this post was submitted on 10 Aug 2023
1646 points (97.6% liked)

Technology

59092 readers
6622 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

top 50 comments
sorted by: hot top controversial new old
[–] godless@lemmy.world 263 points 1 year ago (7 children)

I live in China and this software is cancerous not just in the encryption failure, it also nestles into a computer like a trojan. Creates 2 fallback installations and will reinstall itself after removal if you reboot in between, unless you get rid of all 3 installations at once, where they are deliberately trying to obfuscate the uninstall button (triple confirmation, swapping the confirm/cancel buttons and button background colors, etc.).

It's a nasty piece of crap that come preloaded on any phone (android, at least) and Windows-PC here.

[–] Anamana@feddit.de 29 points 1 year ago (1 children)

Do people generally try to circumvent it? Are they too scared to uninstall it? Or do they just not care?

load more comments (1 replies)
load more comments (6 replies)
[–] SnowdenHeroOfOurTime@unilem.org 193 points 1 year ago (70 children)

Alright China shills, you can stop changing the subject to how Google and the US are the "same".

The troops advanced into central parts of Beijing on the city's major thoroughfares in the early morning hours of 4 June and engaged in bloody clashes with demonstrators attempting to block them, in which many people – demonstrators, bystanders, and soldiers – were killed. Estimates of the death toll vary from several hundred to several thousand, with thousands more wounded.[15][16][17][18][19][20]

https://en.m.wikipedia.org/wiki/1989_Tiananmen_Square_protests_and_massacre

If you lived in China you'd likely not know about this, since people who talk about it go to prison.

Yeah the US is exactly like this so let's not talk about the Chinese government being awful to their citizens /s

[–] dingleberry@discuss.tchncs.de 76 points 1 year ago (8 children)

Simple solution is to block lemmygrad and hexbear in your app. That cuts down quite a few tankies and mainlaind Taiwan shills.

[–] Notorious_handholder@lemmy.world 31 points 1 year ago (3 children)

Imagine being in Taiwan and having full access to information about China and the west and still shilling for China. Those types of people should be looking for a dominatrix, not a political philosophy...

[–] evilgiraffe666@ttrpg.network 35 points 1 year ago (4 children)

I think they might be using "mainland Taiwan" as a way of saying China - Taiwan is an island which China thinks is "theirs" for some reason.

load more comments (4 replies)
load more comments (2 replies)
load more comments (7 replies)
load more comments (69 replies)
[–] Elephant0991@lemmy.bleh.au 183 points 1 year ago (2 children)
[–] money_loo@kbin.social 29 points 1 year ago (9 children)

This is one of my favorite things about kbin over Reddit. So neat to see gifs in chat.

[–] Kalcifer@lemmy.world 59 points 1 year ago (5 children)

They're viewable on Lemmy too!

load more comments (5 replies)
[–] tuoret@sopuli.xyz 23 points 1 year ago (1 children)

Reddit added the same functionality some time ago, I'm a bit sad it's a thing here too but oh well. People seem to like it. My favourite thing about reddit was it being text-based though

load more comments (1 replies)
load more comments (7 replies)
load more comments (1 replies)
[–] nomadjoanne@lemmy.world 104 points 1 year ago* (last edited 1 year ago) (5 children)

Didn't swiftpad or whatever its called send every key pressed to Microsoft?

Not a China shill. China is horrible. Microsoft less so as they don't commit genocide in slow motion. But still, I think this sort of thing is more common than we think.

Use FOSS.

[–] dx1@lemmy.world 18 points 1 year ago (9 children)

What are the best FOSS options for Android keyboard apps? I've been struggling with this lately.

load more comments (9 replies)
load more comments (3 replies)
[–] Goodie@lemmy.world 97 points 1 year ago (6 children)

It's stories like this that don't surprise me as much as make me ask: How the fuck do you store and process this much data to get anything useful out of it.

[–] toofpic@lemmy.world 51 points 1 year ago (4 children)

You just save the first 50 digits typed after some email is typed, and you have all the passwords you need!

load more comments (4 replies)
[–] WarmSoda@lemm.ee 37 points 1 year ago (3 children)

I could be wrong, and this is a generalization of any country you can name, but my impression is data is stored on everyone so when they decide someday to look you up they already have all the data collected. It's not really processed until needed.

load more comments (3 replies)
load more comments (4 replies)
[–] 99nights@lemmy.world 65 points 1 year ago (8 children)

China being China, no surprise here.

load more comments (8 replies)
[–] thorbot@lemmy.world 61 points 1 year ago

Oh wow, who would have ever thought they'd do that? What a fucking surprise.

