Crackhappy@lemmy.world
on 06 Feb 2025 23:37
nextcollapse
Absolutely “shocked” I tell you.
aeronmelon@lemmy.world
on 07 Feb 2025 08:41
collapse
loudly places hand on side of face
HowAbt2morrow@futurology.today
on 06 Feb 2025 23:48
nextcollapse
No shit?
pennomi@lemmy.world
on 06 Feb 2025 23:54
nextcollapse
The hell? There’s no reason to use plain HTTP instead of HTTPS.
And symmetric encryption is wildly irresponsible as well.
webghost0101@sopuli.xyz
on 07 Feb 2025 00:07
nextcollapse
Not for s second do I believe this was a accidental oversight.
I am sure they had very good reasons, all alligned with their actual interests with no thought spared to even consider consequences for small fish users.
kinsnik@lemmy.world
on 07 Feb 2025 01:56
nextcollapse
i just can’t think of any. like the article says, i fully expected the app to send data to china. but even if you are maliciously spying on users, why would you send the stolen data on unsecured channels? so that everyone in the path takes advantage of the data your wanted to steal?
sunzu2@thebrainbin.org
on 07 Feb 2025 04:15
nextcollapse
Sounds plain sloppy lol
Badest AI, rookie opsec
fmstrat@lemmy.nowsci.com
on 08 Feb 2025 13:39
collapse
If forced to relocate servers to a US partner,it leaves an attack vector.
trolololol@lemmy.world
on 07 Feb 2025 08:56
collapse
Yep I’m with you.
It’s so easy to use https with secure encryption. It’s the default. You have to go out of your way to use s symmetric key or to even allow http without SSL in xcode or Android studio.
cadekat@pawb.social
on 07 Feb 2025 02:38
nextcollapse
Depends on how much traffic you’re talking about. Encrypting/decrypting isn’t free.
If leaking data is intentional then there are better ways than doing it in the open. Doubly so if you supposedly are in cahoots with your hosting and Chinese government.
gens@programming.dev
on 07 Feb 2025 09:57
collapse
"Open"ai is definitely sharing everything you tipe with your government. Only difference is that chinese care less about your illusions. That said we are not even a blip in the sea of data so it doesn’t matter anyway.
Bdw your patriot act says that any data that goes over your border can be stored and used indefinitely. So me seing your comment means your nsa will store it and can use it, even though spying on your own people is against your constitution or something.
Yeah, I’m not an American and not here to argue one’s better than the other because if you care about your data you just don’t give them opportunity to see it. I’m having fun pointing out how silly this poo-slinging between US and China looks to bystanders, that’s all. It’s like denouncing DeepSeek is a modern day swearing fealty to the American lords.
prettybunnys@sh.itjust.works
on 07 Feb 2025 01:03
collapse
Do you understand what you’re commenting on or just commenting hoping it’s funny?
cybersin@lemm.ee
on 07 Feb 2025 01:19
nextcollapse
This is dumb.
Even if you encrypt network traffic, the receiving server still knows what you’re doing. All it does is prevent third parties from snooping.
Usually.
stephen01king@lemmy.zip
on 07 Feb 2025 02:21
nextcollapse
Yes, so not only are they doing something shady, they’re doing something shady and exposing your data to anyone wanting to snoop it. What’s dumb about criticising the latter part?
If you are implying that a government wants your data, they can just buy it or request it from the company directly. They don’t have to snoop to get it. Also SSL isn’t going to stop them.
MNByChoice@midwest.social
on 07 Feb 2025 13:24
collapse
Oh, no. I don’t mean USA government. I do mean some governments, but also any company between here an there.
Imagin that your company wants to sell user data. There are limits on what your company can sell due to contracts or laws, due to having a relationship with the customers.
Your company leases internet connections from another company, ISP or not, that can sell the data.
