Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
I live in China and this software is cancerous not just in the encryption failure, it also nestles into a computer like a trojan. Creates 2 fallback installations and will reinstall itself after removal if you reboot in between, unless you get rid of all 3 installations at once, where they are deliberately trying to obfuscate the uninstall button (triple confirmation, swapping the confirm/cancel buttons and button background colors, etc.).
It’s a nasty piece of crap that come preloaded on any phone (android, at least) and Windows-PC here.
It’s time to switch to Linux!
I mean the CCP is aiming to have people use Kylin? If the government and the entire populace starts using Linux instead we’ll just see the same BS on Linux instead. It’s not an OS/platform issue, but an issue of bad actors.
On the plus side maybe then it’ll finally be the year of the Linux desktop.
monkeys paw curls
deleted by creator
Don’t worry, there is also a Linux version.
Oof
Then they’ll install the Linux version. People here are so indoctrinated, they like it.
Do people generally try to circumvent it? Are they too scared to uninstall it? Or do they just not care?
Worse. They think it’s useful.
Why? Useful for safety and security of the society?
Edit: Why downvotes? I’m trying to put myself in their shoes, it’s not how I view it lol
Comes with a built in translator and spell checker, and since access to Google translate is blocked, that’s often the only alternative.
Ah ok makes sense
Lol “I love this tool that they made, because they blocked me from Google translate.”
Nah. They don’t know Google translate. Or Google, for that matter. They know what they are supposed to know.
Of course some people know better, and those are the ones who will eventually get around the block - finding and installing a VPN is not rocket science, not even here. But if you keep 98% of the population contained, the rest won’t reach critical mass.
Some weird downvotes, and I want to know too. Why does a keyboard app mean anything to anyone? The keyboards included on iOS and latest Android versions are great.
Don’t know about this keyboard or Chinese, but a language specific feature might be one of the reason.
I use SwiftKey and I love how it supports multilingual autocorrect and prediction for Indonesian and English without needing to switch between keyboard language.
iOS built in keyboard supports multilingual typing for some languages, but not Indonesian.
I assume people love it also because some specific feature that doesn’t exist in the stock keyboard.
deleted by creator
I thought we are talking about a keyboard app?
Yeah, wtf is that equivalency?
“Why do people smoke”
“Well some people like to eat at restaurants or watch movies with their friends so”
Haha, exactly my thought
It was a “what about” analogy. It compares a app that steals data without the users consent and the other one is the keyboard app. Both seem to be wanted by consumers despite the steeling parts.
Yeah but a social media platform has completely different qualities. Therefore the reasons for people how and why they use them will be completely different. Also the keyboard app is forced on the phones by the state while the use of social media platforms is optional. Just too many different factors at play here imo.
My guess is that it might either be more accurate in predictions or some additional convenience factors that makes typing this logographic language much easier and faster lol.
Or people are also simply used to it since it’s everywhere.
Didn’t swiftpad or whatever its called send every key pressed to Microsoft?
Not a China shill. China is horrible. Microsoft less so as they don’t commit genocide in slow motion. But still, I think this sort of thing is more common than we think.
Use FOSS.
I agree with the “Use FOSS” part, but I can’t help but notice a double standard thats often taken when these kinds of stories pop up. How come whenever a Chinese compant does something like this, China is always at fault? Why is it never America’s fault when something like this happens with an American company or product?
Just for one thing, Chinese companies are required to have CCP members in their leadership.
I mean like the FBI buys all that data without a warrant anyways… So st least we pretend its not happening but like were practically looking in a mirror
I think China’s worse. In many cases much worse, in some cases only a bit worse. But I do not excuse America.
Look at Xinjang. The Uyghurs are facing cultural eradication. Look at African Americans. Their situation is still bad and not ok! But it is the lesser evil when you compare what the US does to their minorities compared to what China does to theirs
Careful, there are some Americans that might take that as a challenge.
