Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
I live in China and this software is cancerous not just in the encryption failure, it also nestles into a computer like a trojan. Creates 2 fallback installations and will reinstall itself after removal if you reboot in between, unless you get rid of all 3 installations at once, where they are deliberately trying to obfuscate the uninstall button (triple confirmation, swapping the confirm/cancel buttons and button background colors, etc.).
It’s a nasty piece of crap that come preloaded on any phone (android, at least) and Windows-PC here.
It’s time to switch to Linux!
I mean the CCP is aiming to have people use Kylin? If the government and the entire populace starts using Linux instead we’ll just see the same BS on Linux instead. It’s not an OS/platform issue, but an issue of bad actors.
deleted by creator
Don’t worry, there is also a Linux version.
Oof
Then they’ll install the Linux version. People here are so indoctrinated, they like it.
Didn’t swiftpad or whatever its called send every key pressed to Microsoft?
Not a China shill. China is horrible. Microsoft less so as they don’t commit genocide in slow motion. But still, I think this sort of thing is more common than we think.
Use FOSS.
I agree with the “Use FOSS” part, but I can’t help but notice a double standard thats often taken when these kinds of stories pop up. How come whenever a Chinese compant does something like this, China is always at fault? Why is it never America’s fault when something like this happens with an American company or product?
I wanted to ask if you were born yesterday but I’ll try to be more educative than sassy.
All companies in China exist purely with the blessing of the political party. No approval, no company. Everything is done by their books.
Unexamined racism. “Collectivist asians” and denying Asian individuality is very normal in the US/Europe. Malcolm Gladwell can write a book saying Koreans are culturally incapable of flying an airplane and it’s fine. When Asians have human emotions it’s normal to turn it into some special exoticized thing like “saving face”. White people are individuals, Asians are a horde, nothing in Anglo culture prepares or encourages people to think about Chinese people as a billion individuals wandering around doing stuff for the same reasons you do. They’re a singular alien unit, if you go to war with Japan it’s only natural to lock all the Japanese people in a camp. Basically every book and newspaper article you’ve ever read talks about them they’re all wired together like the Borg, unless you put a ton of effort into critical thinking there’s no reason to escape that assumption.
Except the Chinese government has way more control over their companies than the US government does. In fact, there has been an explicit push recently by the government to increase their control and ownership of companies. It’s also consistent with how most large states operate, especially ones with a history of trying to control ethnically Chinese people outside of their borders.
That isn’t to say that a ton of anti China sentiment isn’t racist; it’s just that one doesn’t need to be racist make such a prediction. It’s true that many people who hate China hate it for the wrong reasons, but that doesn’t mean there aren’t things to take issue with.
Sure but stereotypes are involved in what you think a state owned bank owning 1% of Tencent stock practically means, and what kind of hateful thing you imagine a government that operates on the willing cooperation of millions of people is going to do with it. You don’t need to be racist to hate China, but there are a lot more racists than people who studied Chinese corporate structure and came to a rational conclusion about it.
I don’t know what “willing cooperation” has to do with anything. The US government has the willing cooperation of millions and had the willing cooperation of a majority of Americans in the past. That doesn’t mean the US government didn’t do some of the worst shit ever during the peak of their popularity. It’s also not like consent isn’t manufactured in China.
If anything, it’s my belief in the similarities of the Chinese and US governments that makes me think they would do hateful things with their power. People in China are the same as people here. I don’t have a rose tinted view of people here either.
Think you mean SwiftKey which Microsoft just introduced bing AI into that you can’t turn off. I 100 percent assume they now use all your typing data to train their ai too. They won’t even let you use themes without logging in to an account so I again assume they also tie data to accounts.
What are the best FOSS options for Android keyboard apps? I’ve been struggling with this lately.
I use OpenBoard (it’s available on fDroid. Maybe the play store too).
I don’t know if it’s the best but I like it. If you type in multiple languages you do need to hit a “language switcher” key on the keyboard to switch to the autocorrect for that language. A very minor complaint. Otherwise it’s great.