Sending the data without SSL provides an okay, if not ideal, method to move that data.
trolololol@lemmy.world
on 07 Feb 2025 08:52
collapse
Yep it also prevents anyone in the airport impersonating the WiFi and the bytedance server (which is trivial) and crafting payloads that run insecure code on your phone ( not that easy but there’s heaps of CVEs like this in apps like Safari over the years, so there’s at least 2x as many in an app like this)
ZILtoid1991@lemmy.world
on 07 Feb 2025 08:52
nextcollapse
And that’s why you use local instances…
oysterenjoyer@sh.itjust.works
on 08 Feb 2025 10:58
nextcollapse
True, but you need powerful server in order to run the most capable Deepseek model, which most people don’t have.
brucethemoose@lemmy.world
on 08 Feb 2025 11:52
collapse
That’s an understatement. It won’t even fit well in 8xA100, you need an EPYC server to run it in CPU RAM, very slowly.
Hackworth@lemmy.world
on 08 Feb 2025 12:14
collapse
To run the 671B parameter R1, my napkin math was something like 3/4 of a million dollars in hardware. But that (plus the much lower training cost) made this a millionaire’s game rather than a billionaire’s. Plus the distillations do seem better than anything else we have at the smaller sizes at the moment. That said, I’m more looking forward to the first use of deepseek’s methods with google’s Titan architectures.
Wildly_Utilize@infosec.pub
on 08 Feb 2025 11:38
collapse
2nd place is duck.AI in via tor browser
CallateCoyote@lemmy.world
on 08 Feb 2025 06:57
nextcollapse
Does this actually matter so long as I just ask it questions I want answers to? I’m not feeding it any personal information. Sincere question. Enlighten me if so.
AnxiousDuck@feddit.it
on 08 Feb 2025 07:47
nextcollapse
You wouldn’t believe how little information can be personally identifying, especially when combined with other little pieces.
Also, knowing what’s on the mind of western people, how they write, how they engage in conversations can be extremely valuable information.
coolmojo@lemmy.world
on 08 Feb 2025 11:33
collapse
Oh no. They will know that I don’t know how to implement cache invalidation in python. /s
ILikeBoobies@lemmy.ca
on 08 Feb 2025 15:22
collapse
Having an app installed gives it a lot of information
Unencrypted just means people on the way to that server can peek
Toribor@corndog.social
on 08 Feb 2025 15:32
collapse
I’ve started using Firefox to install sites ‘as a web app’. I use that for cloud services and things I self host. Basically works like a native app but way more control over data.
daniskarma@lemmy.dbzer0.com
on 08 Feb 2025 11:13
nextcollapse
There’s zero relationship between data being unencrypted and it being sent to chinese servers.
If you use a chinese service it’s obvious that data is going to be sent to a chinese server and that the chinese server would be able to read it.
Unencrypted data transfer, it’s a totally different thing. I would like to see if it’s truly unencrypted or just not using apple proprietary encryption.
I luckily don’t own any apple product, but I have deepseek app on my android device. If I’m bored later I’ll try to intercept my own data to see if it’s truly unencrypted. This is easy to test. If it’s not true that newspaper is going to my “block list” asap.
admin@reddeet.com
on 08 Feb 2025 12:41
nextcollapse
surprised pikachu
kawa@reddeet.com
on 08 Feb 2025 12:42
nextcollapse
surprised pikachu no one could see this coming from a few thousand miles away
OfficerBribe@lemm.ee
on 08 Feb 2025 15:02
collapse
To be honest, not using TLS nowadays is pretty surprising.
sugar_in_your_tea@sh.itjust.works
on 08 Feb 2025 15:46
collapse
Yeah, it’s actually easier to use TLS than not due to browser checks.
Nobilmantis@feddit.it
on 08 Feb 2025 15:53
collapse
Basically anything else you use here in the west sends all data to Amazon-controlled servers. But they make sure its encrypted so only them can see it. Nice.
threaded - newest
Absolutely “shocked” I tell you.
loudly places hand on side of face
No shit?
The hell? There’s no reason to use plain HTTP instead of HTTPS.
And symmetric encryption is wildly irresponsible as well.