Realistically its hard to say, america had the benefit of worldwide influence so doesn’t even need to do their dirty work on their land. They’ve also been at war for quite a lot longer than China, solely for personal gain.
Realistically they’re both shit, let’s just scrap the whole thing and start again
Have you ever heard about NSA?
Removed by mod
I wanted to ask if you were born yesterday but I’ll try to be more educative than sassy.
All companies in China exist purely with the blessing of the political party. No approval, no company. Everything is done by their books.
And in US is other way around, every political party has blessing of companies.
😂
Unexamined racism. “Collectivist asians” and denying Asian individuality is very normal in the US/Europe. Malcolm Gladwell can write a book saying Koreans are culturally incapable of flying an airplane and it’s fine. When Asians have human emotions it’s normal to turn it into some special exoticized thing like “saving face”. White people are individuals, Asians are a horde, nothing in Anglo culture prepares or encourages people to think about Chinese people as a billion individuals wandering around doing stuff for the same reasons you do. They’re a singular alien unit, if you go to war with Japan it’s only natural to lock all the Japanese people in a camp. Basically every book and newspaper article you’ve ever read talks about them they’re all wired together like the Borg, unless you put a ton of effort into critical thinking there’s no reason to escape that assumption.
Except the Chinese government has way more control over their companies than the US government does. In fact, there has been an explicit push recently by the government to increase their control and ownership of companies. It’s also consistent with how most large states operate, especially ones with a history of trying to control ethnically Chinese people outside of their borders.
That isn’t to say that a ton of anti China sentiment isn’t racist; it’s just that one doesn’t need to be racist make such a prediction. It’s true that many people who hate China hate it for the wrong reasons, but that doesn’t mean there aren’t things to take issue with.
Sure but stereotypes are involved in what you think a state owned bank owning 1% of Tencent stock practically means, and what kind of hateful thing you imagine a government that operates on the willing cooperation of millions of people is going to do with it. You don’t need to be racist to hate China, but there are a lot more racists than people who studied Chinese corporate structure and came to a rational conclusion about it.
I don’t know what “willing cooperation” has to do with anything. The US government has the willing cooperation of millions and had the willing cooperation of a majority of Americans in the past. That doesn’t mean the US government didn’t do some of the worst shit ever during the peak of their popularity. It’s also not like consent isn’t manufactured in China.
If anything, it’s my belief in the similarities of the Chinese and US governments that makes me think they would do hateful things with their power. People in China are the same as people here. I don’t have a rose tinted view of people here either.
I wish my government kept companies in check a bit more than they do. I live in the UK where all the water companies are owned by hedge funds and they keep discharging raw sewage into all our waterways. I feel we could do well to take back some control from them.
What are the best FOSS options for Android keyboard apps? I’ve been struggling with this lately.
I use OpenBoard (it’s available on fDroid. Maybe the play store too).
I don’t know if it’s the best but I like it. If you type in multiple languages you do need to hit a “language switcher” key on the keyboard to switch to the autocorrect for that language. A very minor complaint. Otherwise it’s great.
And it will learn swear words. No more ducking ducks.
OpenBoard - every other keyboard app is ducking shirt
I
I only dislike it for German. My other languages are Spanish and English, which have the same layout minus one extra key not even used in English. But in German Z and Y change places, so that always trips me up.
Having to remember to switch to the different language when writing a bilingual email is also annoying and does happen somewhat more often than you’d imagine.
deleted by creator
Seconded. I use Gboard because it has the same functionality but I have to sandbox it and restrict all internet access via firewall. I still don’t trust it and would prefer a FOSS alternative with the same functionality.
How do you do that?
Not OP, but this can be managed with Datura firewall on CalyxOs
wants to do something
needs to be an IT major
Welp, guess I’ll choose between China and Microsoft, then.
You can sandbox an app using Shelter. You can block the internet access of that app using NetGuard. Both apps are available on F-Droid and easy to setup. No special OS needed but I strongly recommend GrapheneOS to avoid backdoors.
