DeepSeek collects keystroke data and more, storing it in Chinese servers
You might want to learn about DeepSeek's privacy policy before you sign up.
Is anyone actually surprised by this?
No, this is just propaganda
This make the news only because it's going to chinese servers. Didn't see anything like that about ChatGPT or the one made by Google.
as opposed to OpenAI which also stores keystrokes and then sells them to anyone who'd pay?
This is Whataboutism and you are clearly a Wumao agent sent here to destroy democracy.
I don't need to... Muricans took care of destroying democracy all on their own
We were doing a perfectly adequate job of that on our own
When I read DeepSeek's privacy policy, I was creeped out by the invasiveness of the keystrokes thing. Then I realised that ChatGPT is just as creepy, but less upfront about it, and DeepSeek's relative transparencyn caused me to see them in a more favourable light
Like every app you have doesn't collect keystrokes data?
right?
CHINESE APP COLLECTS YOUR THOUGHTS AND SAVES THEM
Yes, that is how these generative AI imementations work.
They should store the data in US servers like OpenAI does. Apparently then Mashable won't write an article about it.
The criticism thrown at DeepSeek in the past days is just as applicable to American AI models. But when that was brought up it in the past it was "making things political".
At least I can run DeepSeek locally.
We are now at a time where US blocks China services in order to protect its companies
Just like many US services are banned in China in Order to protect their companies
So, I hope no surprise..
———
Its or their for countries?
I feel like their is more common. I do deliberately say its for companies because companies aren't people and don't deserve people pronouns. Countries seem more like a collection of people, so I use their.
If someone knows more about grammar feel free to correct me.
This article is what US propaganda looks like folks. Mashable should be ashamed.
Literally all AI companies do this to run their services. Except you can actually download Deepseek and run it completely securely on your own devices. You know who doesn't allow that security? OpenAI and the other US companies currently being screwed.
every google site has been doing this for years too. every comment we write in youtube and discard before posting, its being recorded. this isnt news at all.
Oh my, just wait until you learn what Facebook and Google do...
Unrelated but yesterday I saw a post where the person was mocking those concerned by the chinese getting their data, saying things like "why would they care" and some people sarcastically saying they wouldn't understand the data because "it was in another language". Were those people right or not?
i don't know but there are some Chinese apps that translates instantly like everything in every language
the company states that it may share user information to "comply with applicable law, legal process, or government requests.
Literally every company's privacy policy here in the US basically just says that too.
Not only does DeepSeek collect "text or audio input, prompt, uploaded files, feedback, chat history, or other content that [the user] provide[s] to our model and Services," but it also collects information from your device, including "device model, operating system, keystroke patterns or rhythms, IP address, and system language."
Breaking news, company with chatbot you send messages to uses and stores the messages you send, and also does what practically every other app does for demographic statistics gathering and optimizations.
Companies with AI models like Google, Meta, and OpenAI collect similar troves of information, but their privacy policies do not mention collecting keystrokes. There's also the added issue that DeepSeek sends your user data straight to Chinese servers.
They didn't use the word keystrokes, therefore they don't collect them? Of course they collect keystrokes, how else would you type anything into these apps?
In DeepSeek's privacy policy, there's no mention of the security of its servers. There's nothing about whether data is encrypted, either stored or in transmission, and zero information about safeguards to prevent unauthorized access.
This is the only thing that seems disturbing to me, compared to what we'd like to expect based on the context of what DeepSeek is. Of course, this was proven recently in practice to be terrible policy, so I assume they might shore up their defenses a bit.
All the articles that talk about this as if it's some big revelation just boil down to "company does exactly what every other big tech company does in America, except in China"
Collecting keystrokes is very different from collecting text inputted into fields. Keystroke rhythms is even more alarming as that is often used to identify users despite them using privacy settings, or used to collect what’s typed via audio collection.
Your argument that this is no different than other apps is complete crap. Don’t trust any app that collects that information
The argument stands, though.
Yes, not ALL other apps do that, but the comment was specifically talking about companies like Google and Meta... they definitely do collect incomplete strings from search forms (down to individual characters) when they display search suggestions, for example. They might not mention "keystrokes" in the legal text, but I don't see why they wouldn't be able to extrapolate your typing pattern since they do have the timing information which should be enough data to, at some level, profile it.
Yes, I’m going to be lectured on privacy by people who are still on twitter.
Just host it yourself?
Building my entire data model around the Tienanmen Square copypasta. I can run this thing on a Raspberry Pi plugged into a particularly starchy potato and it reliably returns the only answer I've thought to ask it.
