Is anyone actually surprised by this?
Better for my data to be in China than in the US
No, this is just propaganda
It’s a chinese company, where else would they store the data?
Antarctica, clearly.
The balls.
I think its called a data lake, so they don’t “store” it, its rather floating around there 🤪
These lakes are formed when the cloud is saturated and gives us data precipitation.
the company states that it may share user information to "comply with applicable law, legal process, or government requests.
Literally every company’s privacy policy here in the US basically just says that too.
Not only does DeepSeek collect “text or audio input, prompt, uploaded files, feedback, chat history, or other content that [the user] provide[s] to our model and Services,” but it also collects information from your device, including “device model, operating system, keystroke patterns or rhythms, IP address, and system language.”
Breaking news, company with chatbot you send messages to uses and stores the messages you send, and also does what practically every other app does for demographic statistics gathering and optimizations.
Companies with AI models like Google, Meta, and OpenAI collect similar troves of information, but their privacy policies do not mention collecting keystrokes. There’s also the added issue that DeepSeek sends your user data straight to Chinese servers.
They didn’t use the word keystrokes, therefore they don’t collect them? Of course they collect keystrokes, how else would you type anything into these apps?
In DeepSeek’s privacy policy, there’s no mention of the security of its servers. There’s nothing about whether data is encrypted, either stored or in transmission, and zero information about safeguards to prevent unauthorized access.
This is the only thing that seems disturbing to me, compared to what we’d like to expect based on the context of what DeepSeek is. Of course, this was proven recently in practice to be terrible policy, so I assume they might shore up their defenses a bit.
All the articles that talk about this as if it’s some big revelation just boil down to “company does exactly what every other big tech company does in America, except in China”
Collecting keystrokes is very different from collecting text inputted into fields. Keystroke rhythms is even more alarming as that is often used to identify users despite them using privacy settings, or used to collect what’s typed via audio collection.
Your argument that this is no different than other apps is complete crap. Don’t trust any app that collects that information
The argument stands, though.
Yes, not ALL other apps do that, but the comment was specifically talking about companies like Google and Meta… they definitely do collect incomplete strings from forms, down to individual characters when they display search suggestions, for example. They might not mention “keystrokes” in the legal text, but I don’t see why they wouldn’t be able to extrapolate your typing pattern since they do have the timing information which should be enough data to, at some level, profile it.
Keystrokes don’t have to be in a text field or input. That’s my point.
If I’m on say google. And I type anything into the field it’s definitely capturing it. You know this for no other reason then it would have to be with autocomplete as an option.
Keystroke capturing is the same as keylogging, aka anything typed even if it’s not into a place where you would assume it’s being seen by the app. Aka, if I had an app open in the background and was typing in my password, it would see and capture that.
They’re completely different things. While the privacy issues of US large tech companies are abundant and awful, there is a large difference between keystroke capturing and capturing input via fields. Especially when you’re agreeing to allow them to process and transfer or even sell that information.
But that’s not what the terms on both Google/Meta and Deepseek say.
Google/Meta has no obligation to restrict the data collection to forms, if the ToS allowd them to collect them from forms (and as you admited, we do know for a fact that they do), then there’s no reason it also does not allow them to collect them outside of forms (which we don’t, for a fact, know).
In the same way, Deepseek terms don’t say the logging happens for “anything typed” like you are assuming without evidence. For all we know the only place they might be capturing it is exclusively in very specific forms, or they might even only added that to the terms so that they can add suggestions in the future. You can only make assumptions, since the terms are not specific on exactly what’s being captured and in which way, it only says keystrokes in the case of Deepseek and even more generic (and thus allowing more possible vectors) in Google/Meta’s terms.
Idk DeepSeek probably just stores things in the history of my Terminal window.
Did they become american company?
Well, at least models are downloadable.
Get it all you can, nvidia’s already lobbying to make them a security risk, competition is bad for business.
nvidia is one of the greediest companies rn
All public companies by definition have to be greedy it’s unfortunate but it’s how capitalism works.
nvidia takes that to a whole new level
Assuming that DeepSeek really is logging keystrokes (they provided no evidence: who were they quoting?), that is unfortunately not uncommon. As shown by their TikTok pearl clutching, corporate media regularly goes for maximalist cold war fearmongering.
maybe they harvest passwords on the side?
It doesn’t have access to all your keystrokes. An app can only harvest the keystrokes typed into it.
They are quoting DeepSeek’s privacy policy. They say this before and after the first quote, and also link the policy at the top of the article.
Let’s be honest, ChatGPT is also logging keystrokes.
Yes. I also like how the alarming take on it is not “People are typing their passwords / medical histories / employer’s source code into ChatGPT and from there it goes straight into the training data not only to be stored forever in the corpus, but also sometimes, to be extracted at a later date by any yahoo who knows the way to tease it back out from ChatGPT via the right carefully crafted prompting!”
But instead it is “When you type things, they can see what you type! The keystrokes!”
And they probably aren’t even doing that. More likely, it’s just bot prevention.