Thank you vm! NetGuard is awesome. I will test Shelter.
Glad to help. Consider dropping the NetGuard dev some coin, he’s doing incredible work. He also develops FairEmail which imho is the best IMAP email app in existence.
FlorishBoard
F-Droid says the app hasn’t been updated in the last 14 months. Is the project still worked on? It says beta on the website.
Yes.. The pitfalls of FOSS is that some dude is working on it when they have free time. I’ve been using it for 2 years and can’t say I mind… would like to have the word suggestions, though.
I’m partial to thumbkey. It even has a Lemmy community: !thumbkey@lemmy.ml
Thanks for the heads up. It’s really similar to the keyboard I use.
Using FlorisBoard right now, no auto correct but you’ll adapt
OpenBoard with Gesture
Think you mean SwiftKey which Microsoft just introduced bing AI into that you can’t turn off. I 100 percent assume they now use all your typing data to train their ai too. They won’t even let you use themes without logging in to an account so I again assume they also tie data to accounts.
deleted by creator
It’s stories like this that don’t surprise me as much as make me ask: How the fuck do you store and process this much data to get anything useful out of it.
You just save the first 50 digits typed after some email is typed, and you have all the passwords you need!
This only applies if a username is a email
And if it is then what happens when people actually email someone? Autocorrect during login?
I don’t think they’re saying that method would yield 100% clean data but it would give you all the “necessary” data with the absolute bare minimum storage requirement. At some point people will log into their email and for most people if you have their email password you have the password they use for everything
Yep, I only reacted to a “new requirement”: save space :)
They weren’t describing a use case for every single type of situation.
I could be wrong, and this is a generalization of any country you can name, but my impression is data is stored on everyone so when they decide someday to look you up they already have all the data collected. It’s not really processed until needed.
And in hopes of it being useful later, when processing power is better.
Hey GovGPT8, please rank the 10 citizens most likely to organize protests if we institute curfews.
Exaaaactly
deleted by creator
And how can autosuggest / autocorrect be so bad with so much training data
Did you ever see how an average person types? It’s not the amount of data that is the problem. We have too much dumb data!
The real answer is compute power. At the moment it’s very expensive to run the computations necessary for big LLMs, I’ve heard some companies are even developing specialized chips to run them more efficiently. On the other hand, you probably don’t want your phone’s keyboard app burning out the tiny CPU in it and draining your battery. It’s not worth throwing anything other than a simple model at the problem.
deleted by creator
China being China, no surprise here.
Oh wow, who would have ever thought they’d do that? What a fucking surprise.
As if other keyboard apps are any different, I don’t think Microsoft bought SwiftKey just for fun?!
Really? Isn’t this kind of thing scandalous enough to tank companies?
It’s in their EULA read their terms of services
deleted by creator
What a shocker!
I don’t get it? Why are they talking in the article about not using the right type of encryption. The problem isn’t the encryption, but the fact that it is sending your keystrokes to the mothership, right?
In a surprise to absolutely nobody, China spies on their people.
And everyone’s people
TIL this only happens in China
As opposed to which country?
I feel like there should be a Lemmy version of everything now
I recommend free and open source software for everyone. Everything on this list is curated to feature the best alternatives to common proprietary software (according to Linux Cafe):
https://gitlab.com/linuxcafefederation/awesome-alternatives/-/blob/master/README.md
This list is good free, open source (FOSS) Android keyboards:
https://github.com/offa/android-foss#-keyboard
I think the best two are Simple Keyboard and AnySoftKeyboard. Simple Keyboard is pleasant to use, but is missing a several advanced features. ASK would be perfect if the swipe typing worked (it’s currently listed as beta, and is mostly actuate, but unfortunately when it does make a mistake fixing it is almost painful).
Finally, try to get comfortable going to alternativeto.net when you get frustrated with software. Worst case scenario you get frustrated with different software for a bit and switch back. Of course it notes the price and license model for each alternative.
