In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
Circling back to the article: it would be easier to name software that doesn’t collect your data and send/sell it to your respective government. The point being made in this thread is that it isn’t just a China problem. If you think you’re safe from government observation just because you don’t live in China, I have bad news for you.
If you think you’re safe from government observation just because you don’t live in China
I think you know without doubt that this is something NO ONE ever ever ever said. You know this. And yet still – you want to make this about the united states. Maybe you can explain a way that this got brought up without China shills infecting the thread?
Because the article is not about the US. It’s not.
The article makes it sound like it’s UNUSUAL that a phone app is spying on its users and sending user data to the government. It’s not an exception, it’s the rule. People pointing this out are doing you a favor, because the article’s framing would otherwise lead you to believe this is a China problem and not a tech problem.
no, people who do this are shilling for China and/or tiktok. we all know this.
and yes the raw keyboard data going directly from your fingers to the government is not something that likely happens in the US, so either way this is a false equivalence.
the raw keyboard data going directly from your fingers to the government is not something that likely happens in the US, so either way this is a false equivalence.
Again, I never mentioned the US.
What does it matter if the data is routed to the government server first or second? Blanket data collection is nefarious no matter who is doing it, but it landing in the hands of any government is dangerous. It isn’t somehow less dangerous just because it hits a private server first (although it’s harder to tell spying is happening, so in that respect it may be worse)
E2E encryption should be standard across all tech platforms in every country, full stop.
Jesus Christ, this thread is cursed.
Circling back to the article: it would be easier to name software that doesn’t collect your data and send/sell it to your respective government. The point being made in this thread is that it isn’t just a China problem. If you think you’re safe from government observation just because you don’t live in China, I have bad news for you.
I think you know without doubt that this is something NO ONE ever ever ever said. You know this. And yet still – you want to make this about the united states. Maybe you can explain a way that this got brought up without China shills infecting the thread?
Because the article is not about the US. It’s not.
I didn’t mention the US.
The article makes it sound like it’s UNUSUAL that a phone app is spying on its users and sending user data to the government. It’s not an exception, it’s the rule. People pointing this out are doing you a favor, because the article’s framing would otherwise lead you to believe this is a China problem and not a tech problem.
no, people who do this are shilling for China and/or tiktok. we all know this.
and yes the raw keyboard data going directly from your fingers to the government is not something that likely happens in the US, so either way this is a false equivalence.
I’m not defending China.
Again, I never mentioned the US.
What does it matter if the data is routed to the government server first or second? Blanket data collection is nefarious no matter who is doing it, but it landing in the hands of any government is dangerous. It isn’t somehow less dangerous just because it hits a private server first (although it’s harder to tell spying is happening, so in that respect it may be worse)
E2E encryption should be standard across all tech platforms in every country, full stop.
yeah, Snowden probably wouldn’t be really into the idea that we shouldn’t talk about what China is doing it because “everyone else is too”.
Snowden would acknowledge the pervasiveness of the issue.
he’s also not a bad-faith actor on an anonymous platform
I’m not the one reducing the issue into a China vs US binary my guy.