I wouldn’t be so sure. China is at the world’s forefront of automated techniques to be able to spy on and manipulate people through their own devices at massive scale. If they had some semi-workable technology to fingerprint individuals through their typing patterns, in conjunction with fingerprinting the devices they were using through other means, that would make perfect sense to me.
I don’t think it is especially a concern for Deepseek specifically, for reasons discussed elsewhere in the comments. That one particular aspect of the privacy issue is probably being overblown, when there are other adjacent privacy and security concerns that are a lot more pressing. Honestly, that one particular detail isn’t really proven simply because it’s in the privacy policy, and even if they are doing something like that, its inclusion or not in this particular privacy policy or this app isn’t the particularly notable part about it.
they are actually training on this data (potentially). Its a fact. Only if you use some kind of special corporate license then they will not train on the data. (and you need to trust them on that)
(they provided no evidence: who were they quoting?)
https://platform.deepseek.com/downloads/DeepSeek Privacy Policy.html
Ctrl-F “rhythm”
I’ve noticed that this “there is no proof!” or “where’s the evidence?” all of a sudden has become popular. You have people saying it even when they’re talking about a very specific statement of a fact that’s very specifically and easily verifiable.
that is unfortunately not uncommon
Completely true. A lot of web sites monitor everything you do on them, and can play it back for anyone who’s curious about optimizing the UX or for any other less innocent reason. Generally I think there’s not much specific in their privacy policy about it when they do. It’s not surprising that this one is also doing that, accompanied by really a pretty minor line in their privacy policy to go along with it, I completely agree with you here.
As shown by their TikTok pearl clutching, corporate media regularly goes for maximalist cold war fearmongering.
Personally, I wish the corporate media would pearl-clutch a little bit more about how explicitly malicious to our interests our computing devices have become. “Everyone does it, so it’s not a big deal after all” is a common take to have, but it’s the exact opposite of the one that I personally have on it.
Everyone does it, so it’s not a big deal after all
…and I think that’s you completely misreading what people are saying.
We’re saying that it’s bunk for the corporate media to portray it as this dangerous thing when they refuse to report similarly on US companies doing the same with the same ferocity.
I think most people agree with you, that our privacy protections are fucking abysmal and no company should be being allowed to do this stuff. Hell, that’s like the entire thrust of Ed Zitron’s entire fucking blog: that none of these companies should get away with this.
It’s like when Facebook got fined a paltry sum for being caught lying about their video metrics and literally putting businesses like CollegeHumor out of business because they “pivoted to facebook video” to grab those high metrics… which never materialized because Facebook was ratfucking lying to people. They should have been shut down and put out of business for that, not fined less than they made ripping off people.
People are sick of the companies here getting a pass, and the media gives them a pass. It’s more that you can’t make freaked out headlines like this about TikTok and DeepSeek and not understand that everyone is rolling their fucking eyes because we’re all like “it’s no worse than what US companies already do to us.” That doesn’t mean we like it or are okay with it. It means we’re rolling our eyes are a fucking insipid news media that’s obviously lying to us for the sake of private American companies profit, not because they care about rightfully informing American citizentry about what is happening.
All of us fucking hate it, but what the fuck do you expect us as individuals to do about it? Folks like me have been voting Blue for 25 fucking years with fuck-all to show for it on issues like these. So why’s it our job to explain that we don’t support it, we just think it’s dumb as fuck when a foreign company is doing the same thing and now suddenly that’s evil, but our guys doing it is somehow fine. What we have issue with is the hypocrisy.
Dude, why is this guy getting so upset about the suggestion that people should be alarmed both by TikTok and also by the malicious behavior of all the other social media companies? And that the media should report more on it? Why is he yelling so much at me for making what I thought was that fairly reasonable suggestion?
Folks like me have been voting Blue for 25 fucking years
Oh. Um… what? What does that… okay.
I literally explained it pretty clearly.
At this point its clear you want to misunderstand.
Interesting that you took a few paragraphs with a handful of explitives thrown in as “yelling.”
“Everyone does it, so it’s not a big deal after all” is a common take to have, but it’s the exact opposite of the one that I personally have on it.
That’s not my take, and I agree with you.
Well, you did say it was “pearl clutching” and “fearmongering.” My point is, they should be clutching pearls, and fear should be mongered. Arguably, at all the social media companies including TikTok.
I actually do agree that TikTok is worse, but it’s hardly the point. We can be alarmed about all of them, especially since the US ones are now in the hands of an overtly evil tyrannical government instead of merely the sociopathic profit-minded corporatocracy they were in before.
You’re literally talking to people in a privacy forum hosted outside of corporate social media… and you think people don’t agree with you. We wouldn’t fucking be here if we weren’t already on the same page about such issues.
That’s on you, dude.
I’m talking to someone in a privacy forum hosted outside of corporate social media who described reports about privacy violations committed by a privacy-invasive social media app as pearl-clutching and fearmongering.
I’m not sure what your deal is, here, but I’m not into it. I feel like what I said was pretty straightforward and you’re determined to gin up some kind of disagreement, where I’m supposed to say that corporate media’s reporting on privacy isn’t bad, or something.
Privacy good, corporate privacy invasion bad. Corporate media underreporting of privacy violations bad. Hopefully that makes sense, and we can agree on it. I’m not into whatever argument you’re attempting to create about it.
