Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
You must log in or register to comment.
I live in China and this software is cancerous not just in the encryption failure, it also nestles into a computer like a trojan. Creates 2 fallback installations and will reinstall itself after removal if you reboot in between, unless you get rid of all 3 installations at once, where they are deliberately trying to obfuscate the uninstall button (triple confirmation, swapping the confirm/cancel buttons and button background colors, etc.).
It’s a nasty piece of crap that come preloaded on any phone (android, at least) and Windows-PC here.
It’s time to switch to Linux!
I mean the CCP is aiming to have people use Kylin? If the government and the entire populace starts using Linux instead we’ll just see the same BS on Linux instead. It’s not an OS/platform issue, but an issue of bad actors.
On the plus side maybe then it’ll finally be the year of the Linux desktop.
monkeys paw curls
deleted by creator
Don’t worry, there is also a Linux version.
Oof
Then they’ll install the Linux version. People here are so indoctrinated, they like it.
Do people generally try to circumvent it? Are they too scared to uninstall it? Or do they just not care?
Worse. They think it’s useful.
Why? Useful for safety and security of the society?
Edit: Why downvotes? I’m trying to put myself in their shoes, it’s not how I view it lol
Comes with a built in translator and spell checker, and since access to Google translate is blocked, that’s often the only alternative.
Ah ok makes sense
Lol “I love this tool that they made, because they blocked me from Google translate.”
Nah. They don’t know Google translate. Or Google, for that matter. They know what they are supposed to know.
Of course some people know better, and those are the ones who will eventually get around the block - finding and installing a VPN is not rocket science, not even here. But if you keep 98% of the population contained, the rest won’t reach critical mass.
deleted by creator
I thought we are talking about a keyboard app?
Yeah, wtf is that equivalency?
“Why do people smoke”
“Well some people like to eat at restaurants or watch movies with their friends so”
Haha, exactly my thought
It was a “what about” analogy. It compares a app that steals data without the users consent and the other one is the keyboard app. Both seem to be wanted by consumers despite the steeling parts.
Yeah but a social media platform has completely different qualities. Therefore the reasons for people how and why they use them will be completely different. Also the keyboard app is forced on the phones by the state while the use of social media platforms is optional. Just too many different factors at play here imo.
Some weird downvotes, and I want to know too. Why does a keyboard app mean anything to anyone? The keyboards included on iOS and latest Android versions are great.
Don’t know about this keyboard or Chinese, but a language specific feature might be one of the reason.
I use SwiftKey and I love how it supports multilingual autocorrect and prediction for Indonesian and English without needing to switch between keyboard language.
iOS built in keyboard supports multilingual typing for some languages, but not Indonesian.
I assume people love it also because some specific feature that doesn’t exist in the stock keyboard.
My guess is that it might either be more accurate in predictions or some additional convenience factors that makes typing this logographic language much easier and faster lol.
Or people are also simply used to it since it’s everywhere.
Be careful jumping the firewall.
Sure. Foreigners aren’t really sanctioned though, that’s more of a risk for the locals. But even then usually only if they want to get someone disappeared and don’t have anything substantial against them.
Alright China shills, you can stop changing the subject to how Google and the US are the “same”.
The troops advanced into central parts of Beijing on the city’s major thoroughfares in the early morning hours of 4 June and engaged in bloody clashes with demonstrators attempting to block them, in which many people – demonstrators, bystanders, and soldiers – were killed. Estimates of the death toll vary from several hundred to several thousand, with thousands more wounded.[15][16][17][18][19][20]
https://en.m.wikipedia.org/wiki/1989_Tiananmen_Square_protests_and_massacre
If you lived in China you’d likely not know about this, since people who talk about it go to prison.
Yeah the US is exactly like this so let’s not talk about the Chinese government being awful to their citizens /s
Simple solution is to block lemmygrad and hexbear in your app. That cuts down quite a few tankies and mainlaind Taiwan shills.
Imagine being in Taiwan and having full access to information about China and the west and still shilling for China. Those types of people should be looking for a dominatrix, not a political philosophy…
I think they might be using “mainland Taiwan” as a way of saying China - Taiwan is an island which China thinks is “theirs” for some reason.
“Yes, but history…” they will say.
And in history China used to be the opium export market of the Brits so by historic rules it has to be that again. I guess they’ll say “but that’s different”.
Removed by mod
The politicians have to play nice and be polite. Right up until they don’t have to anymore.