[–] punseye@lemmy.world 58 points 1 year ago (1 children)

As if other keyboard apps are any different, I don't think Microsoft bought SwiftKey just for fun?!

load more comments (1 replies)
[–] loudWaterEnjoyer@lemmy.dbzer0.com 57 points 1 year ago (1 children)
load more comments (1 replies)
[–] Diabolo96@lemmy.dbzer0.com 47 points 1 year ago (18 children)

The people here acting like their Gboard doesn't do the same is so funny.

[–] PaigePalisade@lemmy.blahaj.zone 86 points 1 year ago (1 children)

It probably doesn't though. Obviously it's closed source making it harder to tell what's actually happening, but there's nothing stopping security analysts from looking at network usage and such. I would imagine that Google doesn't install a keylogger on every Android phone, not out of the goodness of their hearts, but because they don't want the bad publicity and lawsuits when it would inevitably be discovered.

[–] vox@sopuli.xyz 36 points 1 year ago* (last edited 1 year ago) (1 children)

they do collect usage stats by default though.
which include typed sentences passed through their ai model and words usage counts.
it can all be turned off and gboard seems to respect these. it doesn't access online services unless requested with these options off.

load more comments (1 replies)
[–] GenderNeutralBro@lemmy.sdf.org 40 points 1 year ago (3 children)

If you have any evidence that it does, it would be big news. Please share.

load more comments (3 replies)
[–] SnowdenHeroOfOurTime@unilem.org 24 points 1 year ago (34 children)

I'm going to guess you're one of the people who defends tiktok and compares it to every other social media app by saying the US government is basically the same as the Chinese government

load more comments (34 replies)
load more comments (15 replies)
[–] kicksystem@lemmy.world 43 points 1 year ago

I don't get it? Why are they talking in the article about not using the right type of encryption. The problem isn't the encryption, but the fact that it is sending your keystrokes to the mothership, right?

[–] CoolBeance@lemmy.world 39 points 1 year ago (3 children)

I feel like there should be a Lemmy version of everything now

[–] TeddE@lemmy.world 24 points 1 year ago

I recommend free and open source software for everyone. Everything on this list is curated to feature the best alternatives to common proprietary software (according to Linux Cafe):

https://gitlab.com/linuxcafefederation/awesome-alternatives/-/blob/master/README.md

This list is good free, open source (FOSS) Android keyboards:

https://github.com/offa/android-foss#-keyboard

I think the best two are Simple Keyboard and AnySoftKeyboard. Simple Keyboard is pleasant to use, but is missing a several advanced features. ASK would be perfect if the swipe typing worked (it's currently listed as beta, and is mostly actuate, but unfortunately when it does make a mistake fixing it is almost painful).

Finally, try to get comfortable going to alternativeto.net when you get frustrated with software. Worst case scenario you get frustrated with different software for a bit and switch back. Of course it notes the price and license model for each alternative.

load more comments (2 replies)
[–] shashi154263@lemmy.world 36 points 1 year ago* (last edited 1 year ago)

It's not a bug, it's a feature.

[–] ObamaBinLaden@lemmy.world 33 points 1 year ago (22 children)

And gboard or SwiftKey don't?

[–] Steeve@lemmy.ca 24 points 1 year ago* (last edited 1 year ago) (5 children)

Every single time something sketchy is happening in Chinese tech a Lemmy user will slide the conversation and accusations to American tech. It's a rule.

load more comments (5 replies)
load more comments (21 replies)
[–] sugarfree@lemmy.world 30 points 1 year ago (2 children)

These findings underscore the importance for software developers in China to use well-supported encryption implementations such as TLS instead of attempting to custom design their own.

lol.

load more comments (2 replies)
[–] herrwoland@lemmy.world 29 points 1 year ago (1 children)

In a surprise to absolutely nobody, China spies on their people.

load more comments (1 replies)
[–] thecam@lemmy.world 28 points 1 year ago (1 children)

Never use a closed source keyboard app. It can read what you send for messages, websites you go to, search engine queries.

load more comments (1 replies)
[–] s20@lemmy.ml 28 points 1 year ago* (last edited 1 year ago)

And the Platinum Award for Least Surprising News Headline goes to...

[–] reflex@kbin.social 24 points 1 year ago* (last edited 1 year ago)

Jeremy Clarkson:
"The Chinese are very good at this sort of thing."

[–] crisq@lemmy.world 18 points 1 year ago (3 children)

In fact it's hard to find open source Chinese input methods that work well enough, the only ones I know of are Trime and Fcitx5_for_android.

load more comments (3 replies)
load more comments
view more: next ›