Privacy good, corporate privacy invasion bad. Corporate media underreporting of privacy violations bad.
We never had an argument other than you keep positing that people don’t agree with this while they’re busy explaining to you that yes, they actually do, and you keep choosing to ignore that. “Corporate media underreporting of privacy violations bad” is literally what I spent several paragraphs explaining that you took as “yelling” and “disagreement.”
…but keep on arguing with people who actually agree with you and telling yourself they don’t.
or maybe just learn to fucking read.
Got it. Yeah, fair enough. What I was aiming to do, more or less, was ask for clarification, but I definitely see how it could come across as me trying to continue the argument when he was saying that he already agreed with me. I think you hopping into it with a big italic and bold wall of text on the thing that apparently all three of us already agree on only confused the issue further.
Anyway, sounds like we’re all on the same page. Cool.
https://platform.deepseek.com/downloads/DeepSeek Privacy Policy.html
Ctrl-F “rhythm”
I assumed that they couldn’t have gotten that from the privacy policy itself, because I’d never seen one be so explicit.
Boo!
Anyone using DeepSeek as a service the same way proprietary LLMs like ChatGPT are used is missing the point. The game-changer isn’t that the Chinese company DeepSeek can compete with OpenAI and its ilk as an AI service provider—it’s that now any organization with a few million dollars to train and host their own model can compete with OpenAI.
Or open source groups can make a fully open repro of it: https://github.com/huggingface/open-r1
On-prem vs. Cloud, basically. On-prem just magically got cheaper.
Onprem has always been cheaper. Cloud compute was the most successful marketing campaign I can think of.
I’d like to look into that, how can I train an existing model further?
I’m only playing around with ollama, but like to do a bit more - mostly just to fulfill my needs to understand things - but have no idea where to start
You’re going to have to learn python.
Here’s a good overview: https://huggingface.co/docs/transformers/training
Python is not a problem
SW Dev is my job. Just never had real contact with AI before, besides playing around a bit.Thank you very much for the link!!
Edit: thank you very much again, that was pretty much exactly what I was looking for.
Don’t know how I missed to checkout huggingface. Thought of it always just as a github for models and didn’t bother checking for docs…
But that’s a great intro with simple tools/tutorials to get a grip on it, thanks!
DeepSeek’s privacy policy raises concerns about a U.S. foreign adversary’s ability to access U.S. user data. Users are familiar with the massive amounts of data U.S. tech companies collect, but China’s cybersecurity laws make it much easier for the government to demand data from its tech companies. Additionally, DeepSeek users have reported instances of censorship, when it comes to criticizing the Chinese government or asking about Tiananmen Square.
Users have been shown that both governments are untrustworthy so what the fuck are we supposed to do?
Am I supposed to not read this article as panic? I know this is Mashable but the media overall is no longer unbiased and now there’s gonna be more gremlins to watch for in pro-US corpo AI propaganda and media ownership having stakes in AI.
Well, only one of those governments can actually do anything to me. Hint: it’s the one I live under
You think other governments can’t reach you? Did you miss the whole “election interference” thing? Have you never heard of propaganda?
Okay, but they can’t literally bust down my door and kill me.
No, but they can manipulate the public’s perception of political reality to the point that someone gets elected who will bust your door down and kill you, because a bunch of people who don’t have time to make figuring out the news into a part-time job decided that that person would be able to make eggs cheaper and the other guy’s son was really into hookers or something, and also he was old and wasn’t “fixing the border.”
Just as a random example.
(To be clear, I don’t have any reason to think specifically that TikTok or China was involved in getting Trump elected. I’m just saying that allowing any adversary, whether that’s China or that’s the GOP’s social media psyop department, to have control over American’s social media landscape, will absolutely have an impact on you personally, and already has.)
Okay but now we aren’t really talking about privacy anymore, are we? We’re talking about the monopolization of social media by a few corporations as we’re siloed into platforms. Bad, for sure, but a different problem.
The election interference is coming from inside the house and privacy is only tangentially related to a larger problem.
I’ll continue to be more worried that my DMs will be used to put me in prison.
No, not legally anyway.
Damn, lemme tell the see see pee Jimmy Bob in Missisota caught on. Time to call off the wushu assassins.
Get the fuck over yourselves lmao
China is not illegally busting down US residents’ doors and killing them lol
They all do this…
Don’t use hosted models unless you pay for your own server space and it is encrypted.
Don’t be a fucking idiot.
They all store data on Chinese servers?
🤡
Unironically quite a lot of them probably do because it’s probably cheap and they have a fiduciary duty to the shareholders to gEt ThE bEsT dEaL!
you gotta think deep before you deep seek!
No I’m not surprised at all. This is necessary for any kind of auto save and auto complete. Not happy about my shit being stored in China, but “collects every keystroke” isn’t really news anymore.
If you’re worried about this kind of behavior, don’t use any website with auto save or auto complete, period.
US and the west: … Spying is not acceptable! … except if our companies are doing it
Bootlickers downvoting
When my daddy abuses me that’s love 🤡