The people can recognize that Taiwan is what happened to the last freely elected government of Western Taiwan, and that the CCCP are nothing more than despots and authoritarian tyrants that freely abuse their own people, and would absolutely be bullying the world, if they were actually as powerful as they claim to be.
The CCCP ≠ China or the Chinese people.
The CCCP = Western Taiwan
Tbf, it was theirs - until it wasn’t. At this point, it is a bit like the British were insisting that the US was theirs.
The history of Taiwan is quite a bit more complex than that, but the PRC (current government in mainland China) has never controlled Taiwan - it was never theirs.
Taiwan was a Japanese colony from 1894 until 1945 when Japan was forced to hand it over to the ROC (the successor government to the Qing dynasty, which was the last time you could argue China controlled the island - the Qing managed to almost fully colonize it before losing it to the Japanese, although a lot of the mountainous parts of Taiwan were still mostly autonomous at that time and inhabited by aboriginal Taiwanese who continued to resist the Qing rule)
The ROC takeover of the island is also seen as another colonization by many Taiwanese as well - the descendants of the Qing era colonists who were mostly Hokkien speakers from Fujian, while the ROC migration in 1949 was mostly Mandarin speakers from wider China, who fairly brutally imposed their rule over the island (see 4 decades of martial law, etc.)
ROC managed to reform itself over time, and Taiwan is now a vibrant democratic country which is forging its new national identity where most people would prefer to be left alone to control their own affairs.
You’ve got it backwards - Taiwan (the Republic of China) actually used to control the mainland before the Chinese civil war that resulted in the modern-day government (the People’s Republic of China) taking control. Source: https://en.m.wikipedia.org/wiki/Chinese_Civil_War
“Taiwan” was never the administrative centre of China, come on. Some of the Chinese ruling classes fled there after the revolution. It’s like saying the capital of Germany was always Bonn.
Sorry, bad phrasing. I intended to say “The current government of Taiwan”
There’s a bunch of Taiwanese people who would welcome Chinese rule. I don’t know why… The CPC sucks my balls
Removed by mod
Been using lemmy for a few days and I am already feeling the need to do just that.
How so? I’ve been using since the API blackout and not seen any content from either instance.
A must have on apps to be able to block/filter instances
Wtf is up with hexbear?
If I understand correctly, hexbear is where the refugees ended up after Reddit banned r/ChapoTrapHouse.
Check it out for yourself [email protected]
mainland Taiwan
You must mean West Taiwan. Sadly they refuse to acknowledge the authority of Taiwans government.
No one is saying Google massacred protestors, but if you’re gonna be against keyboard apps spying on you it should be irrelevant who they’re spying for. Criticizing shitty things American companies do doesn’t make you a China shill and calling everyone who does it a China shill is intellectually dishonest.
I mean, ill always say that China is worse than the US. But you can find plenty of examples of the US doing awful things to its people too.
Like the MOVE bombing https://en.wikipedia.org/wiki/1985_MOVE_bombing
or The Tusla Massacre that involved law enforcement bombing black neighbourhoods https://en.wikipedia.org/wiki/Tulsa_race_massacre
Or any of the countless of times cops perpetrated mass violence against black people during the civil war era and cracked down harshly on protests.
Or when the did the same to anti-war protestors during the vietnam war.
Or the numerous times they experimented on their own citezens such as MK ultra, The Tuskegee Syphilis Experiment, or any of the dozens upon dozens of radiation experimentation, like when almost 1000 pregnant mothers were injected with radioactive iron, causing many miscarriages and cancers(and thats not the only time they injected pregnant mothers with radioctive material to see if it fucked up the baby), or when inserting radium rods up the nostrils of school children and then observing how their health declined, or when they dosed hundreds of inuit with radioactive iodine to see its affects on the thyroid.
Like I dont think this makes China’s atrocities any more excusable, but the reverse is true to. The US really isnt much better than China.
The US really isnt much better than China.
The world ain’t just good or bad and there’s various degrees of “bad”. The fact that many US people can even talk about this stuff makes them already just ever so slightly better for many outsiders. This is how it is, neither country is “good” but they align more with western ideals than an authoritarian state which for many of us is bad by default…which it is of course. :)
Don’t forget operation sea spray! Next time you laugh at someone talking about chemtrails remember the us government actually did chemtrails!
As bad as those two linked incidents were, they weren’t exactly government sanctioned. Police sanctioned, sure, and the government should do more to reign that shit in, but comparing them to Tiennamen is disingenuous at best.
The Chinese government hates letting its citizens have a voice.