ASK would be perfect if the swipe typing worked (it’s currently listed as beta, and is mostly actuate, but unfortunately when it does make a mistake fixing it is almost painful).
It crashes for me so often that I finally gave up using it.
Also there was a weird bug of where if you were working on a long document, towards the bottom of the document all of a sudden it will drag you all the way up to the top of the document, so then you had to scroll all the way back to where you were before, at the bottom of the document.
I use Florisboard
It’s not a bug, it’s a feature.
These findings underscore the importance for software developers in China to use well-supported encryption implementations such as TLS instead of attempting to custom design their own.
lol.
The writer out here acting like this wasn’t an intended feature lol
And this is the only point of the article. Idk what all these other comments are on about, but this article is outlining lack of standardized protocols that made the software vulnerable to network eavesdropping.
This doesn’t point to a big CCP conspiracy, it’s just bad design.
Never use a closed source keyboard app. It can read what you send for messages, websites you go to, search engine queries.
The people here acting like their Gboard doesn’t do the same is so funny.
Edit : never used nor installed tiktok.
It probably doesn’t though. Obviously it’s closed source making it harder to tell what’s actually happening, but there’s nothing stopping security analysts from looking at network usage and such. I would imagine that Google doesn’t install a keylogger on every Android phone, not out of the goodness of their hearts, but because they don’t want the bad publicity and lawsuits when it would inevitably be discovered.
they do collect usage stats by default though.
which include typed sentences passed through their ai model and words usage counts.
it can all be turned off and gboard seems to respect these options. it doesn’t access online services unless requested with these options off.If you mean by “collect usage stats” train their AI model on-device and send the training result to Google, then yes. If you mean that the actual words get sent to Google’s servers, then no. There was a study shared recently that looked into this. Only metadata about what’s typed is sent. That’s not nothing of course, but it’s not what Tencent does at all.
E: Found it.
If you have any evidence that it does, it would be big news. Please share.
I mean he’s not wrong, but also not really the same thing. Gboard does send a substantial amount of data about the things you typed to google. It is supposedly anonymous, but they do this to get anylitics, and they use this data to improve the suggestions given to you.
There has been at least one article where someone intercepted the data leaving from Gboard and found it’s either unencrypted or just hashed into something like base64. This was a while back so things hopefully changed.
While google does try not to phone home users passwords, how can you tell what is and isent private?
Even if i had it, do you honestly think i would waste my life to be completely forgotten and left to rot for disclosing it like Snowden. Yep, no one will ever reveal anything after that shit show.
ok.gif
No one is acting. It doesn’t do the same. There you have it.
Did you read it ? Can you share the part with relevant info. I tried to read it but it kept going abouts how Gboard and the Microsoft keyboard both gather huge amount of data and yet that both are opaque and you can’t know what data is sent to the server backend.
Also, ever heard of 5,9 and 14 eyes ?
The big issue is Google isn’t owned by the state.
I mean… Does It change anything? They are owned by a board of directors that want profits over anything else
Of course it change, at least the authorities have to buy from companies with public money instead of getting for free.
Yes, not being owned by the world’s most terrifying government turns out to be different than being owned by the world’s most terrifying government. Funny how that works
Man, Snowden wasted his entire life to tell you USA literally spy on everything you do and when caught their answer was : yeah, so what you gonna do about it, maybe you should do the same.
They are the state at this point. So same thing.
no they are just compelled by the state and secret courts which is totally different obviously
I love how people overlook this part. You get all the knuckledraggers who want to claim the US is somehow just as bad as China is.
The anti-American sentiment in here is obnoxious.I’ve never thought that the knuckledraggers were anti-american. I think they are anti-intellectual. Using tiktok is more important to them than the future of humanity.
Total false take, don’t just say your suspicions like they are facts.
And the Platinum Award for Least Surprising News Headline goes to…
