In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
Every single time something sketchy is happening in Chinese tech a Lemmy user will slide the conversation and accusations to American tech. It’s a rule.
Is not about American/Chinese government, is about privacy. ANY company or government storing your data can be extremely problematic in the future.
Yeah the Sogou Keyboard send data to Tencent, the same thing happens or could happens with others proprietary keyboards in the future. How about trying a FOSS one?
There is also a differece between invading your privacy and compromising your security. Both are bad, but one is much worse at least in my view. Keylogging and then sending those keystrokes back to base with a dodgey custom rolled encryption framework is not just a breach of privacy.
On all social media, that seems to happen and it makes me sick.
People not knowing how scary the Chinese government is speaks volumes about the future of other countries. We had all the opportunity to see it happen and avoid it and these morons dismiss the truth and whatabout every damned thing
Well, we have actual evidence here of dodgy shit happening, but what about this other thing I assume is also happening based on absolutely nothing? See, both just as bad!
Any data you submit to Google is stored and analysed. That’s different from sending keystrokes as they happen though.
I’m all for criticising invasive data use and collection which Google is definitely guilty of. It’s not the same as keylogging though which is not just a privacy concern but a pretty serious security one as well. Also we have actual evidence here of Tencent doing this which makes a difference to me at least.
While GBoard is closed source, they have documented that they use federated learning. Meaning their model is generated on-device and only the inferences are sent to Google.
The fork even has support for swipe, autocorrect, word prediction, clipboard management, etc, and is way more lightweight than Gboard and the rest. Zero reason to use anything else at the moment.
What’s the fork? I’ve been using Florisboard beta (ehich is also opensource) and pretty happy with it. The only things I miss is swipe for dictionary words
https://github.com/Helium314/openboard
Important to note that you need to install a library from inside the app’s settings to enable swipe typing. Ctrl+F “enable gesture typing” on the Github page to see where to get it.
No, it’s the fork I’ve linked. You got it from here, yes? Also, the option only appears after you successfully load a library by going to Advanced > Load gesture typing library. Since you said you’d already loaded it I didn’t mention that. You might’ve loaded the incorrect file or something.
Of course. My “problem” is that I need to write in 3 languages at the same time and switching languages manually in Open board is a bit cumbersome, while in GBoard it happens automatically.
It’s not called the ‘Tiananmen Square’ by the Chinese - that’s just the name of the place. Either 六四屠殺 (June 4 massacre) or 六四鎮壓 (June 4 crackdown) would be more likely. And yes, expect loads of downvoting on Lemmy if you’re ever critical of China.
And gboard or SwiftKey don’t?
Every single time something sketchy is happening in Chinese tech a Lemmy user will slide the conversation and accusations to American tech. It’s a rule.
Is not about American/Chinese government, is about privacy. ANY company or government storing your data can be extremely problematic in the future.
Yeah the Sogou Keyboard send data to Tencent, the same thing happens or could happens with others proprietary keyboards in the future. How about trying a FOSS one?
It’s absolutely about the American/Chinese government, I don’t see comments forum sliding into Chinese tech on every post about Google.
But no, swift and gboard don’t send your data to the American government.
There’s also a dangerous misconception around here that FOSS == privacy safe. It doesn’t.
There is also a differece between invading your privacy and compromising your security. Both are bad, but one is much worse at least in my view. Keylogging and then sending those keystrokes back to base with a dodgey custom rolled encryption framework is not just a breach of privacy.
On all social media, that seems to happen and it makes me sick.
People not knowing how scary the Chinese government is speaks volumes about the future of other countries. We had all the opportunity to see it happen and avoid it and these morons dismiss the truth and whatabout every damned thing
Well, we have actual evidence here of dodgy shit happening, but what about this other thing I assume is also happening based on absolutely nothing? See, both just as bad!
Gboard doesn’t at least. It does send some stuff but not keystrokes
It sends whole words instead!
Any data you submit to Google is stored and analysed. That’s different from sending keystrokes as they happen though.
I’m all for criticising invasive data use and collection which Google is definitely guilty of. It’s not the same as keylogging though which is not just a privacy concern but a pretty serious security one as well. Also we have actual evidence here of Tencent doing this which makes a difference to me at least.
I’m not sure if that’s true. You know, it’s Google. Every keystroke in your gmail email is analysed, so can’t imagine gboard is any different to them.
We can’t know for sure if they’re not open source
While GBoard is closed source, they have documented that they use federated learning. Meaning their model is generated on-device and only the inferences are sent to Google.
That being said, I use OpenBoard.
Plus it also has the feature where you can drag on the space bar to move the letterhead!
They don’t.
I prefer OpenBoard, it doesn’t send keystrokes to any server
The fork even has support for swipe, autocorrect, word prediction, clipboard management, etc, and is way more lightweight than Gboard and the rest. Zero reason to use anything else at the moment.
What’s the fork? I’ve been using Florisboard beta (ehich is also opensource) and pretty happy with it. The only things I miss is swipe for dictionary words
https://github.com/Helium314/openboard
Important to note that you need to install a library from inside the app’s settings to enable swipe typing. Ctrl+F “enable gesture typing” on the Github page to see where to get it.
I loaded the library but couldn’t see a toggle to turn it on.
Uhhh it’s pretty blatant.
OpenBoard Settings > Gesture Typing > Enable Gesture Typing
Is this a different fork
No, it’s the fork I’ve linked. You got it from here, yes? Also, the option only appears after you successfully load a library by going to Advanced > Load gesture typing library. Since you said you’d already loaded it I didn’t mention that. You might’ve loaded the incorrect file or something.
Not if you block internet connection at system level. I think it can be done if GBoard in installed as an user app, not as a system one.
Might as well just use Open Board.
Of course. My “problem” is that I need to write in 3 languages at the same time and switching languages manually in Open board is a bit cumbersome, while in GBoard it happens automatically.
Removed by mod
This “they’re all bad” shit aimed at the Chinese government makes me so sad. How many of you dullards have even heard of Tienanmen square
The downvotes tell me some people need to Google Tienanmen square. From outside China. Inside china, it didn’t happen. Erases from history
It’s not called the ‘Tiananmen Square’ by the Chinese - that’s just the name of the place. Either 六四屠殺 (June 4 massacre) or 六四鎮壓 (June 4 crackdown) would be more likely. And yes, expect loads of downvoting on Lemmy if you’re ever critical of China.