the company states that it may share user information to "comply with applicable law, legal process, or government requests.
Literally every company’s privacy policy here in the US basically just says that too.
Not only does DeepSeek collect “text or audio input, prompt, uploaded files, feedback, chat history, or other content that [the user] provide[s] to our model and Services,” but it also collects information from your device, including “device model, operating system, keystroke patterns or rhythms, IP address, and system language.”
Breaking news, company with chatbot you send messages to uses and stores the messages you send, and also does what practically every other app does for demographic statistics gathering and optimizations.
Companies with AI models like Google, Meta, and OpenAI collect similar troves of information, but their privacy policies do not mention collecting keystrokes. There’s also the added issue that DeepSeek sends your user data straight to Chinese servers.
They didn’t use the word keystrokes, therefore they don’t collect them? Of course they collect keystrokes, how else would you type anything into these apps?
In DeepSeek’s privacy policy, there’s no mention of the security of its servers. There’s nothing about whether data is encrypted, either stored or in transmission, and zero information about safeguards to prevent unauthorized access.
This is the only thing that seems disturbing to me, compared to what we’d like to expect based on the context of what DeepSeek is. Of course, this was proven recently in practice to be terrible policy, so I assume they might shore up their defenses a bit.
All the articles that talk about this as if it’s some big revelation just boil down to “company does exactly what every other big tech company does in America, except in China”
Collecting keystrokes is very different from collecting text inputted into fields. Keystroke rhythms is even more alarming as that is often used to identify users despite them using privacy settings, or used to collect what’s typed via audio collection.
Your argument that this is no different than other apps is complete crap. Don’t trust any app that collects that information
Yes, not ALL other apps do that, but the comment was specifically talking about companies like Google and Meta… they definitely do collect incomplete strings from forms, down to individual characters when they display search suggestions, for example. They might not mention “keystrokes” in the legal text, but I don’t see why they wouldn’t be able to extrapolate your typing pattern since they do have the timing information which should be enough data to, at some level, profile it.
Keystrokes don’t have to be in a text field or input. That’s my point.
If I’m on say google. And I type anything into the field it’s definitely capturing it. You know this for no other reason then it would have to be with autocomplete as an option.
Keystroke capturing is the same as keylogging, aka anything typed even if it’s not into a place where you would assume it’s being seen by the app. Aka, if I had an app open in the background and was typing in my password, it would see and capture that.
They’re completely different things. While the privacy issues of US large tech companies are abundant and awful, there is a large difference between keystroke capturing and capturing input via fields. Especially when you’re agreeing to allow them to process and transfer or even sell that information.
But that’s not what the terms on both Google/Meta and Deepseek say.
Google/Meta has no obligation to restrict the data collection to forms, if the ToS allowd them to collect them from forms (and as you admited, we do know for a fact that they do), then there’s no reason it also does not allow them to collect them outside of forms (which we don’t, for a fact, know).
In the same way, Deepseek terms don’t say the logging happens for “anything typed” like you are assuming without evidence. For all we know the only place they might be capturing it is exclusively in very specific forms, or they might even only added that to the terms so that they can add suggestions in the future. You can only make assumptions, since the terms are not specific on exactly what’s being captured and in which way, it only says keystrokes in the case of Deepseek and even more generic (and thus allowing more possible vectors) in Google/Meta’s terms.
Literally every company’s privacy policy here in the US basically just says that too.
Breaking news, company with chatbot you send messages to uses and stores the messages you send, and also does what practically every other app does for demographic statistics gathering and optimizations.
They didn’t use the word keystrokes, therefore they don’t collect them? Of course they collect keystrokes, how else would you type anything into these apps?
This is the only thing that seems disturbing to me, compared to what we’d like to expect based on the context of what DeepSeek is. Of course, this was proven recently in practice to be terrible policy, so I assume they might shore up their defenses a bit.
All the articles that talk about this as if it’s some big revelation just boil down to “company does exactly what every other big tech company does in America, except in China”
Collecting keystrokes is very different from collecting text inputted into fields. Keystroke rhythms is even more alarming as that is often used to identify users despite them using privacy settings, or used to collect what’s typed via audio collection.
Your argument that this is no different than other apps is complete crap. Don’t trust any app that collects that information
The argument stands, though.
Yes, not ALL other apps do that, but the comment was specifically talking about companies like Google and Meta… they definitely do collect incomplete strings from forms, down to individual characters when they display search suggestions, for example. They might not mention “keystrokes” in the legal text, but I don’t see why they wouldn’t be able to extrapolate your typing pattern since they do have the timing information which should be enough data to, at some level, profile it.
Keystrokes don’t have to be in a text field or input. That’s my point.
If I’m on say google. And I type anything into the field it’s definitely capturing it. You know this for no other reason then it would have to be with autocomplete as an option.
Keystroke capturing is the same as keylogging, aka anything typed even if it’s not into a place where you would assume it’s being seen by the app. Aka, if I had an app open in the background and was typing in my password, it would see and capture that.
They’re completely different things. While the privacy issues of US large tech companies are abundant and awful, there is a large difference between keystroke capturing and capturing input via fields. Especially when you’re agreeing to allow them to process and transfer or even sell that information.
But that’s not what the terms on both Google/Meta and Deepseek say.
Google/Meta has no obligation to restrict the data collection to forms, if the ToS allowd them to collect them from forms (and as you admited, we do know for a fact that they do), then there’s no reason it also does not allow them to collect them outside of forms (which we don’t, for a fact, know).
In the same way, Deepseek terms don’t say the logging happens for “anything typed” like you are assuming without evidence. For all we know the only place they might be capturing it is exclusively in very specific forms, or they might even only added that to the terms so that they can add suggestions in the future. You can only make assumptions, since the terms are not specific on exactly what’s being captured and in which way, it only says keystrokes in the case of Deepseek and even more generic (and thus allowing more possible vectors) in Google/Meta’s terms.