Shills gonna shill
I tend to lean into accepting that ‘the US government has done some pretty horrific shit too’ camp, but I don’t do it as a way to shill for China, because fuck that authoritarian place. But it is dumb not to recognize massacres like Kent State, Tulsa, or the systematic genocides of First Nations peoples.
Tiananmen Square really isn’t the best example to use as an example of how China isn’t like the US. There’s plenty of much more insidious dystopian shit happening in China every day to use than that.
Yeah exactly my point.
this article isn’t about the US. I believe there is a reason so many in so many threads like that do what you’re doing and worse. THE TOPIC IS NOT THE US, STOP TRYING TO MAKE IT THAT WAY
Jesus Christ, this thread is cursed.
Circling back to the article: it would be easier to name software that doesn’t collect your data and send/sell it to your respective government. The point being made in this thread is that it isn’t just a China problem. If you think you’re safe from government observation just because you don’t live in China, I have bad news for you.
If you think you’re safe from government observation just because you don’t live in China
I think you know without doubt that this is something NO ONE ever ever ever said. You know this. And yet still – you want to make this about the united states. Maybe you can explain a way that this got brought up without China shills infecting the thread?
Because the article is not about the US. It’s not.
I didn’t mention the US.
The article makes it sound like it’s UNUSUAL that a phone app is spying on its users and sending user data to the government. It’s not an exception, it’s the rule. People pointing this out are doing you a favor, because the article’s framing would otherwise lead you to believe this is a China problem and not a tech problem.
I think it’s a response to how there are so many CHINA BAD articles. You could take each article as isolated, but there is the idea of manufacturing consent and it’s how people develop negative feelings towards particular things after seeing so many negative articles about them.
Well, you can post all the bad shit the US has done.
China IS A BAD ACTOR on the international, national, regional, and Municipal levels. The whole state apparatus is corrupted.
It’s a lot more quick for me to point out that it’s not unique to China. The way you phrase the second part of your post is as if China is unique in this sort of corruption. The US is just as corrupt, plus it has a lot more influence around the world thanks to the sheer amount of resources it controls.
China IS bad. Changing the subject isn’t the reaction of an unbiased person.
I’m not trying to change the subject from China to the US, I’m trying to point out that the example of Tiananmen Square is not the best example to use as a distinguishing factor for China vs the US when there are numerous examples of the US commuting similar atrocities throughout its history.
The current and active oppression and genicide of the Uyghurs.
The brutal silencing of political and ideological ‘dissidents’.
The openly dystopian social credit system being developed.
The suppression of free speech and self-expression.
There is a long list of examples to pull from that set China apart from the US.
“China’s Orwellian Social Credit Score Isn’t Real”
https://foreignpolicy.com/2018/11/16/chinas-orwellian-social-credit-score-isnt-real/
“China’s Social Credit System Is Actually Quite Boring – A supposedly Orwellian system is fragmented, localized, and mostly targeted at businesses”
https://foreignpolicy.com/2021/09/15/china-social-credit-system-authoritarian/
It’s called Whataboutism. Very common deflection tactic.
yep
Do you even know what the word shill means?
Like wtf do you think I’m trying to sell?
it seems you’re selling that idea that China = USA as to minimize bad actions by China.
Thats not really a thing you sell and I literally start my comment with
I mean, ill always say that China is worse than the US
So it seems you really just cant cope with the fact that the US is a bad guy as well.
ideas are sold every day. maybe there is a reason you want to focus on the US instead? hmm weird no that can’t be true at all.
Removed by mod
deleted by creator
Imagine thinking China is worse than the US when the US killed something like a million Iraqis, and that’s just one of the many war the US was waging in the last 30 years while China checks notes attacked nobody in that timeframe.
I think the distinction between China and the US is how they directly treat their own citizens. Arguments could be made that they’re both equally shitty in that regard, but in different ways.
Removed by mod
The US imprisons 4x more people per capita. And China lifted 800 million people out of poverty in the last 40 years. How are they equally shitty?
Yeah right, let me ask the Uyghurs how they’re doing real quick
But those were brown people so they dont count - Americans probably.
Sir this is a Wendy’s
Or more specifically, a thread about a phone keyboard.
But it is true that Google and Microsoft phone home with your key strokes. That’s how they develop their predictive typing and autocorrect.
Removed by mod
Removed by mod
That’s false equivalence.
China killing protesters and silencing dissidents does not make it OK for Google or anyone else to spy on you.
This is one of my favorite things about kbin over Reddit. So neat to see gifs in chat.