And it will learn swear words. No more ducking ducks.
deleted by creator
It’s stories like this that don’t surprise me as much as make me ask: How the fuck do you store and process this much data to get anything useful out of it.
You just save the first 50 digits typed after some email is typed, and you have all the passwords you need!
This only applies if a username is a email
And if it is then what happens when people actually email someone? Autocorrect during login?
I don’t think they’re saying that method would yield 100% clean data but it would give you all the “necessary” data with the absolute bare minimum storage requirement. At some point people will log into their email and for most people if you have their email password you have the password they use for everything
Yep, I only reacted to a “new requirement”: save space :)
China being China, no surprise here.
Oh wow, who would have ever thought they’d do that? What a fucking surprise.
As if other keyboard apps are any different, I don’t think Microsoft bought SwiftKey just for fun?!
Really? Isn’t this kind of thing scandalous enough to tank companies?
It’s in their EULA read their terms of services
deleted by creator
I don’t get it? Why are they talking in the article about not using the right type of encryption. The problem isn’t the encryption, but the fact that it is sending your keystrokes to the mothership, right?
In a surprise to absolutely nobody, China spies on their people.
And everyone’s people
TIL this only happens in China
And gboard or SwiftKey don’t?
Gboard doesn’t at least. It does send some stuff but not keystrokes
It sends whole words instead!
Any data you submit to Google is stored and analysed. That’s different from sending keystrokes as they happen though.
I’m all for criticising invasive data use and collection which Google is definitely guilty of. It’s not the same as keylogging though which is not just a privacy concern but a pretty serious security one as well. Also we have actual evidence here of Tencent doing this which makes a difference to me at least.
We can’t know for sure if they’re not open source
Removed by mod
I feel like there should be a Lemmy version of everything now
I recommend free and open source software for everyone. Everything on this list is curated to feature the best alternatives to common proprietary software (according to Linux Cafe):
https://gitlab.com/linuxcafefederation/awesome-alternatives/-/blob/master/README.md
This list is good free, open source (FOSS) Android keyboards:
https://github.com/offa/android-foss#-keyboard
I think the best two are Simple Keyboard and AnySoftKeyboard. Simple Keyboard is pleasant to use, but is missing a several advanced features. ASK would be perfect if the swipe typing worked (it’s currently listed as beta, and is mostly actuate, but unfortunately when it does make a mistake fixing it is almost painful).
Finally, try to get comfortable going to alternativeto.net when you get frustrated with software. Worst case scenario you get frustrated with different software for a bit and switch back. Of course it notes the price and license model for each alternative.
ASK would be perfect if the swipe typing worked (it’s currently listed as beta, and is mostly actuate, but unfortunately when it does make a mistake fixing it is almost painful).
It crashes for me so often that I finally gave up using it.
Also there was a weird bug of where if you were working on a long document, towards the bottom of the document all of a sudden it will drag you all the way up to the top of the document, so then you had to scroll all the way back to where you were before, at the bottom of the document.
It’s not a bug, it’s a feature.
These findings underscore the importance for software developers in China to use well-supported encryption implementations such as TLS instead of attempting to custom design their own.
lol.
The writer out here acting like this wasn’t an intended feature lol
And this is the only point of the article. Idk what all these other comments are on about, but this article is outlining lack of standardized protocols that made the software vulnerable to network eavesdropping.
This doesn’t point to a big CCP conspiracy, it’s just bad design.
This is why I only use a tablet made from slate with chalk
Look at this rich guy wasting chalk on his slate tablet, while everyone else has to use sticks and wet their mud tablets to erase them.
You’ll probably have breathing issues in the future, with that approach.
And it’s why I only use electrodes attached to my head that reads my thoughts
Never use a closed source keyboard app. It can read what you send for messages, websites you go to, search engine queries.
Jeremy Clarkson:
“The Chinese are very good at this sort of thing.”
