you’re probably already fucked.