Not for s second do I believe this was a accidental oversight.
I am sure they had very good reasons, all alligned with their actual interests with no thought spared to even consider consequences for small fish users.
i just can’t think of any. like the article says, i fully expected the app to send data to china. but even if you are maliciously spying on users, why would you send the stolen data on unsecured channels? so that everyone in the path takes advantage of the data your wanted to steal?
Sounds plain sloppy lol
Badest AI, rookie opsec
If forced to relocate servers to a US partner,it leaves an attack vector.
Yep I’m with you.
It’s so easy to use https with secure encryption. It’s the default. You have to go out of your way to use s symmetric key or to even allow http without SSL in xcode or Android studio.
Depends on how much traffic you’re talking about. Encrypting/decrypting isn’t free.
It’s trivial compared to the compute they dedicate to AI models. Like, not even a rounding error.
A penny saved is still a penny saved. I’m not saying it would amount to much, but it is non-zero.
These are completely different systems. It doesn’t make a difference.
Well many of China’s websites don’t even use HTTPS. Look at china.org.cn, or en.people.cn for example
Fucking duh
So they use a Chinese CDN or hosting? Shocking stuff. Hilarious that a company so bad at basic security beat OpenAI.
I sincerely doubt they’re bad at it.
If leaking data is intentional then there are better ways than doing it in the open. Doubly so if you supposedly are in cahoots with your hosting and Chinese government.
"Open"ai is definitely sharing everything you tipe with your government. Only difference is that chinese care less about your illusions. That said we are not even a blip in the sea of data so it doesn’t matter anyway.
Bdw your patriot act says that any data that goes over your border can be stored and used indefinitely. So me seing your comment means your nsa will store it and can use it, even though spying on your own people is against your constitution or something.
.
Yeah, I’m not an American and not here to argue one’s better than the other because if you care about your data you just don’t give them opportunity to see it. I’m having fun pointing out how silly this poo-slinging between US and China looks to bystanders, that’s all. It’s like denouncing DeepSeek is a modern day swearing fealty to the American lords.
its nice of them not to encrypt it at least. it can get harvested along the way!
⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⣠⣤⣶⣶ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⢰⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣀⣀⣾⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⡏⠉⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿ ⣿⣿⣿⣿⣿⣿⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⠉⠁⠀⣿ ⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠙⠿⠿⠿⠻⠿⠿⠟⠿⠛⠉⠀⠀⠀⠀⠀⣸⣿ ⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣴⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠀⢰⣹⡆⠀⠀⠀⠀⠀⠀⣭⣷⠀⠀⠀⠸⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠈⠉⠀⠀⠤⠄⠀⠀⠀⠉⠁⠀⠀⠀⠀⢿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⢾⣿⣷⠀⠀⠀⠀⡠⠤⢄⠀⠀⠀⠠⣿⣿⣷⠀⢸⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡀⠉⠀⠀⠀⠀⠀⢄⠀⢀⠀⠀⠀⠀⠉⠉⠁⠀⠀⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿
Ah, the ol’ Blahaj Pik-a-choo
🌕🌕🌕🌕🌕🌕🌕🌕
🌕🌕🌕🌕🌕🎩🌕🌕
🌕🌕🌕🌕🌘🌑🌒🌕
🌕🌕🌕🌘🌑🌑🌑🌓
🌕🌕🌖🌑👁️🌑👁️🌓
🌕🌕🌗🌑🌑🫦🌑🌔
🌕🌕🌘🌑🌑🌑🌒🌕
🌕🌕🌘🌑🌑🎀🌓🌕
🌕🌕🌘🌑🌑🌑🌔🌕
🌕🌕🌘🌔🍆🌑🌕🌕
🌕🌖🌓🌕🌗🌒🌕🌕
🌕🌗🌓🌕🌗🌓🌕🌕
🌕🌘🌔🌕🌗🌓🌕🌕
🌕👠🌕🌕🌕👠🌕🌕
How the fuck do I explain this boner, now?
.
Do you understand what you’re commenting on or just commenting hoping it’s funny?
