Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

  • @Diabolo96@lemmy.dbzer0.com
    link
    fedilink
    English
    137
    edit-2
    11 months ago

    The people here acting like their Gboard doesn’t do the same is so funny.

    Edit : never used nor installed tiktok.

    • Paige (she/her)
      link
      English
      11911 months ago

      It probably doesn’t though. Obviously it’s closed source making it harder to tell what’s actually happening, but there’s nothing stopping security analysts from looking at network usage and such. I would imagine that Google doesn’t install a keylogger on every Android phone, not out of the goodness of their hearts, but because they don’t want the bad publicity and lawsuits when it would inevitably be discovered.

      • voxel
        link
        fedilink
        English
        46
        edit-2
        11 months ago

        they do collect usage stats by default though.
        which include typed sentences passed through their ai model and words usage counts.
        it can all be turned off and gboard seems to respect these options. it doesn’t access online services unless requested with these options off.

        • Avid Amoeba
          link
          fedilink
          English
          7
          edit-2
          11 months ago

          If you mean by “collect usage stats” train their AI model on-device and send the training result to Google, then yes. If you mean that the actual words get sent to Google’s servers, then no. There was a study shared recently that looked into this. Only metadata about what’s typed is sent. That’s not nothing of course, but it’s not what Tencent does at all.

          E: Found it.

        • Paige (she/her)
          link
          English
          1
          edit-2
          11 months ago

          Thank you for this. This is much more reasonable of a privacy critique than falsely claiming Google is using a keylogger. I heard Grammarly was doing something similar and deleted my account. I’m changed the settings, but will continue using Gboard because I like the combined emojis.

      • @knock@lemmy.world
        link
        fedilink
        English
        1711 months ago

        I mean he’s not wrong, but also not really the same thing. Gboard does send a substantial amount of data about the things you typed to google. It is supposedly anonymous, but they do this to get anylitics, and they use this data to improve the suggestions given to you.

        There has been at least one article where someone intercepted the data leaving from Gboard and found it’s either unencrypted or just hashed into something like base64. This was a while back so things hopefully changed.

        While google does try not to phone home users passwords, how can you tell what is and isent private?

      • @Diabolo96@lemmy.dbzer0.com
        link
        fedilink
        English
        311 months ago

        Even if i had it, do you honestly think i would waste my life to be completely forgotten and left to rot for disclosing it like Snowden. Yep, no one will ever reveal anything after that shit show.

      • @Diabolo96@lemmy.dbzer0.com
        link
        fedilink
        English
        3
        edit-2
        11 months ago

        Did you read it ? Can you share the part with relevant info. I tried to read it but it kept going abouts how Gboard and the Microsoft keyboard both gather huge amount of data and yet that both are opaque and you can’t know what data is sent to the server backend.

        Also, ever heard of 5,9 and 14 eyes ?

        • Avid Amoeba
          link
          fedilink
          English
          1
          edit-2
          11 months ago

          Google doesn’t sell to data brokers. Not yet at least. They have a competitive advantage they will lose if they sold their data (our data) to third parties, especially third party resellers. If/when they begin circling the drain, that may change.