By extension, anything that's not self hosted means 3rd party actors snooping. American, Chinese, whoever happens to operate that machine.
The Chinese now have data on my Linux vm and my curiosity about sweet potato and sweet potato recipe. They’re coming for me now!
Did they become american company?
Well, at least models are downloadable.
Get it all you can, nvidia's already lobbying to make them a security risk, competition is bad for business.
"We store the information we collect in secure servers located in the People's Republic of China"
Now you Americans know how we Europeans feel when Google, Amazon and Facebook store our information on American servers. Hint: The protective wall between Chinese servers and their government are about as good as the one between American servers and their government - at least for non-US citizens. The last thin veil of privacy for Eurpeans has been ripped to shreds by Trump last week.
The last thin veil of privacy for Eurpeans has been ripped to shreds by Trump last week.
What did he do? I know Trump does not like the GDPR, but did he sign something affecting it last week?
I'm confused. Isn't "collecting keystroke data" just an alarmist way to describe text entry?
Maybe. They could also be doing things like paying attention to input cadence and typos/pre-send typo corrections to use as part of a fingerprint associated with the identifying information a user gives them when creating an account so that they can then attempt to detect the user elsewhere on the web whether they are using an identifying account or not.
Not exactly. Timing between key presses can be used to identify people.
I am literally so paranoid I regularly vary my keysteoke rhythms and explore polyrhytmic techniques to create variations. Not even joking.
Not usually. Keystroke info is different than text input, like if you didn’t click onto any field and typed it would only be captured if keystroke are all being grabbed. It’s especially scary if you keep the app running in the bg and then type something and it still captures it. Not saying they’re doing that, but the privacy policy says they might.
The rhythm part is annoying, it’s commonly used to ID people even through things like ad blocks and dns blocks. Could also (in theory) be used to capture what people are typing just by hearing how they type.
this. i mean, the session logs for the prompt are kept at least for your user, right?
Yes.
Yeah, uh... If you think that American companies aren't doing this same thing and handing your data over to the government without a warrant among other bad uses, I have some bad news for you. This is pretty much par for the course, and I'm pretty sure that we're witnessing a well financed negative media blitz happening to try and keep OpenAI from getting all of its spaghetti spilled. Watch for the government to try and ban deepseek for "national security" reasons soon.
Not gonna happen. Someone in China gave to Trump's inauguration fund, so nothing's getting banned.
Chinese company uses servers located in China. More news at 11.
Chinese company does what American companies have done for 25+ years now!
Is it time for REAL data privacy laws or are we just gonna keep playing whack-a-mole with Chinese tech companies that get us nowhere?
Our data's just too valuable for these parasites. Data privacy laws may eventually pass to compel software companies to store everything in US servers only.
Excellent Point. If that's the case though, then wouldn't other countries follow suit which still limits big tech's reach and makes them less profitable and less powerful? Idk. Guess we'll see how it plays out. Either way, I'm staying as far from those ecosystems as possible to at least try to mitigate some of what they do. I'll never be totally successful, genie is put of the bottle, but we can at least attempt.
I swear people do not understand how the internet works.
Anything you use on a remote server is going to be seen to some degree. They may or may not keep track of you, but you can't be surprised if they are. If you run the model locally, there is no indication it is sending anything anywhere. It runs using the same open source LLM tools that run all the other models you can run locally.
This is very much like someone doing surprised pikachu when they find out that facebook saves all the photos they upload to facebook or that gmail can read your email.
The telephone company knows your phone number!
So I won't use this for the same reason I don't use any AI? Cool
Idk DeepSeek probably just stores things in the history of my Terminal window.
Any ChatAI logs your keystrokes and your inputs to work and update their LLM. The PP and TOS is the same and even better as those from the US competitors. DeepSeek is OpenSource
Anyway I prefer Andisearch and its PP, the best of all these big tech AIs.
Is Deepseek Open Source?
Hugging Face researchers are trying to build a more open version of DeepSeek’s AI ‘reasoning’ model
Hugging Face head of research Leandro von Werra and several company engineers have launched Open-R1, a project that seeks to build a duplicate of R1 and open source all of its components, including the data used to train it.
The engineers said they were compelled to act by DeepSeek’s “black box” release philosophy. Technically, R1 is “open” in that the model is permissively licensed, which means it can be deployed largely without restrictions. However, R1 isn’t “open source” by the widely accepted definition because some of the tools used to build it are shrouded in mystery. Like many high-flying AI companies, DeepSeek is loathe to reveal its secret sauce.
When will Hugging Face replace BLOOM's anti-libre software license?
