In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
The timeline feature on Windows that shows your info across devices when your account is signed in, contains websites, apps and services. They say you can see it for 30 days, but I doubt they delete it after, even if they say they do. They probably at minimum process the meta-data.
I don’t see why c/technology scream about privacy violations every other post, and then suddenly turn forgetful when geopolitics comes into play. I used to watch ‘exposés about China’ and anti-sjw stuff on youtube back in 2015 too - and then just as I stopped watching them, they became an ‘official geopolitical enemy’. The last decade has been a ride.
Because all the sinophobe tech bros have migrated to Lemmy and don’t actually understand the shit they’re talking about. They think the tech THEY use is super cool and want to keep using it, and also think China is scary and an imminent threat to them sitting in their gamer chair surrounded by doritos.
Or maybe, just maybe, people have been packet sniffing Microsoft’s shit for ages and haven’t found them to be doing things quite as egregiously. Go ahead, you can look this shit up.
Most of the spying features in Windows are able to be explicitly disabled through options Microsoft publishes themselves. It’s Group Policy, only available on Pro licenses, but anyone concerned about privacy should be on that anyway or spoofing their license using again, Microsoft published techniques (KMS). There’s also often registry keys to toggle it as well, but they tend to not be as reliable and change over updates.
There are also tons of ways to strip out entire components of Windows from the install media before installation, and also after it has been installed. Can’t collect telemetry “X” if the telemetry “X” service isn’t there.
Lastly, host file allows blocking network traffic to specific endpoints, and the very few times Microsoft has bypassed that it has made news. You can just block Microsoft’s entire IP block through host if you’re really paranoid.
Beyond that, I’ve seen plenty of people concerned about the US’s data collection. It’s just not always spoken about as a US thing but more as a general tech thing, likely because internet discussion is still very US centric outside the great firewall and most big tech in the English speaking world comes from the US. So i think the US connection often just goes without saying.
I’ll give you this: framing much of this as related to any nation state instead of just all tech’s hoovering up of data is disingenuous.
Also, if your threat model truly needs to be concerned about any nation state actors specifically then you’re probably already fucked.
The timeline feature on Windows that shows your info across devices when your account is signed in, contains websites, apps and services. They say you can see it for 30 days, but I doubt they delete it after, even if they say they do. They probably at minimum process the meta-data.
I don’t see why c/technology scream about privacy violations every other post, and then suddenly turn forgetful when geopolitics comes into play. I used to watch ‘exposés about China’ and anti-sjw stuff on youtube back in 2015 too - and then just as I stopped watching them, they became an ‘official geopolitical enemy’. The last decade has been a ride.
Because all the sinophobe tech bros have migrated to Lemmy and don’t actually understand the shit they’re talking about. They think the tech THEY use is super cool and want to keep using it, and also think China is scary and an imminent threat to them sitting in their gamer chair surrounded by doritos.
Or maybe, just maybe, people have been packet sniffing Microsoft’s shit for ages and haven’t found them to be doing things quite as egregiously. Go ahead, you can look this shit up.
Most of the spying features in Windows are able to be explicitly disabled through options Microsoft publishes themselves. It’s Group Policy, only available on Pro licenses, but anyone concerned about privacy should be on that anyway or spoofing their license using again, Microsoft published techniques (KMS). There’s also often registry keys to toggle it as well, but they tend to not be as reliable and change over updates.
There are also tons of ways to strip out entire components of Windows from the install media before installation, and also after it has been installed. Can’t collect telemetry “X” if the telemetry “X” service isn’t there.
Lastly, host file allows blocking network traffic to specific endpoints, and the very few times Microsoft has bypassed that it has made news. You can just block Microsoft’s entire IP block through host if you’re really paranoid.
Beyond that, I’ve seen plenty of people concerned about the US’s data collection. It’s just not always spoken about as a US thing but more as a general tech thing, likely because internet discussion is still very US centric outside the great firewall and most big tech in the English speaking world comes from the US. So i think the US connection often just goes without saying.
I’ll give you this: framing much of this as related to any nation state instead of just all tech’s hoovering up of data is disingenuous.
Also, if your threat model truly needs to be concerned about any nation state actors specifically then you’re probably already fucked.