this post was submitted on 28 Jan 2025

480 points (83.9% liked)

Privacy

33496 readers

303 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

480

DeepSeek collects keystroke data and more, storing it in Chinese servers (mashable.com)

submitted 1 week ago by restingboredface@sh.itjust.works to c/privacy@lemmy.ml

367 comments fedilink hide all child comments

Is anyone actually surprised by this?

you are viewing a single comment's thread
view the rest of the comments

[–] grey_maniac@lemmy.ca 59 points 1 week ago (6 children)

I'm confused. Isn't "collecting keystroke data" just an alarmist way to describe text entry?

[–] noisefree@lemmy.world 13 points 1 week ago (3 children)

Maybe. They could also be doing things like paying attention to input cadence and typos/pre-send typo corrections to use as part of a fingerprint associated with the identifying information a user gives them when creating an account so that they can then attempt to detect the user elsewhere on the web whether they are using an identifying account or not.

[–] yogthos@lemmy.ml 11 points 1 week ago

This argument applies to literally every single web app you use.

[–] ubergeek@lemmy.today 6 points 1 week ago (1 children)

So, basically using Facebook technology in their AI app?

[–] noisefree@lemmy.world 3 points 1 week ago

You'll hear no arguments from me on that point, US tech companies are toxic af.

[–] Melvin_Ferd@lemmy.world 1 points 1 week ago

How far we've come

[–] uis@lemm.ee 3 points 1 week ago (2 children)

Not exactly. Timing between key presses can be used to identify people.

[–] grey_maniac@lemmy.ca 2 points 1 week ago* (last edited 1 week ago)

I am literally so paranoid I regularly vary my keysteoke rhythms and explore polyrhytmic techniques to create variations. Not even joking.

[–] kekmacska@lemmy.zip 0 points 1 week ago (1 children)

lol no. only the sounds of the keys can identify the keyboard's model

[–] uis@lemm.ee 1 points 1 week ago (1 children)

The goal is not to identify keyboard model. The goal is to identify person. And people tend to have something called habbits.

[–] kekmacska@lemmy.zip 0 points 1 week ago (1 children)

the chance of this is almost zero. if you are a dangerous cybercriminal, they will track your device down by a networking solution, wait until you leave it unattended and install a hardware-based spy device and capture evidence. No fbi agent will fuck around with keyboard sounds or movie bs like that

[–] uis@lemm.ee 1 points 1 week ago

with keyboard sounds

Ok, I see you are intentionally going in circles.

[–] vfreire85@lemmy.ml 3 points 1 week ago

this. i mean, the session logs for the prompt are kept at least for your user, right?

[–] ubergeek@lemmy.today 1 points 1 week ago

Yes.

[–] tux@lemmy.world 1 points 1 week ago

Not usually. Keystroke info is different than text input, like if you didn’t click onto any field and typed it would only be captured if keystroke are all being grabbed. It’s especially scary if you keep the app running in the bg and then type something and it still captures it. Not saying they’re doing that, but the privacy policy says they might.

The rhythm part is annoying, it’s commonly used to ID people even through things like ad blocks and dns blocks. Could also (in theory) be used to capture what people are typing just by hearing how they type.

[–] Ferk@lemmy.ml 1 points 1 week ago* (last edited 1 week ago) (1 children)

This is the full paragraph:

We collect certain device and network connection information when you access the Service. This information includes your device model, operating system, keystroke patterns or rhythms, IP address, and system language. We also collect service-related, diagnostic, and performance information, including crash reports and performance logs. We automatically assign you a device ID and user ID. Where you log-in from multiple devices, we use information such as your device ID and user ID to identify your activity across devices to give you a seamless log-in experience and for security purposes.

It looks to me that they are using it to identify the user uniquely, maybe also related to captcha to prevent bots (it's common practice to capture mouse and keyboard while resolving captchas to see if the movement is human-like).

[–] grey_maniac@lemmy.ca 1 points 1 week ago

Looks like there are more things I need to start randomizing and injecting with noise.