Yes? Is it a surprise that a Chinese company stores it's data on a Chinese server?
I trust DeepSeek Open Source if it allows me to copy and review it. I don't trust OpenAI like ChatGPT.
Is Deepseek Open Source?
Hugging Face researchers are trying to build a more open version of DeepSeek’s AI ‘reasoning’ model
Hugging Face head of research Leandro von Werra and several company engineers have launched Open-R1, a project that seeks to build a duplicate of R1 and open source all of its components, including the data used to train it.
The engineers said they were compelled to act by DeepSeek’s “black box” release philosophy. Technically, R1 is “open” in that the model is permissively licensed, which means it can be deployed largely without restrictions. However, R1 isn’t “open source” by the widely accepted definition because some of the tools used to build it are shrouded in mystery. Like many high-flying AI companies, DeepSeek is loathe to reveal its secret sauce.
haha, now do openai
Oh yeah and ChatGPT doesn’t
DeepSeek does the same things that OpenAI does, but it's a foreign actor so OOooooOOWwwwooOOOO sCaRrRey!
Wait until they hear what data Instagram/Meta collects during use!
But they're a US company so it's ok.
Realistically what is the worst thing China is doing with your private data? Selling it? If you’re not a Chinese National, at least you don’t fall under their jurisdiction.
If you’re a U.S. citizen, with all the tech oligarchs cozying up to the current administration, I’d be a lot more concerned with Facebook/Twitter/Etc collecting your data.
Strawmanning the open source federated social media enthusiast crowd as unaware fans of meta?
The response the deepseek has been so transparent and cliched .
I thought more of Mashable. , but I suppose it’s good when they show you who they really are
I'm not American so they are indeed a foreign actor.
Nope you can't run chatgpt locally.
but it’s a foreign actor so OOooooOOWwwwooOOOO sCaRrRey!
I love that people think this is a solid own. Lest we forget Hong Kong, or an impending hot war in Taiwan or building out extradition systems with an expanding network of countries to forcibly repatriate and torture dissidents and human rights lawyers.
You used to not have to explain why authoritarianism was bad.
Edit: I would love to know the Pro side of what happened in Hong Kong, or the forced extradition regime, since evidently I'm clearly in the wrong in thinking those were bad. What am I missing?
It used to not be necessary because democracies used to have moral authority but since the revelations of Manning and Snowden non-Americans see no difference between giving our data to the USA or to China or any other. We also know from the reaction to the war in Ukraine and Gaza that human rights claims are only sometimes used.
or an impending hot war in Taiwan
When you can't even find things that China actually has done to complain about, so you have to start complaining about things they haven't done.
Anti terrorism is good, actually. I don't support people kicking seniors for speaking mandarin to try to bully a government into not prosecuting murderers in the mainland, which was the reason the protests happened (that and Washington money)
I feel safer knowing that my data is not in a country where the company can use it against me
I'm safer knowing that my data is safe at home.
I feel safer knowing that my data is not in a country where the company can use it against me
Where is this country that can't use your data against you?
In china
Nope, At least we can check DeepSeek's source code
Unlike OpenAI..... oops I meant ClosedAI
Not excusing Chinese companies but everyone does the same shit. I bet a lot of US companies that behave the same or worse will be looking for trade barriers to protect their business so their interests will be stoking fear of Chinese competitors. I don't really give a shit which country is doing it, I am not buying what they are selling.
US companies have a stranglehold on government, education and business and are getting access to my families data despite my personal objections. Far more concerned about that than a Chinese service I have no intention of using.
Deepseek can at least be self hosted if you want AI in your life. I can happily live without it.
This "China's AI is taking your data and that's bad" is shockingly similar to "TikTok is taking your data and that's bad". Lots of US counterparts do the same thing, but I don't see (as much) media coverage about that.
Don Draper: "no no no, everyone else's cigarettes are dangerous. Lucky Strikes are... toasted."
The way I think of it is, I don't live in China, so regardless of my objections to their values or human rights abuses, why would CCP or an affiliated company care about me or ruin my life on the basis of or by abusing my data? A big part of why I care about privacy is I don't want to be filtering my every thought through consideration of whether the powers that be would approve, and US companies are way more relevant to that.
Sell to the highest bidder
These the excuses you start to make when you're losing. Not looking great for the US..
I run it locally on a 4080, how do they capture my keystrokes?
Are you running a quantized model or one of the distilled ones?
No idea, have you monitored the package / container for network activity?
Perhaps this refers to other clients not running the model locally.