This is dumb.
Even if you encrypt network traffic, the receiving server still knows what you’re doing. All it does is prevent third parties from snooping.
Usually.
Yes, so not only are they doing something shady, they’re doing something shady and exposing your data to anyone wanting to snoop it. What’s dumb about criticising the latter part?
The fact that anyone thinks they have any semblance of privacy when typing into an online AI chatbot is saddening.
Of course anything you type into a externally hosted AI is going to be harvested and sold.
But sure, in this case you are also potentially exposing your queries to your ISP or someone listening on your local network too.
Regardless of the downstream server, you should expect the interim traffic to be encrypted in transit
Sure, it’s not a bad thing and it should be standard practice, but to act like encrypted traffic guarantees privacy is silly.
Tell me where in this thread are anyone expecting privacy from any online LLM service, or anyone saying encrypted traffic guarantees privacy?
The thing is that with the traffic unencrypted it opens the door to all sorts of attacks on that traffic.
It’s not just privacy.
If you can intercept and interpret you have the ability to replace as well.
This is the integrity of your data
Privacy is not the same as security
Maybe they want 3rd parties snooping?
If you are implying that a government wants your data, they can just buy it or request it from the company directly. They don’t have to snoop to get it. Also SSL isn’t going to stop them.
Oh, no. I don’t mean USA government. I do mean some governments, but also any company between here an there.
Imagin that your company wants to sell user data. There are limits on what your company can sell due to contracts or laws, due to having a relationship with the customers.
Your company leases internet connections from another company, ISP or not, that can sell the data. Sending the data without SSL provides an okay, if not ideal, method to move that data.
Yep it also prevents anyone in the airport impersonating the WiFi and the bytedance server (which is trivial) and crafting payloads that run insecure code on your phone ( not that easy but there’s heaps of CVEs like this in apps like Safari over the years, so there’s at least 2x as many in an app like this)
And that’s why you use local instances…
True, but you need powerful server in order to run the most capable Deepseek model, which most people don’t have.
That’s an understatement. It won’t even fit well in 8xA100, you need an EPYC server to run it in CPU RAM, very slowly.
To run the 671B parameter R1, my napkin math was something like 3/4 of a million dollars in hardware. But that (plus the much lower training cost) made this a millionaire’s game rather than a billionaire’s. Plus the distillations do seem better than anything else we have at the smaller sizes at the moment. That said, I’m more looking forward to the first use of deepseek’s methods with google’s Titan architectures.
2nd place is duck.AI in via tor browser
Does this actually matter so long as I just ask it questions I want answers to? I’m not feeding it any personal information. Sincere question. Enlighten me if so.
You wouldn’t believe how little information can be personally identifying, especially when combined with other little pieces.
Also, knowing what’s on the mind of western people, how they write, how they engage in conversations can be extremely valuable information.
Oh no. They will know that I don’t know how to implement cache invalidation in python. /s
Having an app installed gives it a lot of information
Unencrypted just means people on the way to that server can peek
I’ve started using Firefox to install sites ‘as a web app’. I use that for cloud services and things I self host. Basically works like a native app but way more control over data.
There’s zero relationship between data being unencrypted and it being sent to chinese servers.
If you use a chinese service it’s obvious that data is going to be sent to a chinese server and that the chinese server would be able to read it.
Unencrypted data transfer, it’s a totally different thing. I would like to see if it’s truly unencrypted or just not using apple proprietary encryption.
I luckily don’t own any apple product, but I have deepseek app on my android device. If I’m bored later I’ll try to intercept my own data to see if it’s truly unencrypted. This is easy to test. If it’s not true that newspaper is going to my “block list” asap.
surprised pikachu
surprised pikachu no one could see this coming from a few thousand miles away
To be honest, not using TLS nowadays is pretty surprising.
Yeah, it’s actually easier to use TLS than not due to browser checks.
Basically anything else you use here in the west sends all data to Amazon-controlled servers. But they make sure its encrypted so only them can see it. Nice.