They’re viewable on Lemmy too!
deleted by creator
Not voyager yet
It just appears as a static image on Infinity. I had to tap on it to go fullscreen and start playing it. Though the app is still in beta, that might change.
It works on Sync
Thunder as well.
Dumb question, but how do you view the kbin page? I’m using Sync
I was talking about gifs
And my axe!
Reddit added the same functionality some time ago, I’m a bit sad it’s a thing here too but oh well. People seem to like it. My favourite thing about reddit was it being text-based though
I wish they were smaller, like maximum twice the size of an emoji, maybe bigger for gif type images.
If you think that’s a kbin thing, you’ve not used reddit in years, you haven’t looked at anything lemmy, etc.
You could have gifs on Reddit too
Through New Reddit, which was objectively awful.
It’s viewable in Memmy for lemmy as well, also been on Reddit for years just not used much due to the culture there dog piling it all the time.
How are you seeing gifs in kbin? All I’m seeing is a url link to the gif and have to click the media icon button next to the URL For it to load… is there a setting I need to enable to load pictures/gifs automatically?
I’m guessing it’s your app. I’m viewing through desktop and it works fine.
I wish there was a setting to get rid of them in the app I use, hate inline images and gifs
Didn’t swiftpad or whatever its called send every key pressed to Microsoft?
Not a China shill. China is horrible. Microsoft less so as they don’t commit genocide in slow motion. But still, I think this sort of thing is more common than we think.
Use FOSS.
It’s stories like this that don’t surprise me as much as make me ask: How the fuck do you store and process this much data to get anything useful out of it.
You just save the first 50 digits typed after some email is typed, and you have all the passwords you need!
This only applies if a username is a email
And if it is then what happens when people actually email someone? Autocorrect during login?
I don’t think they’re saying that method would yield 100% clean data but it would give you all the “necessary” data with the absolute bare minimum storage requirement. At some point people will log into their email and for most people if you have their email password you have the password they use for everything
Yep, I only reacted to a “new requirement”: save space :)
They weren’t describing a use case for every single type of situation.
I could be wrong, and this is a generalization of any country you can name, but my impression is data is stored on everyone so when they decide someday to look you up they already have all the data collected. It’s not really processed until needed.
And in hopes of it being useful later, when processing power is better.
Hey GovGPT8, please rank the 10 citizens most likely to organize protests if we institute curfews.
Exaaaactly
deleted by creator
And how can autosuggest / autocorrect be so bad with so much training data
Did you ever see how an average person types? It’s not the amount of data that is the problem. We have too much dumb data!
The real answer is compute power. At the moment it’s very expensive to run the computations necessary for big LLMs, I’ve heard some companies are even developing specialized chips to run them more efficiently. On the other hand, you probably don’t want your phone’s keyboard app burning out the tiny CPU in it and draining your battery. It’s not worth throwing anything other than a simple model at the problem.
deleted by creator
deleted by creator
China being China, no surprise here.
Removed by mod
Removed by mod
Removed by mod
Removed by mod
Removed by mod
Wait til you hear about whataboutism lawl
what’s your purpose?
I mean in life…
The Xzibit begins to compound itself. Soon there is so much whataboutism compressed into other instances of whataboutism that the singularity has formed. Faintly, all you can make out above the constantly repeating “Yo dawg, we heard…” is the whoosh of the empty air spinning around inside OP’s head. And suddenly, with a cacophonous roar there is nothing but silence. And then, triumphantly, a yellow sickle and hammer emblazon themselves against a red background as the Soviet National anthem plays. OP is at peace.
deleted by creator
US as in USA as in United States of America, I believe
Oh wow, who would have ever thought they’d do that? What a fucking surprise.
As if other keyboard apps are any different, I don’t think Microsoft bought SwiftKey just for fun?!
I don’t get it? Why are they talking in the article about not using the right type of encryption. The problem isn’t the encryption, but the fact that it is sending your keystrokes to the mothership, right?
In a surprise to absolutely nobody, China spies on their people.
I feel like there should be a Lemmy version of everything now
These findings underscore the importance for software developers in China to use well-supported encryption implementations such as TLS instead of attempting to custom design their own.
lol.
The writer out here acting like this wasn’t an intended feature lol
And this is the only point of the article. Idk what all these other comments are on about, but this article is outlining lack of standardized protocols that made the software vulnerable to network eavesdropping.
This doesn’t point to a big CCP conspiracy, it’s just bad design.
It’s not a bug, it’s a feature.
And the Platinum Award for Least Surprising News Headline goes to…