It doesn't. They run using stuff like Ollama or other LLM tools, all of the hobbyist ones are open source. All the model is is the inputs, node weights and connections, and outputs.
LLMs, or neural nets at large, are kind of a "black box" but there's no actual code that gets executed from the model when you run them, it's just processed by the host software based on the rules for how these work. The "black box" part is mostly because these are so complex we don't actually know exactly what it is doing or how it output answers, only that it works to a degree. It's a digital representation of analog brains.
People have also been doing a ton of hacking at it, retraining, and other modifications that would show anything like that if it could exist.
This is my total lack of surprise.
Your devices keyboard app has been collecting all of your keystrokes.
Billions of folk's keyboards are connected to the internet and the vast majority of them have no idea. It's absolutely ludicrous that we've gotten to this stage with surveillance capitalism. Internet-connected keyboards are malware, plain and simple.
Sure, but its open source and doesn't upload it anywhere. Also doesn't have internet permission
This applies to local llm too
no sh*t! now tell me, not that it's correct, but what does the chinese intelligence apparatus can do to me vs. what the u.s. intelligence apparatus (which has been collecting intelligence about me since i'm alive) can do to me?
As a queer woman in the US, I currently care infinitely more what the US gov and companies track about me than what China does.
They both can and frequently do influence the information you are exposed to on social media to influence your decision making. Not you specifically, unless you someone very important, but your demographic in a broader sence. The more data they have on you, the more effective this process is.
They both can and frequently do influence the information you are exposed to on social media to influence your decision making.
You know what they say about assertions made without evidence.
And? This anti China propaganda is falling apart.
At least its not stored on american servers.
I feel like Meta could do a ton more damage with my information than Tencent
If I’m typing into the app, is that really collecting keystrokes?
And why is that an issue? It's typing data sent to a language model. What nefarious info might they be looking for? Learning to imitate humans? Fingerprinting? Making the best virtual keyboard asmr?
If you've got nothing to hide you don't have to worry ?
edit : For clarification, i consider "If you've got nothing to hide you don't have to worry" to be a naive argument, at best, in any privacy conversation, but I'm not averse to a well-reasoned argument to the contrary.
The wording here was unclear, what i mean to ask was:
"do you believe If you've got nothing to hide you don't have to worry ?"
Boo!
No.
As opposed to Microsoft, Google, .. NSA, or GCHQ servers. Or all of the above.
Yeah, but these are wholesome domestic spy agencies that are just looking after you and protect you from yourself.
Fuck. They told me that they were storing my backups.
[stellar wind has never left the chat]
Not surprised at all why would I? Don't act like other AI services is privacy focused. It's all same. THEY ALL COLLECT DATA.
But good thing about is deepseek is you can run locally unlike Closed AI Chat GPT. No need to use shitty app.
Run it locally then
This is probably only a problem with the online version. In contrast to google and openAI they, like meta, let you download the model and run it offline, where they can't access any of this data I presume.
Right, the offline version (if you have the hardware to run it) is completely under your control, and no one can take that away from you. Honestly nice to see that happen, I thought it would take several years.
They all do this...
Don't use hosted models unless you pay for your own server space and it is encrypted.
Don't be a fucking idiot.
They all store data on Chinese servers?
Unironically quite a lot of them probably do because it's probably cheap and they have a fiduciary duty to the shareholders to gEt ThE bEsT dEaL!
🤡
If you think the American companies do anything different you're not paying attention and simply believing the propaganda.
Isn't it open source? If so it should be near trivial to get rid of all of that.
If it's closed source I wouldn't touch it with a tej foot pole, it's the same reason I rarely use chat gpt, it's just freely giving away your personal data to open AI.
other ai services do too. u might not realize it.
Anyone using DeepSeek as a service the same way proprietary LLMs like ChatGPT are used is missing the point. The game-changer isn’t that a Chinese company like DeepSeek can compete with OpenAI and its ilk—it’s that, thanks to DeepSeek, any organization with a few million dollars to train and host their own model can now compete with OpenAI.
Or open source groups can make a fully open repro of it: https://github.com/huggingface/open-r1
I'd like to look into that, how can I train an existing model further?
I'm only playing around with ollama, but like to do a bit more - mostly just to fulfill my needs to understand things - but have no idea where to start
You're going to have to learn python.
Here's a good overview: https://huggingface.co/docs/transformers/training
When you don't understand how a web app works. 🤦
Does TikTok access my wifi network? 😤
Doubtful, since it's both open source and you can run it locally. This seems more like a smear piece.
This article is about the app, which does not run the model locally. Why would you doubt that a Chinese app which openly claims they send your data to China, actually does so?